Viren auf dem neuen PC

#0
05.11.2011, 12:34
...neu hier

Beiträge: 10
#1 Hallo!
Ich hab seit evtl nen guten halben Jahr nen neuen PC, bis jvor kurzem lief eigentlich alles auch immer prima und schnell aber das hat sich vor nem monat ca. geändert.

Ich hatte auch schon einen avira-suchdurchlauf gemacht (vor ca. 2 wochen) und der hat wiederum gleich 17 Viren gefunden!
Wie oder Woher ist mir ein Rätsel.
Ich schreib im übrigen jetzt erst, weil ich jetzt erst die Zeit dazu habe bzw wieder in meinem Wohnort bin.

Ich hoffe ihr könnt mir helfen ;)


Hab den Avira und den OTL-Scan .. der GMER-Scan hat irgendwie nicht geklappt ... ich konnte da nur nen haken bei "Services, Registry und Files' setzen .. den rest kann ich erst garnicht anklicken. Hab trotzdem gestartet und nach 20 seks ca wars auch schon wieder vorbei mit der meldung das nicht gesfundne wurde (?)

Hier die 2 Scans:

Avira-Scan:


Zitat

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 20. Oktober 2011 13:52

Es wird nach 3416680 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : JIBI-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 28.06.2011 18:52:10
AVSCAN.DLL : 10.0.5.0 57192 Bytes 28.06.2011 18:52:10
LUKE.DLL : 10.3.0.5 45416 Bytes 28.06.2011 18:52:10
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 28.06.2011 18:52:10
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 05:37:42
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 18:30:26
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 14:57:00
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 13:35:09
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 07:54:35
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 04:21:26
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:47:58
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 10:20:21
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 10:20:21
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 10:20:21
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 10:20:21
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 10:20:21
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 10:20:21
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 10:20:22
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 11:09:17
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 11:09:15
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 10:32:26
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 11:50:52
VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 11:50:53
VBASE019.VDF : 7.11.16.78 2048 Bytes 20.10.2011 11:50:53
VBASE020.VDF : 7.11.16.79 2048 Bytes 20.10.2011 11:50:53
VBASE021.VDF : 7.11.16.80 2048 Bytes 20.10.2011 11:50:53
VBASE022.VDF : 7.11.16.81 2048 Bytes 20.10.2011 11:50:53
VBASE023.VDF : 7.11.16.82 2048 Bytes 20.10.2011 11:50:53
VBASE024.VDF : 7.11.16.83 2048 Bytes 20.10.2011 11:50:53
VBASE025.VDF : 7.11.16.84 2048 Bytes 20.10.2011 11:50:53
VBASE026.VDF : 7.11.16.85 2048 Bytes 20.10.2011 11:50:53
VBASE027.VDF : 7.11.16.86 2048 Bytes 20.10.2011 11:50:53
VBASE028.VDF : 7.11.16.87 2048 Bytes 20.10.2011 11:50:53
VBASE029.VDF : 7.11.16.88 2048 Bytes 20.10.2011 11:50:53
VBASE030.VDF : 7.11.16.89 2048 Bytes 20.10.2011 11:50:53
VBASE031.VDF : 7.11.16.91 2048 Bytes 20.10.2011 11:50:53
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 13.12.2010 07:39:16
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 08.10.2011 10:20:26
AESCN.DLL : 8.1.7.2 127349 Bytes 13.12.2010 07:39:16
AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 07:54:52
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 08:55:02
AEPACK.DLL : 8.2.10.11 684408 Bytes 23.09.2011 11:10:58
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 16.09.2011 10:24:27
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 13.10.2011 11:09:25
AEHELP.DLL : 8.1.17.7 254327 Bytes 29.07.2011 07:41:37
AEGEN.DLL : 8.1.5.9 401780 Bytes 26.08.2011 09:52:28
AEEMU.DLL : 8.1.3.0 393589 Bytes 13.12.2010 07:39:10
AECORE.DLL : 8.1.23.0 196983 Bytes 26.08.2011 09:52:26
AEBB.DLL : 8.1.1.0 53618 Bytes 13.12.2010 07:39:10
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20
AVPREF.DLL : 10.0.3.2 44904 Bytes 28.06.2011 18:52:10
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 15:54:27
AVARKT.DLL : 10.0.26.1 255336 Bytes 28.06.2011 18:52:10
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 28.06.2011 18:52:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 28.06.2011 18:52:10
RCTEXT.DLL : 10.0.64.0 98664 Bytes 28.06.2011 18:52:10

