fuerchter

August 27, 2019

Hey there,

on my Android phone, I've been having weird redirects to unsafe looking ("Congratulations!") sites in it's browser recently (since at the very least August 2nd). They seem to happen very infrequently, which caused me to be kind of lazy in trying to fix it. I usually browsed what I'm assuming are safe websites (can provide examples of them and the unsafe sites, not sure if I can just post those links) as the redirects occur.

I tried running some anti virus scanners (including Malwarebytes, see "Screenshot_20190827-155852-edited.png" e.g.). Only Trend Micro's "Mobile Security & Antivirus" actually found something, a .crdownload file, which I removed from the phone, but am keeping on my main PC. A virustotal scan of that file. Since removing it though, the redirects still happened.

I cleared my Chrome's history and cache a few minutes ago, and can report back if that changed anything (as I said, the redirects are rather infrequent).

Aside from this, I have also had strange calendar entries in my Google account, similar to this. Examples of what this looks like on my end are in the attachments. The Google support post recommends setting "Automatically add invitations" to No. Doing this stops them from showing up, however I have been unable to find any emails in my inboxes that could have caused them. I searched my mails by those event titles, email address "gserviceaccount" and "(filename:ics OR filename:vcs)" for example.

I'm unsure whether these two issues are related or not.

Some version numbers on my phone, in case they're helpful:

Android: 7.0 (I have a Huawei Honor 6X, so afaik this is the most recent Android version for it)
EMUI: 5.0.3
Chrome: 76.0.3809.111
Calendar: 6.0.44-261313226-release

If I could get any help with this, I'd appreciate it.

November 30, 2012

here you go

mbar-log-2012-11-30 (12-24-04).txt

system-log.txt

November 30, 2012

Hi there

google seems to be loading terribly slow for me as of late and it redirects me to the most random sites...

Also i found an "lbbihre7.default" folder in my Firefox profiles folder, the problem occurs on IE as well though :S

mbam and dds log in the attachments

mbam-log-2012-11-30 (09-01-05).txt

dds.txt

attach.txt

June 20, 2012

otl fixed log:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\fuerchter\Downloads\cmd.bat deleted successfully.
C:\Users\fuerchter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fuerchter
->Temp folder emptied: 3706508 bytes
->Temporary Internet Files folder emptied: 65933195 bytes
->Java cache emptied: 5241013 bytes
->FireFox cache emptied: 64013171 bytes
->Flash cache emptied: 125085 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 107172913 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 607260 bytes

Total Files Cleaned = 236.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06202012_180643
Files\Folders moved on Reboot...
C:\Users\fuerchter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

I think everything works fine now again Thank you for the quick help ^^ (I actually thought I might have to format c...)

June 20, 2012

otl.txt:


OTL logfile created on: 6/20/2012 4:32:17 PM - Run 2
OTL by OldTimer - Version 3.2.50.0	 Folder = C:\Users\fuerchter\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.97 Gb Total Physical Memory | 12.12 Gb Available Physical Memory | 75.90% Memory free
31.93 Gb Paging File | 28.02 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 28.24 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1490.42 Gb Free Space | 80.00% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 2.44 Gb Free Space | 0.26% Space Free | Partition Type: NTFS
Drive G: | 3.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 3.72 Gb Total Space | 0.63 Gb Free Space | 16.80% Space Free | Partition Type: FAT32

