Jump to content

Recommended Posts

Hello everybody!

I am new to this whole pc-support stuff, but because of an infection with this security shield thing I really need help.

I read a lot of posts regarding this topic but somehow I still dont know what exactly I should do (the reason could be that I am not a pro on this things).

So, here what I have done already:

My netbook (Windows 7) is protected with Avira free.

I got infected with security shield several hours ago.

I run a quick scan with Malwarebytes with no success (I started it as administrator, with the right mouse button).

Then I ran a full scan (again as administrator) and again with no success. Here is the log (it is german, next time it will be english):

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Datenbank Version: v2012.05.23.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Juicy :: JUICY-PC [Administrator]

23.05.2012 12:51:53

mbam-log-2012-05-23 (12-51-53).txt

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 312929

Laufzeit: 2 Stunde(n), 43 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

(Ende)

So what should I do now?

Thx for help!

I figured out that an OTL-Report would be good. So here it comes:

OTL logfile created on: 23.05.2012 16:18:31 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Juicy\Desktop

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: österreich | Language: DEA | Date Format: dd.MM.yyyy

1013,42 Mb Total Physical Memory | 99,83 Mb Available Physical Memory | 9,85% Memory free

1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,58% Paging File free

Paging file location(s): c:\pagefile.sys 1024 1519 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 187,67 Gb Total Space | 131,99 Gb Free Space | 70,33% Space Free | Partition Type: NTFS

Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,81% Space Free | Partition Type: NTFS

Computer Name: JUICY-PC | User Name: Juicy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Juicy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

PRC - C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

PRC - C:\Program Files\3DataManager\WTGService.exe ()

PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)

PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)

PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0c447058de2f65f3171b8319f8fc82da\IAStorUtil.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\38c9cbb7952c95b61bbb71da4ae34132\System.Web.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d37b6a5c0576b73e54e2027ea1eaf940\System.Runtime.Remoting.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\83e458608b378f731aa9012699f617b7\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b0d74eb668abfab0a0b82bbc568774e0\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c15cee9d52b4b9a8eaa2f6ae331a8b41\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files\MediaMonkey\DeskPlayer.dll ()

MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()

MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

SRV - (WTGService) -- C:\Program Files\3DataManager\WTGService.exe ()

SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)

SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)

SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)

SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)

SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)

DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )

DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)

DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)

DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows ® Codename Longhorn DDK provider)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)

DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/

IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes\{3E68E58E-C028-4A1E-8E17-6B6D4A8A5BE8}: "URL" = http://www.google.de...q={searchTerms}

IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.at"

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=0726d691-f86f-4d45-be62-bd8669bee9c3&apn_ptnrs=%5EABV&apn_sauid=C42E46BB-EB87-4F27-B9E6-F985C2988826&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2011.10.14 22:18:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 22:15:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.09 10:43:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.18 19:56:45 | 000,000,000 | ---D | M]

[2011.07.29 10:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juicy\AppData\Roaming\mozilla\Extensions

[2012.05.04 21:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juicy\AppData\Roaming\mozilla\Firefox\Profiles\rpvrr15r.default\extensions

[2011.12.29 00:51:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Juicy\AppData\Roaming\mozilla\Firefox\Profiles\rpvrr15r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2011.12.29 00:51:43 | 000,003,915 | ---- | M] () -- C:\Users\Juicy\AppData\Roaming\Mozilla\Firefox\Profiles\rpvrr15r.default\searchplugins\sweetim.xml

[2012.02.02 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.01.01 15:36:14 | 000,023,197 | ---- | M] () (No name found) -- C:\USERS\JUICY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RPVRR15R.DEFAULT\EXTENSIONS\{9FB8C270-7124-11DD-AD8B-0800200C9A66}.XPI

[2012.05.09 10:43:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.18 21:51:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.18 21:51:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.18 21:51:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.18 21:51:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.18 21:51:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.18 21:51:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.130.1.11 131.130.1.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943903A4-F2F5-45BA-8BA8-AF23D6AC1D82}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C475DFE7-1129-4350-914A-49A78694A7B2}: DhcpNameServer = 131.130.1.11 131.130.1.12