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 20. Oktober 2011 13:52

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'Photoshop.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Vid.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'MegaManager.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaRegistry.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '199' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
C:\Users\Jibi\AppData\Local\Temp\jar_cache2988652968494053250.tmp
[0] Archivtyp: ZIP
--> applet.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.aqe
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6f94cfc3-6992fb00
[0] Archivtyp: ZIP
--> ClassPol.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1184
--> padle.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1504
--> hubert.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.4794
--> CusBen.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.7976
--> Trollllllle.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.4653
--> Clrepor.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1113
--> Cload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.3130
--> novell.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.838
--> a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.10515
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-6dd29c47
[0] Archivtyp: ZIP
--> report/FWriter.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jankem.M
--> report/Generator.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.CD
--> report/StorageSave.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-206f0185
[0] Archivtyp: ZIP
--> buildService/MailAgent.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.LL.1
--> buildService/VirtualTable.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\42423908-1efcd9c1
[0] Archivtyp: ZIP
--> mail/MailAgent.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AS
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\165a4449-1deb44a8
[0] Archivtyp: ZIP
--> bingo/haskalu.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.BN

Beginne mit der Desinfektion:
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\165a4449-1deb44a8
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.BN
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b34bd32.qua' verschoben!
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\42423908-1efcd9c1
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AS
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53a292e9.qua' verschoben!
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-206f0185
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '002bc84c.qua' verschoben!
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\16ce36aa-6dd29c47
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '661d87bf.qua' verschoben!
C:\Users\Jibi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6f94cfc3-6992fb00
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.10515
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2243aab1.qua' verschoben!
C:\Users\Jibi\AppData\Local\Temp\jar_cache2988652968494053250.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.aqe
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c9398cd.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 20. Oktober 2011 15:18
Benötigte Zeit: 54:57 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

29039 Verzeichnisse wurden überprüft
430352 Dateien wurden geprüft
17 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
430335 Dateien ohne Befall
2074 Archive wurden durchsucht
0 Warnungen
6 Hinweise
556763 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
OTL Scan:

Zitat

OTL logfile created on: 05.11.2011 12:08:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jibi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 72,85% Memory free
7,93 Gb Paging File | 6,75 Gb Available in Paging File | 85,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 212,77 Gb Free Space | 45,68% Space Free | Partition Type: NTFS
Drive D: | 6,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JIBI-PC | User Name: Jibi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.11.05 11:55:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jibi\Downloads\OTL.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 19:52:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 22:02:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.20 14:08:30 | 001,671,168 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwinit.dll
MOD - [2010.11.03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwssl.dll
MOD - [2010.11.03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwapp.dll
MOD - [2010.11.03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhttp.dll
MOD - [2010.11.03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwftp.dll
MOD - [2010.11.03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwmime.dll
MOD - [2010.11.03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwdir.dll
MOD - [2010.11.03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhtml.dll
MOD - [2010.11.03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwstream.dll
MOD - [2010.11.03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwfile.dll
MOD - [2010.11.03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcache.dll
MOD - [2010.11.03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwtrans.dll
MOD - [2010.11.03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcore.dll
MOD - [2010.11.03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwutils.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.10 12:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
MOD - [2009.12.01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\LIBEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\SSLEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\HS_REGEX.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
MOD - [2009.07.16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
MOD - [2009.07.16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.06.28 19:52:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 22:02:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.14 19:13:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.21 21:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 12:16:10 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.06.28 19:52:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 19:52:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.25 12:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.15 08:45:26 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010.02.24 15:06:00 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.31 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 155.230.15.95:8080

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fmdownloader@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18107
FF - prefs.js..network.proxy.http: "41.190.16.17"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.06 13:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.06 13:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.06 13:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.09.01 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.16 21:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.14 16:58:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.14 16:58:22 | 000,000,000 | ---D | M]