Computer Name: FUERCHTER-PC | User Name: fuerchter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/06/20 16:31:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\fuerchter\Downloads\OTL.exe
PRC - [2012/06/15 09:23:40 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/03 00:44:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/17 02:05:26 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2012/02/15 16:03:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/13 10:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010/10/22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/15 09:23:40 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/05/03 00:44:18 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/17 02:05:26 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2012/03/17 02:05:26 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
MOD - [2012/03/17 02:05:26 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/03/17 02:05:26 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/03/17 02:05:26 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/03/17 02:05:24 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/03/17 02:05:24 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/03/17 02:05:24 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2012/03/17 02:05:24 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
MOD - [2012/03/17 02:05:22 | 011,595,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/03/17 02:05:22 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/03/17 02:05:22 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,386,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,310,272 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
MOD - [2012/03/17 02:05:18 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/03/17 02:05:16 | 000,947,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2012/03/17 02:05:14 | 001,719,296 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/03/17 02:05:14 | 001,318,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,371,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,258,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2012/03/17 02:05:14 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/03/17 02:05:12 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/03/17 02:05:10 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/03/17 02:05:08 | 001,304,576 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
MOD - [2012/03/17 02:05:08 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2012/03/17 02:05:06 | 001,235,456 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,724,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,440,832 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/03/17 02:05:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/03/17 02:05:04 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/03/17 02:05:02 | 002,285,056 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2012/03/17 02:05:02 | 001,518,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2012/03/17 02:05:02 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012/05/02 15:39:30 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:[b]64bit:[/b] - [2011/11/29 20:59:13 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2011/05/31 10:42:06 | 000,210,024 | ---- | M] (DTS) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/03/10 02:38:18 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/15 10:22:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/13 16:03:33 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/03 00:44:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/15 16:03:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/09 12:59:48 | 000,735,080 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/01/05 13:34:34 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/05/02 15:39:14 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:[b]64bit:[/b] - [2012/04/26 19:33:24 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:[b]64bit:[/b] - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/03/02 14:47:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:[b]64bit:[/b] - [2011/10/24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:[b]64bit:[/b] - [2011/09/22 10:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011/09/13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek										    ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2010/10/27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2010/10/22 03:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:[b]64bit:[/b] - [2010/10/22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:[b]64bit:[/b] - [2010/10/22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:[b]64bit:[/b] - [2010/09/21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:[b]64bit:[/b] - [2009/11/24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {E879EAFB-4ECA-489C-A54C-E4320074120B}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{E879EAFB-4ECA-489C-A54C-E4320074120B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E879EAFB-4ECA-489C-A54C-E4320074120B}
IE - HKLM\..\SearchScopes\{E879EAFB-4ECA-489C-A54C-E4320074120B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\..\SearchScopes,DefaultScope = {E879EAFB-4ECA-489C-A54C-E4320074120B}
IE - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box