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2e18bb2e-b9eb-11e0-b340-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{2e18bb2e-b9eb-11e0-b340-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{2e18bb47-b9eb-11e0-b340-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{2e18bb47-b9eb-11e0-b340-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{62b06759-e067-11e0-89b3-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{62b06759-e067-11e0-89b3-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8f671212-babe-11e0-8b10-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{8f671212-babe-11e0-8b10-90004eac7adf}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d4b93950-b9da-11e0-af2d-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{d4b93950-b9da-11e0-af2d-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{d4b93960-b9da-11e0-af2d-90004eac7adf}\Shell - "" = AutoRun

O33 - MountPoints2\{d4b93960-b9da-11e0-af2d-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.23 16:15:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Juicy\Desktop\OTL.exe

[2012.05.23 12:22:26 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\Malwarebytes

[2012.05.23 12:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.23 12:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.23 12:21:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012.05.23 12:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.23 12:15:22 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Juicy\Desktop\mbam-setup.exe

[2012.05.23 10:26:38 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{761D8A4D-174C-48FD-A636-95D1A6B1E10B}

[2012.05.23 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{645D56EE-C9AD-4861-BB15-2A76B46F5BF8}

[2012.05.22 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{D463B601-8B79-4BBA-9462-A516772BE417}

[2012.05.22 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5BCF0B84-DDA8-45EE-8618-04B8A81F73F7}

[2012.05.21 19:47:43 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{40DC2E45-2027-4432-9919-EFEC96BEB59D}

[2012.05.21 19:47:31 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2C3C09C2-D58A-4AE9-A6D3-380F3A1C3654}

[2012.05.21 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BA42D824-1DC9-46C6-8834-2AE42FC499EF}

[2012.05.21 17:52:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5E0304DD-CEB1-41F7-AF5C-099DF88B1FED}

[2012.05.20 18:56:39 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5CEA6D87-2FB9-4856-A153-FDBDE0D72D94}

[2012.05.20 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{478824B3-BDC0-4DBF-B6C6-06A3EEDF9B12}

[2012.05.20 10:58:54 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{065DFD12-B810-445F-9839-51246DE4C0AF}

[2012.05.20 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{3D3E54A1-A3E2-4641-907C-4E3AF4F594C1}

[2012.05.19 23:57:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AE15629-B652-4166-B39D-7EE8B3F9D19C}

[2012.05.19 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{94FFD712-9F98-4A7C-B125-60E089717460}

[2012.05.19 09:42:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{F1C7EB19-1A85-470E-B0AD-081C13E59DFD}

[2012.05.19 09:42:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{66680BD6-0E0F-41EA-B203-446CBBFE20FC}

[2012.05.18 11:34:28 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7C23ED49-D94C-4672-92B8-64264325A24A}

[2012.05.18 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E0DA6B36-CF83-423B-A048-66056E38A556}

[2012.05.17 13:04:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A8FCF420-7DB1-49A4-B2D2-E6D9FAAD849E}

[2012.05.17 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{B4EC4A7D-649E-4CFC-B5F1-CAF6C530DBCD}

[2012.05.16 20:04:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{AB3B9F11-B20B-4772-9BC0-5CDDCE1ACE8C}

[2012.05.16 20:04:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7D833CC9-1169-48D0-89A8-96804CAF3030}

[2012.05.16 09:54:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{1D401F21-CC78-4EBC-8ADD-37178613D744}

[2012.05.16 09:54:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{73C8A819-D6B5-4832-B274-A929B2DE41FF}

[2012.05.15 20:52:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C87AF449-F75A-40B5-A183-3CA0FDFA6D53}

[2012.05.15 20:52:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A4C71B83-6457-4031-BF3C-F83C582B759D}

[2012.05.15 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{73AF1CE3-DECD-4B4D-94E3-C4EFCF2CE2C3}

[2012.05.15 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AFE5BD9-6715-4C78-A001-7203D952C5F5}

[2012.05.15 09:57:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{90F16210-02A3-4FFF-AA63-439B1F4F14BB}

[2012.05.15 09:57:33 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{CF304B2D-BBDE-4D6D-96AA-A8AEA74B4964}

[2012.05.14 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EA487E4B-B249-4A25-84D8-FC666FB0F657}

[2012.05.14 16:34:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C6D30CD2-DA36-454C-9B2E-6D9FF8DC1341}

[2012.05.14 12:16:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\PDF24

[2012.05.14 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.05.14 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24

[2012.05.14 09:57:57 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{9EBD3C77-DEF3-487C-930D-D7DAA1203547}

[2012.05.14 09:57:41 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{036151DE-167C-4219-82C8-82C7C8365D8D}