[2011.01.11 19:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Extensions
[2011.11.04 15:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions
[2011.04.14 07:11:58 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.03.27 12:08:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.09.25 10:23:57 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\toolbar@ask.com
[2011.06.30 19:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.19 17:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.23 12:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.08 10:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.30 19:55:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.16 21:49:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.09.01 17:57:17 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>;) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jibi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - Startup: C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50133406-D5AC-4738-8197-A8DB0BF1F9CB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E2DA27-D1D2-4AB9-B101-013156772492}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97DAF276-9375-4667-BA66-B100F94E1EBA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03560D7-381F-463A-AB56-BA8CB0E62106}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77FF8E5-DF4A-4134-9596-46E20FC992E5}: DhcpNameServer = 172.28.0.70 172.28.0.71
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.11.04 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.11.04 11:03:40 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Local\Google
[2011.11.03 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Jibi\Desktop\trim
[2011.10.22 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\Jibi\Desktop\ava
[2011.10.17 13:54:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.10.17 13:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.10.16 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Jibi\Desktop\wgeinsteiger
[2011.10.09 14:07:03 | 000,000,000 | ---D | C] -- C:\temp
[2011.10.09 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Power Sound Editor Free
[2011.10.09 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Sound Editor Free
[2011.10.09 14:06:27 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2011.10.09 14:06:27 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2011.10.09 14:06:27 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2011.10.09 14:06:27 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2011.10.09 14:06:27 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2011.10.09 14:06:26 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2011.10.09 14:06:26 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2011.10.09 14:06:26 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2011.10.09 14:06:26 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2011.10.09 14:06:26 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2011.10.09 14:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Power Sound Editor Free