[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 00:44:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2011/11/29 18:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fuerchter\AppData\Roaming\Mozilla\Extensions
[2012/05/19 10:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\extensions
[2012/01/30 15:00:18 | 000,001,328 | ---- | M] () -- C:\Users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\searchplugins\wikipedia-de.xml
[2011/11/29 18:33:15 | 000,001,330 | ---- | M] () -- C:\Users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\searchplugins\wikipedia-en.xml
[2012/06/18 11:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/18 11:38:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/19 10:26:35 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FUERCHTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LBBIHRE7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/03 00:44:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/03 08:10:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/03 08:10:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/20 15:11:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1019..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1019..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1019\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3999526270-2708618822-3717615824-1002\..Trusted Ranges: Range1 ([*] in Local intranet)
O16:[b]64bit:[/b] - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ACCC6EB-7B76-4D0B-850B-BA4DEA8B7F5B}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9678633-9F4C-418E-8270-30C7511A837C}: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/05 21:30:20 | 000,000,039 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/06/20 15:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 15:15:32 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/20 15:13:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 15:12:06 | 000,000,000 | R--D | C] -- C:\Users\fuerchter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/20 15:12:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 15:07:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\Desktop\malwarebytes
[2012/06/20 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\Desktop\kms backup
[2012/06/20 14:15:36 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\Malwarebytes
[2012/06/20 14:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 14:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/20 14:15:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/20 14:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/20 13:19:34 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\TuneUp Software
[2012/06/20 13:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/20 13:18:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/20 13:18:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/20 12:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012/06/20 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/06/18 23:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/06/18 14:21:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012/06/18 14:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/06/18 14:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/06/18 14:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/06/18 14:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/06/18 14:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/06/18 14:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/06/18 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/06/18 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/06/18 14:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/06/18 14:20:45 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\Documents\Visual Studio 2010
[2012/06/18 14:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012/06/18 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012/06/18 14:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012/06/18 14:20:18 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/06/18 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/06/18 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012/06/18 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012/06/18 00:11:42 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\8-Bit Commando
[2012/06/17 23:09:01 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\BattleJump
[2012/06/17 22:29:02 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\Voxatron
[2012/06/17 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\Sony Online Entertainment
[2012/06/17 21:50:40 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Local\SCE
[2012/06/17 21:50:40 | 000,000,000 | ---D | C] -- C:\Crash
[2012/06/15 09:24:11 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Local\Macromedia
[2012/06/13 16:19:22 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Local\Desura
[2012/06/13 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/06/13 16:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/06/13 16:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/06/13 16:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/06/13 09:57:06 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/31 15:42:29 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\Audacity
[2012/05/28 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\fuerchter\AppData\Roaming\ZombieGrinder
[2012/05/27 23:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2012/05/27 12:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KFY