[2012.05.14 09:33:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\Avira

[2012.05.14 09:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.05.14 09:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012.05.14 09:25:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys

[2012.05.14 09:25:08 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2012.05.14 09:25:08 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[2012.05.14 09:25:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys

[2012.05.14 09:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.05.14 09:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.05.14 08:40:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BCDEE16A-3342-42A8-BDFA-33A8A1F41BE0}

[2012.05.14 08:40:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BD0F79EB-208D-498E-8463-9C827FD63A96}

[2012.05.13 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\OpenOffice.org

[2012.05.13 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\Juicy\Desktop\DA

[2012.05.13 22:46:21 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4

[2012.05.13 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012.05.13 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Juicy\Desktop\OpenOffice.org 3.4 (de) Installation Files

[2012.05.13 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7538AB63-3F70-473E-9370-FD3ED7EFFCC8}

[2012.05.13 22:02:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6D5C176D-A458-4CA7-AD84-59332D568504}

[2012.05.12 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{0BA23DBE-1E54-425E-B783-712AFE5530E9}

[2012.05.12 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{511CC2D9-C3CF-44C1-90EE-C9100285B397}

[2012.05.12 21:31:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe

[2012.05.12 21:31:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe

[2012.05.12 21:31:18 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys

[2012.05.12 21:28:37 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll

[2012.05.12 18:04:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BB233904-A98D-4ECB-A848-370FB278DFC9}

[2012.05.12 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{779EE5A7-EA7D-4A04-B061-B412BB8F8010}

[2012.05.12 08:25:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{FCAD2301-8FAE-4456-ABB5-C4A2D2363D07}

[2012.05.12 08:25:31 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{27636C95-2F4C-491F-86BE-59D1260D99D3}

[2012.05.10 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2FB005A9-39CD-4C8E-9DC2-B78AE3505E90}

[2012.05.10 10:26:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7875E59D-06BF-4249-8548-31423F6C3263}

[2012.05.09 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7DFDAB60-6A16-4941-A122-729CB4AFFE57}

[2012.05.09 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{3740C04E-5F3F-4488-9953-72CA9F0DDAA5}

[2012.05.09 14:53:04 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E1630A6C-3BB8-498B-A1EB-02A339E92205}

[2012.05.09 10:47:09 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{B39567BC-EEB8-47EE-803C-D790D500C8DA}

[2012.05.09 10:46:57 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6A6F5925-6626-4B70-99A3-DDC7B6CD5A05}

[2012.05.09 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.05.09 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.05.08 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{1B4ADE25-577B-4E46-9F5E-F2E7A12E40DB}

[2012.05.08 12:23:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6D5AAB65-A397-44AC-B548-B5562DC071B9}

[2012.05.07 19:11:07 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EC841E14-241F-4D8E-9C23-C4B99E1A41B0}

[2012.05.07 19:11:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5E01F8A2-FAB4-48BF-8262-2B57CECC2809}

[2012.05.06 11:38:55 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{607B453D-3AA9-4704-A40D-D9F5DFF749EC}

[2012.05.06 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EE9A4693-D22C-4FF8-A68F-92ADB049173A}

[2012.05.05 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6A981DAC-46C6-4BFD-A1CE-4CB329AF18A4}

[2012.05.05 19:24:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7CAFE791-1EFE-4F8F-8877-DD2DC99BF5CC}

[2012.05.04 23:54:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7945C470-0D83-4E55-B1C0-7FC1A5AA0052}

[2012.05.04 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{895EE7CE-B592-4F77-A7F8-7C23833687A5}

[2012.05.01 21:48:18 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{87584406-CAFE-4AD0-A874-A9FE3ECD83E6}

[2012.05.01 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{38CF1645-3C3F-4BCB-866A-E262E8168D33}

[2012.05.01 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{9F46CDEC-BFC3-4357-97CB-71DE6B91216A}

[2012.05.01 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{706F7244-1100-4D56-A37D-769DA77E6F65}

[2012.05.01 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{F4480541-9663-4EB0-AAA5-85042CAECFD1}

[2012.05.01 15:29:33 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{197C2AC1-4ADC-4584-98A2-3DCD791D6936}

[2012.05.01 09:46:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{8E982E04-F587-4B12-B955-A736793D7AC2}

[2012.05.01 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{8166861F-3579-4478-B832-B897750E78D1}

[2012.04.30 19:42:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E155EC7F-7E30-42F3-AA74-7F7B1E47810D}