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.11.05 11:20:04 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 11:20:04 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 11:15:57 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.05 11:15:57 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.05 11:15:57 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.05 11:15:57 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.05 11:15:57 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.05 11:11:34 | 002,259,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.05 11:11:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.05 11:11:13 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.04 22:30:56 | 000,060,088 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2011.11.04 22:30:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000UA.job
[2011.11.04 17:30:08 | 000,048,322 | ---- | M] () -- C:\Users\Jibi\Desktop\bretmchtegernava21.jpg
[2011.11.04 10:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000Core.job
[2011.11.03 16:18:41 | 028,897,280 | ---- | M] () -- C:\Users\Jibi\Desktop\Aufnahme-3.camrec
[2011.11.03 16:18:00 | 000,007,680 | ---- | M] () -- C:\Users\Jibi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.03 15:01:13 | 000,425,317 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2011.11.03 11:09:45 | 000,016,160 | ---- | M] () -- C:\Users\Jibi\Desktop\randy_rko.jpg
[2011.10.27 18:16:30 | 002,824,078 | ---- | M] () -- C:\Users\Jibi\Desktop\MOV02429.MP4
[2011.10.27 15:34:00 | 003,725,948 | ---- | M] () -- C:\Users\Jibi\Desktop\bloogpsddreams.psd
[2011.10.27 06:40:06 | 000,017,454 | ---- | M] () -- C:\Users\Jibi\Desktop\forbento.jpg
[2011.10.22 14:07:13 | 000,042,506 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-3.jpg
[2011.10.22 13:56:48 | 002,801,371 | ---- | M] () -- C:\Users\Jibi\Desktop\0cult.MP3
[2011.10.22 13:46:22 | 000,029,467 | ---- | M] () -- C:\Users\Jibi\Desktop\nickibluehair1-e1278694206931.jpg
[2011.10.22 11:11:17 | 000,086,693 | ---- | M] () -- C:\Users\Jibi\Desktop\cenaviper2.jpg
[2011.10.22 11:10:41 | 000,120,527 | ---- | M] () -- C:\Users\Jibi\Desktop\cenaviper1.jpg
[2011.10.21 16:05:00 | 001,761,698 | ---- | M] () -- C:\Users\Jibi\Desktop\0nickie.MP3
[2011.10.18 15:20:45 | 000,387,851 | ---- | M] () -- C:\Users\Jibi\Desktop\spank.jpg
[2011.10.17 16:13:06 | 000,497,982 | ---- | M] () -- C:\Users\Jibi\Desktop\fbbla.jpg
[2011.10.16 11:06:24 | 335,675,640 | ---- | M] () -- C:\Users\Jibi\Desktop\Aufnahme-2.camrec
[2011.10.15 18:00:14 | 335,724,296 | ---- | M] () -- C:\Users\Jibi\Desktop\Aufnahme-1.camrec
[2011.10.13 17:46:19 | 000,000,239 | ---- | M] () -- C:\Users\Jibi\Desktop\wg424.rtf
[2011.10.09 14:06:31 | 000,001,968 | ---- | M] () -- C:\Users\Jibi\Desktop\Power Sound Editor Free.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.11.04 22:24:17 | 000,060,088 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2011.11.04 17:30:07 | 000,048,322 | ---- | C] () -- C:\Users\Jibi\Desktop\bretmchtegernava21.jpg
[2011.11.03 16:18:15 | 028,897,280 | ---- | C] () -- C:\Users\Jibi\Desktop\Aufnahme-3.camrec
[2011.11.03 15:01:11 | 000,425,317 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2011.11.03 11:09:44 | 000,016,160 | ---- | C] () -- C:\Users\Jibi\Desktop\randy_rko.jpg
[2011.10.30 15:28:48 | 002,824,078 | ---- | C] () -- C:\Users\Jibi\Desktop\MOV02429.MP4
[2011.10.27 06:40:06 | 000,017,454 | ---- | C] () -- C:\Users\Jibi\Desktop\forbento.jpg
[2011.10.24 15:35:50 | 003,725,948 | ---- | C] () -- C:\Users\Jibi\Desktop\bloogpsddreams.psd
[2011.10.22 13:59:25 | 000,042,506 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-3.jpg
[2011.10.22 13:56:47 | 002,801,371 | ---- | C] () -- C:\Users\Jibi\Desktop\0cult.MP3
[2011.10.22 13:46:22 | 000,029,467 | ---- | C] () -- C:\Users\Jibi\Desktop\nickibluehair1-e1278694206931.jpg
[2011.10.22 11:11:16 | 000,086,693 | ---- | C] () -- C:\Users\Jibi\Desktop\cenaviper2.jpg
[2011.10.22 11:10:40 | 000,120,527 | ---- | C] () -- C:\Users\Jibi\Desktop\cenaviper1.jpg
[2011.10.21 16:04:59 | 001,761,698 | ---- | C] () -- C:\Users\Jibi\Desktop\0nickie.MP3
[2011.10.18 15:20:43 | 000,387,851 | ---- | C] () -- C:\Users\Jibi\Desktop\spank.jpg
[2011.10.17 16:13:05 | 000,497,982 | ---- | C] () -- C:\Users\Jibi\Desktop\fbbla.jpg
[2011.10.16 11:04:17 | 335,675,640 | ---- | C] () -- C:\Users\Jibi\Desktop\Aufnahme-2.camrec
[2011.10.15 17:59:25 | 335,724,296 | ---- | C] () -- C:\Users\Jibi\Desktop\Aufnahme-1.camrec
[2011.10.13 17:46:19 | 000,000,239 | ---- | C] () -- C:\Users\Jibi\Desktop\wg424.rtf
[2011.10.09 14:06:31 | 000,001,968 | ---- | C] () -- C:\Users\Jibi\Desktop\Power Sound Editor Free.lnk
[2011.10.09 14:06:27 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2011.09.06 14:49:27 | 000,007,680 | ---- | C] () -- C:\Users\Jibi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.02 07:48:43 | 000,004,305 | ---- | C] () -- C:\Windows\jqhzvb32.ini
[2011.05.02 07:48:43 | 000,001,442 | ---- | C] () -- C:\Windows\cwhh_h16.ini
[2011.04.29 17:10:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.08 10:17:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.02.08 10:16:35 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.02.08 10:16:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.08 15:06:31 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.11.08 15:06:31 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.11.08 15:06:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.11.08 15:06:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.11.08 15:06:29 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011.01.12 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\DisplayFusion
[2011.01.27 16:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.20 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Foxit Software
[2011.11.04 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\ijjigame
[2011.01.24 09:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Leadertech
[2011.02.08 10:18:17 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\MAGIX
[2011.01.14 08:17:30 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Megaupload
[2011.01.19 17:26:23 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\OpenOffice.org
[2011.10.09 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Power Sound Editor Free
[2011.11.04 10:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000Core.job
[2011.11.04 22:30:01 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000UA.job
[2011.07.10 08:48:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.01.08 21:30:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.18 06:42:32 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.24 10:38:21 | 000,000,000 | ---D | M] -- C:\ijji
[2011.01.06 13:26:16 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.02 07:48:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.09 14:06:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.14 16:58:19 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.05 12:10:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.09 14:18:39 | 000,000,000 | ---D | M] -- C:\temp
[2011.01.08 21:30:05 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.18 06:41:43 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >
Seitenanfang Seitenende
05.11.2011, 13:00
Member
Avatar Gool

Beiträge: 4730
#2 Du wirst Dir keine Gedanken machen müssen. Die angeblichen Viren wurden lediglich im Java-Cache gefunden. Dort sammelt sich hin und wieder irgendwas zusammen, was aber in aller Regel weder ausbricht noch tatsächlich ein Virus ist. Es handelt sich meist um unsauber Programmierte Java-Applikationen oder um Applikationen, die die gleichen Methoden wie bekannte Viren nutzen, was nicht bedeutet, dass sie schädlich sind. Es kann auch durchaus sein, dass sich mal dort eine infizierte Java-Applikation verfängt, ein Ausbruch ist aber nur dann zu befürchten, wenn bestimmte Sicherheitslücken des Browsers ausgenutzt werden - aber wenn man seine Software auf aktuellem Stand hält, stellt auch das in nahezu allen Fällen kein Problem dar.