[2012/05/23 17:50:09 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/23 17:50:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/23 17:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/06/20 16:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 16:12:47 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 16:12:47 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 15:12:01 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/06/20 15:11:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/20 15:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 14:15:32 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 13:18:43 | 000,872,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/20 13:18:43 | 000,718,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/20 13:18:43 | 000,146,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/20 12:21:44 | 000,000,008 | RHS- | M] () -- C:\Users\fuerchter\ntuser.pol
[2012/06/19 18:42:20 | 000,000,760 | ---- | M] () -- C:\Users\fuerchter\Desktop\Max Payne 3.lnk
[2012/06/19 18:28:57 | 000,017,408 | ---- | M] () -- C:\Users\fuerchter\AppData\Local\WebpageIcons.db
[2012/06/18 20:24:42 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/06/18 20:24:42 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/18 20:24:31 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/18 14:29:48 | 004,842,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/17 22:05:32 | 000,000,624 | ---- | M] () -- C:\Users\fuerchter\Desktop\Planetside.lnk
[2012/06/13 23:30:07 | 000,718,247 | ---- | M] () -- C:\Users\fuerchter\Desktop\fuerchter_template3.jpg
[2012/06/13 16:58:58 | 000,000,952 | ---- | M] () -- C:\Users\fuerchter\Desktop\ZombieGrinder.lnk
[2012/06/13 16:00:03 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/11 14:33:50 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012/06/02 10:33:23 | 000,072,324 | ---- | M] () -- C:\Users\fuerchter\Desktop\Image1.png
[2012/05/31 13:41:30 | 000,000,132 | ---- | M] () -- C:\Users\fuerchter\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/27 12:15:34 | 000,000,461 | ---- | M] () -- C:\Users\fuerchter\Desktop\KFY.lnk
[2012/05/24 14:00:28 | 000,000,698 | ---- | M] () -- C:\Users\fuerchter\Desktop\Dxtory.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/06/20 14:15:32 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 12:17:38 | 000,000,008 | RHS- | C] () -- C:\Users\fuerchter\ntuser.pol
[2012/06/19 18:42:20 | 000,000,760 | ---- | C] () -- C:\Users\fuerchter\Desktop\Max Payne 3.lnk
[2012/06/19 18:28:57 | 000,017,408 | ---- | C] () -- C:\Users\fuerchter\AppData\Local\WebpageIcons.db
[2012/06/17 22:05:32 | 000,000,624 | ---- | C] () -- C:\Users\fuerchter\Desktop\Planetside.lnk
[2012/06/17 22:05:32 | 000,000,624 | ---- | C] () -- C:\Users\fuerchter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Planetside.lnk
[2012/06/15 09:23:40 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 23:29:59 | 000,718,247 | ---- | C] () -- C:\Users\fuerchter\Desktop\fuerchter_template3.jpg
[2012/06/13 16:58:58 | 000,000,952 | ---- | C] () -- C:\Users\fuerchter\Desktop\ZombieGrinder.lnk
[2012/06/13 16:00:03 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Desura.lnk
[2012/06/02 10:33:23 | 000,072,324 | ---- | C] () -- C:\Users\fuerchter\Desktop\Image1.png
[2012/05/27 12:15:34 | 000,000,461 | ---- | C] () -- C:\Users\fuerchter\Desktop\KFY.lnk
[2012/05/23 17:50:12 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/23 17:48:48 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/16 10:46:55 | 000,000,056 | ---- | C] () -- C:\Users\fuerchter\AppData\Roaming\urhtps.dat
[2012/05/10 14:00:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/03/27 11:51:32 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/03/18 13:23:21 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/12 17:51:48 | 000,000,054 | ---- | C] () -- C:\Users\fuerchter\AppData\Roaming\updater.cfg
[2012/03/11 20:59:03 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/11 20:59:03 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/03/11 20:59:03 | 000,001,998 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/08 21:13:08 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012/02/27 22:11:11 | 000,001,456 | ---- | C] () -- C:\Users\fuerchter\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/29 14:44:45 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini
[2012/01/27 21:20:58 | 000,095,308 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/01/23 18:42:12 | 000,000,132 | ---- | C] () -- C:\Users\fuerchter\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/19 22:46:26 | 000,000,248 | ---- | C] () -- C:\Windows\MAPPER.INI
[2012/01/12 12:47:22 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{cf54c654-4c24-cdf7-b48b-2fdcf653588b}\@
[2012/01/12 12:47:22 | 000,002,048 | -HS- | C] () -- C:\Users\fuerchter\AppData\Local\{cf54c654-4c24-cdf7-b48b-2fdcf653588b}\@
[2012/01/08 18:50:13 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/25 17:13:39 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011/12/25 17:13:39 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011/12/22 19:28:46 | 000,007,606 | ---- | C] () -- C:\Users\fuerchter\AppData\Local\Resmon.ResmonCfg
[2011/12/18 19:04:52 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/12/18 19:04:47 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/12/17 13:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/16 20:05:42 | 000,000,488 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/12/03 21:06:58 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/11/30 20:02:37 | 000,764,698 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/30 16:33:54 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/11/30 16:33:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/29 17:07:16 | 000,030,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/25 11:53:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/28 11:53:01 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe

[color=#E56717]========== LOP Check ==========[/color]

[2011/12/17 23:41:12 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\2K Sports
[2012/06/18 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\8-Bit Commando
[2012/05/31 15:53:08 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Audacity
[2011/11/29 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Autodesk
[2012/06/17 23:09:01 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\BattleJump
[2011/11/30 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\bizarre creations
[2012/02/18 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Canneverbe Limited
[2012/03/02 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\DAEMON Tools Lite
[2012/05/06 11:01:05 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\DarknessII
[2012/02/06 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\DarknessIIDemo
[2012/03/10 01:44:23 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Doublefine
[2012/04/10 15:16:49 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Downloaded Installations
[2012/04/15 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Duel
[2011/12/02 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\FatShark
[2012/01/18 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\fltk.org
[2012/04/13 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\HLSW
[2012/02/13 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\KillProcess
[2012/05/02 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Leadertech
[2012/05/04 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\LoneSurvivor
[2012/04/21 20:24:03 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\LucasArts
[2012/05/23 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Mumble
[2012/01/02 18:01:46 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Opera
[2011/12/03 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Origin
[2011/12/11 21:43:12 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Publish Providers
[2012/04/11 15:12:07 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\QuickScan
[2012/05/12 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Red Alert 3
[2012/03/12 17:51:43 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Red Giant Link
[2011/12/20 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Residual
[2012/01/22 14:11:21 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\ScummVM
[2012/03/11 18:11:44 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Sony
[2011/12/20 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Sony Creative Software Inc
[2012/06/17 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Sony Online Entertainment
[2011/12/14 20:14:52 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\TeamViewer
[2011/12/08 17:14:29 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Trine2
[2012/06/19 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\TS3Client
[2012/06/20 13:19:34 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\TuneUp Software
[2012/02/09 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Tunngle
[2012/05/16 10:46:54 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\UAs
[2012/05/12 13:04:26 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\VertexDispenser
[2012/06/17 22:29:02 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\Voxatron
[2012/02/24 14:30:54 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\X-Chat 2
[2012/05/28 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\fuerchter\AppData\Roaming\ZombieGrinder
[2012/05/05 10:21:09 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

< End of report >

The program didn't create an extras.txt though?! :blink:

June 20, 2012

After running Combofix my internet connection seems very inconsistent (sometimes i can load webpages within no time and other times they won't load at all). I do have WLAN but it does seem awfully irregular to me. ESET (just until now) couldn't even download the newest update (virus signature database).

The Firewall and Desktop icon problems seemed to be fixed after running Combofix though. Thanks for that so far

eset log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 02:02:47
# local_time=2012-06-20 04:02:47 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 13556803 13556803 0 0
# compatibility_mode=5893 16776574 100 94 0 91829258 0 0
# compatibility_mode=8192 67108863 100 0 294 294 0 0
# scanned=246138
# found=1
# cleaned=1
# scan_time=1559
C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd4e302a58a77b.0000 Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

June 20, 2012

combofix.txt:


ComboFix 12-06-19.03 - fuerchter 06/20/2012  15:08:38.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.16351.13399 [GMT 2:00]
ausgeführt von:: c:\users\fuerchter\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1334149820.bdinstall.bin
c:\programdata\1334153609.bdinstall.bin
c:\programdata\Rotion
c:\programdata\Rotion\achs.rot
c:\programdata\Rotion\rotion.cfg
c:\users\fuerchter\AppData\Roaming\Coop
c:\users\fuerchter\AppData\Roaming\Coop\score.sav
c:\users\fuerchter\AppData\Roaming\Love
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\1-1.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\1-2.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\1-3.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\1-4.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\2-1.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\icon.png
c:\users\fuerchter\AppData\Roaming\Love\mari0\mappacks\Partners in Science\settings.txt
c:\users\fuerchter\AppData\Roaming\Love\mari0\options.txt
c:\users\fuerchter\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\fuerchter\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\fuerchter\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\drivers\str.sys
c:\windows\SysWow64\tmp5CFD.tmp
c:\windows\SysWow64\tmp5CFE.tmp
c:\windows\SysWow64\tmp6F97.tmp
c:\windows\SysWow64\tmp6F98.tmp
c:\windows\SysWow64\tmpB416.tmp
c:\windows\SysWow64\tmpB417.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-20 13:10 . 2012-06-20 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 12:15 . 2012-06-20 12:15 -------- d-----w- c:\users\fuerchter\AppData\Roaming\Malwarebytes
2012-06-20 12:15 . 2012-06-20 12:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 12:15 . 2012-06-20 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-20 12:15 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 11:19 . 2012-06-20 11:19 -------- d-----w- c:\users\fuerchter\AppData\Roaming\TuneUp Software
2012-06-20 11:18 . 2012-06-20 12:30 -------- d-----w- c:\programdata\TuneUp Software
2012-06-20 11:18 . 2012-06-20 11:18 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-20 11:18 . 2012-06-20 11:18 -------- d--h--w- c:\programdata\Common Files
2012-06-20 10:57 . 2011-09-22 19:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-06-20 10:57 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57 . 2012-06-20 10:57 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-06-20 10:57 . 2012-06-20 10:57 -------- d-----w- c:\program files\Microsoft.NET
2012-06-20 10:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-20 10:25 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-20 10:25 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 10:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-20 10:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-20 10:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-20 10:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-20 10:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-20 10:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-20 10:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-20 10:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-18 12:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-18 12:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-18 12:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-18 12:23 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-18 12:23 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-18 12:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 12:23 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 12:23 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-18 12:21 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21 . 2012-06-18 12:21 -------- d-----w- c:\windows\system32\RsFx
2012-06-18 12:21 . 2012-06-18 12:21 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-06-18 12:21 . 2012-06-18 12:21 -------- d-----w- c:\windows\SysWow64\1033
2012-06-18 12:21 . 2012-06-18 12:21 -------- d-----w- c:\windows\system32\1033
2012-06-18 12:21 . 2012-06-20 10:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-06-18 12:21 . 2012-06-20 10:57 -------- d-----w- c:\program files\Microsoft SQL Server
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-06-18 12:20 . 2012-06-20 10:58 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\windows\symbols
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-06-18 12:20 . 2012-06-18 12:20 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-06-17 22:11 . 2012-06-17 22:13 -------- d-----w- c:\users\fuerchter\AppData\Roaming\8-Bit Commando
2012-06-17 21:09 . 2012-06-17 21:09 -------- d-----w- c:\users\fuerchter\AppData\Roaming\BattleJump
2012-06-17 20:29 . 2012-06-17 20:29 -------- d-----w- c:\users\fuerchter\AppData\Roaming\Voxatron
2012-06-17 20:08 . 2012-06-17 20:08 -------- d-----w- c:\users\fuerchter\AppData\Roaming\Sony Online Entertainment
2012-06-17 19:50 . 2012-06-17 19:50 -------- d-----w- c:\users\fuerchter\AppData\Local\SCE
2012-06-17 19:50 . 2012-06-17 19:50 -------- d-----w- C:\Crash
2012-06-15 07:24 . 2012-06-15 07:24 -------- d-----w- c:\users\fuerchter\AppData\Local\Macromedia
2012-06-13 14:19 . 2012-06-13 14:19 -------- d-----w- c:\users\fuerchter\AppData\Local\Desura
2012-06-13 14:03 . 2012-06-13 14:03 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-06-13 14:00 . 2012-06-13 14:00 -------- d-----w- c:\programdata\Desura
2012-06-13 14:00 . 2012-06-13 17:25 -------- d-----w- c:\program files (x86)\Desura
2012-06-13 07:57 . 2012-06-13 07:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-31 13:42 . 2012-05-31 13:53 -------- d-----w- c:\users\fuerchter\AppData\Roaming\Audacity
2012-05-30 11:59 . 2012-05-30 11:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-27 22:24 . 2012-05-27 22:25 -------- d-----w- c:\users\fuerchter\AppData\Roaming\ZombieGrinder
2012-05-27 21:50 . 2012-05-27 21:50 -------- d-----w- c:\programdata\OUTLAWS
2012-05-23 15:50 . 2012-06-19 16:15 -------- d-----w- c:\users\UpdatusUser
2012-05-23 15:50 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-23 15:50 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-23 15:50 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-23 15:50 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-23 15:50 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-23 15:50 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-23 15:50 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-23 15:50 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-23 15:50 . 2012-05-23 15:50 -------- d-----w- c:\programdata\NVIDIA Corporation
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 18:24 . 2012-01-08 16:50 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-18 18:24 . 2011-12-03 16:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-18 18:24 . 2011-11-30 14:34 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-15 08:22 . 2012-03-30 04:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 08:22 . 2012-01-15 13:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 13:39 . 2012-03-08 19:13 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-05-02 13:39 . 2012-03-08 19:13 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-05-02 11:21 . 2012-05-02 11:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-26 17:33 . 2012-04-26 17:33 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2012-04-21 09:33 . 2012-04-21 09:33 49152 ----a-r- c:\users\fuerchter\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut8_917E73C2C7DA4C129774A6A2730BCAAB.exe
2012-04-21 09:33 . 2012-04-21 09:33 49152 ----a-r- c:\users\fuerchter\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut2_5AF90193CBA147C0B255378E5E8C61DE.exe
2012-04-21 09:33 . 2012-04-21 09:33 49152 ----a-r- c:\users\fuerchter\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut1_5AF90193CBA147C0B255378E5E8C61DE.exe
2012-04-21 09:33 . 2012-04-21 09:33 49152 ----a-r- c:\users\fuerchter\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\ARPPRODUCTICON.exe
2012-03-30 11:35 . 2012-05-09 07:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\users\ADMINI~1\AppData\Local\Temp\HWiNFO64A.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257696]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-13 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-09 735080]
R4 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-29 1436424]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R4 iryevdxwnpjiwwi;iryevdxwnpjiwwi;c:\users\FUERCH~1\AppData\Local\Temp\DAT2219.tmp.exe [x]
R4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-05-02 168864]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20  15:13:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-20 13:13
.
Vor Suchlauf: 28,837,412,864 bytes free
Nach Suchlauf: 29,469,192,192 bytes free
.
- - End Of File - - 35A1816D2BB2D6BFFC9B6126718CDCBD