[2012.04.30 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{47C314F8-9CAD-41BA-95D0-BB0BA1109A84}

[2012.04.30 14:24:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AFAE94C-23C3-4B6F-BBFD-C31D4E211854}

[2012.04.30 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{586BE1ED-1D4F-46B5-991E-ABAFBF2D8155}

[2012.04.30 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{D1E7B34B-03DD-43BE-BE46-0E88E6BCA5FC}

[2012.04.30 10:08:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C75A87A3-B8E8-4E60-A359-2CB6529EE6CF}

[2012.04.30 10:08:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2F9B6FAB-D5C0-44F7-97A7-6CF7E14EDE7F}

[2012.04.29 15:57:54 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A639543D-2B27-420A-8C2C-59BE064FD4DD}

[2012.04.29 12:23:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2012.04.29 12:23:20 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll

[2012.04.29 12:23:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2012.04.29 12:23:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll

[2012.04.29 12:23:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2012.04.29 12:23:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl

[2012.04.29 12:00:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll

[2012.04.29 12:00:40 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll

[2012.04.29 12:00:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe

[2012.04.29 12:00:39 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll

[2012.04.29 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7780A144-ACFC-49FC-8A8C-63DA7A632054}

[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\Juicy\Desktop\*.tmp files -> C:\Users\Juicy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.23 16:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Juicy\Desktop\OTL.exe

[2012.05.23 16:02:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2012.05.23 12:28:17 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 12:28:17 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 12:25:36 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.05.23 12:25:36 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.05.23 12:25:36 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.05.23 12:25:36 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.05.23 12:21:54 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.23 12:19:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.05.23 12:19:10 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.23 12:15:46 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Juicy\Desktop\mbam-setup.exe

[2012.05.23 11:20:17 | 000,376,320 | ---- | M] () -- C:\Users\Juicy\AppData\Local\rskddtc.exe

[2012.05.14 12:15:39 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.05.14 12:15:38 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.05.14 09:26:09 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.05.14 08:36:21 | 000,298,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012.05.13 23:11:28 | 000,007,605 | ---- | M] () -- C:\Users\Juicy\AppData\Local\resmon.resmoncfg

[2012.05.13 22:46:25 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk

[2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys

[2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\Juicy\Desktop\*.tmp files -> C:\Users\Juicy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.23 12:21:54 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.23 11:20:17 | 000,376,320 | ---- | C] () -- C:\Users\Juicy\AppData\Local\rskddtc.exe

[2012.05.14 12:15:39 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.05.14 12:15:38 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.05.14 09:26:09 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.05.13 23:10:23 | 000,007,605 | ---- | C] () -- C:\Users\Juicy\AppData\Local\resmon.resmoncfg

[2012.05.13 22:46:25 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk

[2011.10.20 23:49:22 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat

[2011.07.30 00:31:38 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml

[2011.07.29 10:52:59 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll

[2011.07.29 10:52:59 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe

[2011.03.24 10:34:41 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2011.03.24 10:34:41 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2011.03.24 10:34:41 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2011.03.24 10:34:41 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2011.03.24 04:23:32 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll

[2011.03.24 04:02:24 | 001,410,400 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll

[2011.03.24 04:02:24 | 000,660,832 | ---- | C] () -- C:\windows\System32\EncIcons.dll

[2011.03.24 04:02:24 | 000,513,376 | ---- | C] () -- C:\windows\System32\SimpleExt.dll

[2011.03.24 04:02:23 | 002,110,816 | ---- | C] () -- C:\windows\System32\Apblend.dll

[2011.03.24 04:02:23 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll

[2011.03.24 04:02:04 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll

[2011.03.24 03:52:39 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini

[2011.03.24 03:51:13 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2011.03.24 03:48:12 | 000,001,448 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

========== LOP Check ==========

[2011.12.01 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\3DataManager

[2011.07.29 11:40:06 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\ArcSyncConfig

[2011.08.18 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Audacity

[2011.10.25 09:38:59 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\FileZilla

[2012.05.13 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\OpenOffice.org

[2011.10.14 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Program Files

[2012.05.23 11:52:26 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\SoftGrid Client

[2011.07.28 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\TP

[2011.07.30 13:59:58 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Windows Live Writer

[2012.05.19 09:37:21 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Thx for any help!

Edited by Maurice Naggar
log placed here
Link to post
Share on other sites

Hello juicy_o and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.