Grundsätzlich lässt sich sagen: so lange nur im Java-Cache irgendwas gefunden wird, ist alles ok. Dasselbe gilt für den Browser-Cache (egal, welcher Browser). Spannend wird es erst, wenn sich Dinge außerhalb der Cache-Standorte finden.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
10.11.2011, 12:05
Moderator
Avatar joschi

Beiträge: 6466
#3

Zitat

Su Java 1.6.0_26
Ein Update wäre doch erforderlich auf Vers. 29.
Wenn die installierte Java-Version für das Exploit verwundbar war, so ist es auch dann ein Problem, wenn man heir die entspr. Dateien "nur" im entspr Cache vorfindet.

Grundsätzlich kannst Du deinen Virenscanner als "fehlerhaft" betrachten; oder eben "nicht 100%-ig". Von daher ist es ratsam stets die installierten Programme und das Betriebssystem konsequent auf dem aktuellen Stand zu halten.
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
17.01.2012, 06:27
...neu hier

Themenstarter

Beiträge: 10
#4 Mittlerweile hatte ich 2 Viren-Attacken
Einmal den hier: http://blog.bitpiloten.de/wp-content/uploads/2011/11/GEMA.jpg
und einmal so einen ähnlichen

und Firefox musste ich auch komplett neuinstallieren weil er sich nurnoch aufgehängt hat.
Nebenbei schaltet sich beim Neustart meine Startseite immer auf 'http://www.ver-filmes.com/' (?)
Also denke ich das da doch mehr im Busch als 'Viren lediglich im Java-Cache' ist.

Kann mir jemand helfen?
Seitenanfang Seitenende
17.01.2012, 11:19
Member
Avatar Xeper

Beiträge: 5291
#5

Zitat

Nebenbei schaltet sich beim Neustart meine Startseite immer auf 'http://www.ver-filmes.com/' (?)
Also denke ich das da doch mehr im Busch als 'Viren lediglich im Java-Cache' ist.
Ja sieht wohl nach einem drive-by exploit aus.
Was ist denn mit dem guten Internet Explorer, funktioniert der?
(Oder gilt das selbe auch für diesen?)

Zitat

Ich hab seit evtl nen guten halben Jahr nen neuen PC, bis jvor kurzem lief eigentlich alles auch immer prima und schnell aber das hat sich vor nem monat ca. geändert.
...
Mittlerweile hatte ich 2 Viren-Attacken
Einmal den hier: http://blog.bitpiloten.de/wp-content/uploads/2011/11/GEMA.jpg
Ja der GEMA Trojan ist besonders lustig... ^^
Es ist ja ganz normal, egal wie Alt/Neu dein Computer ist - da ist Windows drauf, da erwarten wir doch nichts anderes. ;)
__________
E-Mail: therion at ninth-art dot de
IRC: megatherion @ Freenode
Seitenanfang Seitenende
17.01.2012, 13:08
...neu hier

Themenstarter

Beiträge: 10
#6 Internet Explorer benutze ich ziemlich selten, aber gestern als Firefox nur am abstürzen war hab ich ihn 1-2 Stunden genutzt. Das mit der Startseite war dort auch so, aber abgestürzt ist er im vergleich nicht.

Firefox stürzt nacht der Neu-Instalation nun auch immernoch ab, aber eben nur mal 'wenn er lust hat'.
Seitenanfang Seitenende
17.01.2012, 16:05
...neu hier

Themenstarter

Beiträge: 10
#7 Ab und zu kommt noch eine Fehlermeldung dazu, wenn er FF einfach beendet (mal was mit Chrome, mal was mit Firefox), falls das für die Problembehebung relevant ist.
Seitenanfang Seitenende
17.01.2012, 16:30
Member

Beiträge: 420
#8 Hi

1. Installiere Malwarebytes
http://www.malwarebytes.org/
(Download Now)
lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

2. Poste bitte ein frisches OTL-Log, da sich in der Zwischenzeit etwas geändert haben könnte.
Seitenanfang Seitenende
17.01.2012, 17:22
...neu hier

Themenstarter

Beiträge: 10
#9 Während des otl scans kamen auch die fehler-meldungen die ab und zu beim firefox absturz kamen:


No. 1

Zitat

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jibi :: JIBI-PC [Administrator]

17.01.2012 16:41:36
mbam-log-2012-01-17 (16-41-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 181789
Laufzeit: 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
No 2.