i'm sorry the log is in german, can i change that???

June 20, 2012

tdsskiller log is in the attachments (it was too long)

mbam-log-2012-06-20 (14-47-24):


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
fuerchter :: FUERCHTER-PC [administrator]
Protection: Enabled
6/20/2012 2:47:24 PM
mbam-log-2012-06-20 (14-47-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231657
Time elapsed: 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

dds:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.1.0
Run by fuerchter at 14:49:06 on 2012-06-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.16351.13243 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\WireHelpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = fritz.box
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2ACCC6EB-7B76-4D0B-850B-BA4DEA8B7F5B} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{E9678633-9F4C-418E-8270-30C7511A837C} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:	 AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64:	 IESpeakDoc - No File
BHO-X64: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:	 SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64:	 URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-20 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-3-8 168864]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe --> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-6-13 131912]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 fwlanusb4;FRITZ!WLAN N/G;C:\Windows\system32\DRIVERS\fwlanusb4.sys --> C:\Windows\system32\DRIVERS\fwlanusb4.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-1-27 735080]
S4 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2012-1-9 210024]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-29 1436424]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-25 13592]
S4 iryevdxwnpjiwwi;iryevdxwnpjiwwi;"C:\Users\FUERCH~1\AppData\Local\Temp\DAT2219.tmp.exe" --SERVICE --> C:\Users\FUERCH~1\AppData\Local\Temp\DAT2219.tmp.exe [?]
S4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-20 12:15:36 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Malwarebytes
2012-06-20 12:15:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-20 12:15:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-20 12:15:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-20 11:19:34 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\TuneUp Software
2012-06-20 11:18:59 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-20 11:18:56 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-20 11:18:56 -------- d--h--w- C:\ProgramData\Common Files
2012-06-20 10:57:37 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57:37 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57:37 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2012-06-20 10:25:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-20 10:25:05 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-20 10:25:05 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-20 10:25:04 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-20 10:25:04 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-20 10:25:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-20 10:25:02 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-20 10:25:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-20 10:25:02 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-20 10:25:02 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-20 10:25:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-18 12:24:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-18 12:24:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-18 12:24:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-18 12:23:58 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-18 12:23:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-18 12:23:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-18 12:23:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-18 12:23:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-18 12:21:52 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21:52 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21:41 -------- d-----w- C:\Windows\System32\RsFx
2012-06-18 12:21:32 -------- d-----w- C:\Windows\SysWow64\1033
2012-06-18 12:21:32 -------- d-----w- C:\Windows\System32\1033
2012-06-18 12:21:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-06-18 12:21:04 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-06-18 12:20:49 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-06-18 12:20:49 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-06-18 12:20:48 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-18 12:20:46 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-18 12:20:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-06-18 12:20:28 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-06-18 12:20:18 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-06-18 12:20:18 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-06-17 22:11:42 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\8-Bit Commando
2012-06-17 21:09:01 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\BattleJump
2012-06-17 20:55:18 -------- d-----w- C:\ProgramData\Rotion
2012-06-17 20:29:02 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Voxatron
2012-06-17 20:08:17 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Sony Online Entertainment
2012-06-17 19:50:40 -------- d-----w- C:\Users\fuerchter\AppData\Local\SCE
2012-06-17 19:50:40 -------- d-----w- C:\Crash
2012-06-15 07:24:11 -------- d-----w- C:\Users\fuerchter\AppData\Local\Macromedia
2012-06-13 14:19:22 -------- d-----w- C:\Users\fuerchter\AppData\Local\Desura
2012-06-13 14:03:38 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-06-13 14:00:05 -------- d-----w- C:\ProgramData\Desura
2012-06-13 14:00:03 -------- d-----w- C:\Program Files (x86)\Desura
2012-06-13 07:57:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-30 11:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-27 22:24:46 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\ZombieGrinder
2012-05-27 22:09:43 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Coop
2012-05-27 21:50:27 -------- d-----w- C:\ProgramData\OUTLAWS
2012-05-23 15:50:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-23 15:50:12 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-23 15:50:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-23 15:50:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-23 15:50:12 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-23 15:50:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-23 15:50:09 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-23 15:50:09 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-23 15:50:05 -------- d-----w- C:\ProgramData\NVIDIA Corporation
.
==================== Find3M  ====================
.
2012-06-18 18:24:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-18 18:24:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-18 18:24:31 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-15 08:22:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 08:22:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-17 15:19:24 172090 ----a-w- C:\Windows\SysWow64\drivers\str.sys
2012-05-02 13:39:30 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
2012-05-02 13:39:14 147472 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys
2012-05-02 11:21:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-04-26 17:33:24 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-11 14:14:27 100778 ----a-w- C:\ProgramData\1334153609.bdinstall.bin
2012-04-11 13:17:47 247646 ----a-w- C:\ProgramData\1334149820.bdinstall.bin
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 14:49:17.02 ===============

TDSSKiller.2.7.40.0_20.06.2012_14.43.48_log.txt

Attach.txt

June 20, 2012

mbam-log-2012-06-20 (14-18-12):


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.20.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
fuerchter :: FUERCHTER-PC [administrator]
Protection: Enabled
6/20/2012 2:16:49 PM
mbam-log-2012-06-20 (14-18-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231734
Time elapsed: 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> No action taken.
(end)