Zitat

OTL logfile created on: 17.01.2012 16:50:30 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jibi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,07% Memory free
7,93 Gb Paging File | 5,86 Gb Available in Paging File | 73,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 230,42 Gb Free Space | 49,47% Space Free | Partition Type: NTFS
Drive D: | 6,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JIBI-PC | User Name: Jibi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.11.05 11:55:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jibi\Downloads\OTL.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.20 14:08:30 | 001,671,168 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2007.04.18 23:00:30 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Programme\Adobe Photoshop CS3\Photoshop.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwinit.dll
MOD - [2010.11.03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwssl.dll
MOD - [2010.11.03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwapp.dll
MOD - [2010.11.03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhttp.dll
MOD - [2010.11.03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwftp.dll
MOD - [2010.11.03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwmime.dll
MOD - [2010.11.03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwdir.dll
MOD - [2010.11.03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhtml.dll
MOD - [2010.11.03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwstream.dll
MOD - [2010.11.03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwfile.dll
MOD - [2010.11.03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcache.dll
MOD - [2010.11.03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwtrans.dll
MOD - [2010.11.03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcore.dll
MOD - [2010.11.03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwutils.dll
MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.10 12:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
MOD - [2009.12.01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\LIBEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\SSLEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\HS_REGEX.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
MOD - [2009.07.16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
MOD - [2009.07.16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
MOD - [2007.04.09 17:37:00 | 002,342,912 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\Photoshop.dll
MOD - [2007.04.09 17:36:10 | 000,049,152 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\QuickTimeGlue.dll
MOD - [2007.04.09 17:36:06 | 000,393,216 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\AdobeXMP.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.14 19:13:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.21 21:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 12:16:10 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.12.22 14:01:40 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.25 12:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.15 08:45:26 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010.02.24 15:06:00 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.31 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ver-filmes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.190.16.17:8080

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.ver-filmes.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fmdownloader@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..network.proxy.http: "41.190.16.17"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.06 13:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.06 13:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.06 13:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.09.01 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.16 21:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.17 06:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.17 06:08:16 | 000,000,000 | ---D | M]

[2011.01.11 19:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Extensions
[2012.01.17 13:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions
[2011.04.14 07:11:58 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012.01.17 07:39:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.17 06:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>;) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FILSHtray] C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [CkXJjzKFYQM1Y] C:\ProgramData\iHQ2j4YAs4Alb\mpgBcTgMvEZzW.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jibi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HmkMmTMayrr6JL] C:\ProgramData\XxksWjWBdt0XuC\IJv6SoDIr.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50133406-D5AC-4738-8197-A8DB0BF1F9CB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E2DA27-D1D2-4AB9-B101-013156772492}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97DAF276-9375-4667-BA66-B100F94E1EBA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03560D7-381F-463A-AB56-BA8CB0E62106}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77FF8E5-DF4A-4134-9596-46E20FC992E5}: DhcpNameServer = 172.28.0.70 172.28.0.71
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\Shell - "" = AutoRun
O33 - MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.01.17 16:40:45 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Malwarebytes
[2012.01.17 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.17 16:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 16:40:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.17 16:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.17 06:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.17 02:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\XxksWjWBdt0XuC
[2012.01.16 18:19:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZeusPro
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeksoft
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeksoft
[2012.01.13 13:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SmGIbGCGFJi
[2012.01.13 13:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\iHQ2j4YAs4Alb
[2012.01.10 15:52:47 | 000,000,000 | ---D | C] -- C:\Users\Jibi\Desktop\RL Pics

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.01.17 16:50:16 | 000,478,725 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_4.gif
[2012.01.17 16:50:16 | 000,422,803 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_4.gif
[2012.01.17 16:50:14 | 000,161,044 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_dldr1.gif
[2012.01.17 16:50:14 | 000,062,885 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cpage1.gif
[2012.01.17 16:40:31 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.17 16:30:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000UA.job
[2012.01.17 13:11:41 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 13:11:41 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 13:08:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.17 13:08:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.17 13:08:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.17 13:08:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.17 13:08:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.17 13:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 13:04:03 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 06:17:41 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.17 06:07:11 | 000,147,198 | ---- | M] () -- C:\Users\Jibi\Desktop\bookmarks-2012-01-17.json
[2012.01.16 18:46:59 | 000,421,457 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_1.gif
[2012.01.16 18:46:58 | 000,477,992 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_1.gif
[2012.01.15 16:38:56 | 000,375,527 | ---- | M] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-022.jpg
[2012.01.15 16:34:14 | 000,184,189 | ---- | M] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-02.jpg
[2012.01.15 10:30:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000Core.job
[2012.01.14 16:55:05 | 000,017,197 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2012.01.14 16:51:15 | 000,021,023 | ---- | M] () -- C:\Users\Jibi\Desktop\b6aedf19.png
[2012.01.14 14:54:43 | 000,055,407 | ---- | M] () -- C:\Users\Jibi\Desktop\garg.jpg
[2012.01.12 19:02:52 | 000,055,668 | ---- | M] () -- C:\Users\Jibi\Desktop\390171_322351221128345_100000604098744_1206995_800891825_n.jpg
[2012.01.12 13:43:11 | 000,355,436 | ---- | M] () -- C:\Users\Jibi\Desktop\titel2.jpg
[2012.01.12 06:49:37 | 000,427,785 | ---- | M] () -- C:\Users\Jibi\Desktop\titel.png
[2012.01.11 14:32:14 | 002,463,812 | ---- | M] () -- C:\Users\Jibi\Desktop\6672912647_d3d278c3bb_o.jpg
[2012.01.09 16:40:37 | 000,100,017 | ---- | M] () -- C:\Users\Jibi\Desktop\tumblr_lxhcbqisZy1r9lx7no1_500.jpg
[2012.01.09 05:59:21 | 000,074,690 | ---- | M] () -- C:\Users\Jibi\Desktop\402629_320686984628999_100000631006834_1031284_1425229460_n.jpg
[2012.01.08 17:18:20 | 000,015,934 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2012.01.02 16:26:46 | 003,780,754 | ---- | M] () -- C:\Users\Jibi\Desktop\WWE.MP3
[2012.01.02 16:20:23 | 000,021,714 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-4.jpg
[2012.01.02 16:12:35 | 000,004,042 | ---- | M] () -- C:\Users\Jibi\Desktop\it-begins.png
[2011.12.23 12:16:08 | 002,259,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.22 14:01:40 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.21 17:59:52 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.01.17 16:40:31 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.17 06:17:41 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.17 06:17:41 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.17 06:07:11 | 000,147,198 | ---- | C] () -- C:\Users\Jibi\Desktop\bookmarks-2012-01-17.json
[2012.01.17 02:00:52 | 000,422,803 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_4.gif
[2012.01.17 02:00:50 | 000,478,725 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_4.gif
[2012.01.16 13:08:58 | 000,421,457 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_1.gif
[2012.01.16 13:08:57 | 000,477,992 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_1.gif
[2012.01.15 16:38:54 | 000,375,527 | ---- | C] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-022.jpg
[2012.01.15 16:34:14 | 000,184,189 | ---- | C] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-02.jpg
[2012.01.14 16:55:04 | 000,017,197 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2012.01.14 16:51:14 | 000,021,023 | ---- | C] () -- C:\Users\Jibi\Desktop\b6aedf19.png
[2012.01.14 14:54:42 | 000,055,407 | ---- | C] () -- C:\Users\Jibi\Desktop\garg.jpg
[2012.01.13 13:34:16 | 000,161,044 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_dldr1.gif
[2012.01.13 13:34:16 | 000,062,885 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cpage1.gif
[2012.01.12 19:02:52 | 000,055,668 | ---- | C] () -- C:\Users\Jibi\Desktop\390171_322351221128345_100000604098744_1206995_800891825_n.jpg
[2012.01.12 13:43:11 | 000,355,436 | ---- | C] () -- C:\Users\Jibi\Desktop\titel2.jpg
[2012.01.12 06:49:36 | 000,427,785 | ---- | C] () -- C:\Users\Jibi\Desktop\titel.png
[2012.01.11 14:32:14 | 002,463,812 | ---- | C] () -- C:\Users\Jibi\Desktop\6672912647_d3d278c3bb_o.jpg
[2012.01.09 16:40:36 | 000,100,017 | ---- | C] () -- C:\Users\Jibi\Desktop\tumblr_lxhcbqisZy1r9lx7no1_500.jpg
[2012.01.09 05:59:20 | 000,074,690 | ---- | C] () -- C:\Users\Jibi\Desktop\402629_320686984628999_100000631006834_1031284_1425229460_n.jpg
[2012.01.08 17:18:19 | 000,015,934 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2012.01.02 16:26:38 | 003,780,754 | ---- | C] () -- C:\Users\Jibi\Desktop\WWE.MP3
[2012.01.02 16:20:21 | 000,021,714 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-4.jpg
[2012.01.02 16:12:34 | 000,004,042 | ---- | C] () -- C:\Users\Jibi\Desktop\it-begins.png
[2011.09.06 14:49:27 | 000,007,680 | ---- | C] () -- C:\Users\Jibi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.02 07:48:43 | 000,004,305 | ---- | C] () -- C:\Windows\jqhzvb32.ini
[2011.05.02 07:48:43 | 000,001,442 | ---- | C] () -- C:\Windows\cwhh_h16.ini
[2011.04.29 17:10:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.08 10:17:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.02.08 10:16:35 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.02.08 10:16:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.08 15:06:31 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.11.08 15:06:31 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.11.08 15:06:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.11.08 15:06:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.11.08 15:06:29 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011.01.12 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\DisplayFusion
[2011.01.27 16:54:10 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.20 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Foxit Software
[2011.12.16 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\ijjigame
[2011.01.24 09:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Leadertech
[2011.02.08 10:18:17 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\MAGIX
[2011.01.14 08:17:30 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Megaupload
[2011.01.19 17:26:23 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\OpenOffice.org
[2011.10.09 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jibi\AppData\Roaming\Power Sound Editor Free
[2012.01.15 10:30:02 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000Core.job
[2012.01.17 16:30:02 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2430596823-3442958056-1693070999-1000UA.job
[2011.07.10 08:48:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.01.13 13:35:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.18 06:42:32 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.09 16:54:39 | 000,000,000 | ---D | M] -- C:\CONFIG
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.22 14:01:53 | 000,000,000 | ---D | M] -- C:\EVENTDB
[2011.01.24 10:38:21 | 000,000,000 | ---D | M] -- C:\ijji
[2011.12.16 14:12:16 | 000,000,000 | ---D | M] -- C:\INFECTED
[2011.01.06 13:26:16 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.21 18:00:02 | 000,000,000 | ---D | M] -- C:\LOGFILES
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.02 07:48:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.17 16:40:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.17 16:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.08 21:24:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.21 18:00:36 | 000,000,000 | ---D | M] -- C:\REPORTS
[2012.01.17 16:52:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.21 18:00:44 | 000,000,000 | ---D | M] -- C:\temp
[2011.01.08 21:30:05 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.30 19:37:31 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >
Seitenanfang Seitenende
17.01.2012, 18:54
Member