dds:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.1.0
Run by fuerchter at 14:24:14 on 2012-06-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.16351.13182 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\WireHelpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = fritz.box
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2ACCC6EB-7B76-4D0B-850B-BA4DEA8B7F5B} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{E9678633-9F4C-418E-8270-30C7511A837C} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:	 AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64:	 IESpeakDoc - No File
BHO-X64: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:	 SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64:	 URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fuerchter\AppData\Roaming\Mozilla\Firefox\Profiles\lbbihre7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-20 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-3-8 168864]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-8 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe --> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-6-13 131912]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 fwlanusb4;FRITZ!WLAN N/G;C:\Windows\system32\DRIVERS\fwlanusb4.sys --> C:\Windows\system32\DRIVERS\fwlanusb4.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-1-27 735080]
S4 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2012-1-9 210024]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-29 1436424]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-25 13592]
S4 iryevdxwnpjiwwi;iryevdxwnpjiwwi;"C:\Users\FUERCH~1\AppData\Local\Temp\DAT2219.tmp.exe" --SERVICE --> C:\Users\FUERCH~1\AppData\Local\Temp\DAT2219.tmp.exe [?]
S4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-20 12:15:36 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Malwarebytes
2012-06-20 12:15:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-20 12:15:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-20 12:15:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-20 11:19:37 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-06-20 11:19:36 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-06-20 11:19:36 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-06-20 11:19:34 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\TuneUp Software
2012-06-20 11:19:33 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-06-20 11:18:59 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-20 11:18:56 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-20 11:18:56 -------- d--h--w- C:\ProgramData\Common Files
2012-06-20 10:57:37 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57:37 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-20 10:57:37 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2012-06-20 10:25:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-20 10:25:05 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-20 10:25:05 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-20 10:25:04 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-20 10:25:04 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-20 10:25:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-20 10:25:02 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-20 10:25:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-20 10:25:02 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-20 10:25:02 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-20 10:25:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-18 12:24:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-18 12:24:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-18 12:24:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-18 12:23:58 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-18 12:23:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-18 12:23:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-18 12:23:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-18 12:23:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-18 12:21:52 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21:52 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-06-18 12:21:41 -------- d-----w- C:\Windows\System32\RsFx
2012-06-18 12:21:32 -------- d-----w- C:\Windows\SysWow64\1033
2012-06-18 12:21:32 -------- d-----w- C:\Windows\System32\1033
2012-06-18 12:21:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-06-18 12:21:04 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-06-18 12:20:49 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-06-18 12:20:49 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-06-18 12:20:48 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-18 12:20:46 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-06-18 12:20:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-06-18 12:20:28 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-06-18 12:20:18 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-06-18 12:20:18 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-06-17 22:11:42 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\8-Bit Commando
2012-06-17 21:09:01 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\BattleJump
2012-06-17 20:55:18 -------- d-----w- C:\ProgramData\Rotion
2012-06-17 20:29:02 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Voxatron
2012-06-17 20:08:17 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Sony Online Entertainment
2012-06-17 19:50:40 -------- d-----w- C:\Users\fuerchter\AppData\Local\SCE
2012-06-17 19:50:40 -------- d-----w- C:\Crash
2012-06-15 07:24:11 -------- d-----w- C:\Users\fuerchter\AppData\Local\Macromedia
2012-06-13 14:19:22 -------- d-----w- C:\Users\fuerchter\AppData\Local\Desura
2012-06-13 14:03:38 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-06-13 14:00:05 -------- d-----w- C:\ProgramData\Desura
2012-06-13 14:00:03 -------- d-----w- C:\Program Files (x86)\Desura
2012-06-13 07:57:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-30 11:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-27 22:24:46 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\ZombieGrinder
2012-05-27 22:09:43 -------- d-----w- C:\Users\fuerchter\AppData\Roaming\Coop
2012-05-27 21:50:27 -------- d-----w- C:\ProgramData\OUTLAWS
2012-05-23 15:50:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-23 15:50:12 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-23 15:50:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-23 15:50:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-23 15:50:12 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-23 15:50:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-23 15:50:09 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-23 15:50:09 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-23 15:50:05 -------- d-----w- C:\ProgramData\NVIDIA Corporation
.
==================== Find3M  ====================
.
2012-06-18 18:24:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-18 18:24:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-18 18:24:31 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-15 08:22:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 08:22:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-17 15:19:24 172090 ----a-w- C:\Windows\SysWow64\drivers\str.sys
2012-05-02 13:39:30 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
2012-05-02 13:39:14 147472 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys
2012-05-02 11:21:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-04-26 17:33:24 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-11 14:14:27 100778 ----a-w- C:\ProgramData\1334153609.bdinstall.bin
2012-04-11 13:17:47 247646 ----a-w- C:\ProgramData\1334149820.bdinstall.bin
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 14:24:25.00 ===============

Also my desktop started behaving weird. Whenever I refresh it or restart my computer the icons are sorted by name even though "Auto arrange icons" is not ticked?!

Attach.txt

June 20, 2012

yesterday I noticed that my Windows Firewall service was stopped and I couldn't even turn it on through the Control Panel (error 08x007042c). Going to the advanced settings I got error 0x6D9. I googled the topic and on some pages there were solutions which seemed to help most people BUT me.

this for example

I further read that this might be because of a virus but first wanted to try the other solutions people offered.

Now I downloaded a Kaspersky trial and it found the Zero Access Rootkit which was mentioned a couple of times in relation to my problem.

Kaspersky apparently deleted the files but the Firewall service still won't start.

What can I try to do to get out of this situation?

greetings

Sign In

fuerchter

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by fuerchter

Android Chrome redirects, Unknown calendar entries

Redirect Virus

Redirect Virus

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Zero Access Rootkit? Can't turn on Windows Firewall

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information