Beiträge: 420
#10 Ok

Bitte alle Tools, die wir einsetzen, mit Rechtsklick "Als Administrator" starten.

1. Starte bitte OTL, kopiere unten in das Skript-Feld rein:

Zitat


:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ver-filmes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.190.16.17:8080
FF - prefs.js..browser.startup.homepage: "http://www.ver-filmes.com/"
FF - prefs.js..network.proxy.http: "41.190.16.17"
FF - prefs.js..network.proxy.http_port: 8080
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [CkXJjzKFYQM1Y] C:\ProgramData\iHQ2j4YAs4Alb\mpgBcTgMvEZzW.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jibi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HmkMmTMayrr6JL] C:\ProgramData\XxksWjWBdt0XuC\IJv6SoDIr.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\Shell - "" = AutoRun
O33 - MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\Shell\AutoRun\command - "" = E:\Startme.exe
[2012.01.17 02:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\XxksWjWBdt0XuC
[2012.01.13 13:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SmGIbGCGFJi
[2012.01.13 13:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\iHQ2j4YAs4Alb

:Commands
[emptytemp]
[emptyflash]

und klicke auf Fix. Poste bitte das Fix-Log.

2. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (nichts "Fixen")
Seitenanfang Seitenende
18.01.2012, 07:21
...neu hier

Themenstarter

Beiträge: 10
#11 No. 1

Zitat

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://www.ver-filmes.com/" removed from browser.startup.homepage
Prefs.js: "41.190.16.17" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CkXJjzKFYQM1Y deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Jibi\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HmkMmTMayrr6JL deleted successfully.
C:\ProgramData\XxksWjWBdt0XuC\IJv6SoDIr.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6734059-2191-11e0-909d-003067432e45}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6734059-2191-11e0-909d-003067432e45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6734059-2191-11e0-909d-003067432e45}\ not found.
File E:\Startme.exe not found.
C:\ProgramData\XxksWjWBdt0XuC folder moved successfully.
C:\ProgramData\SmGIbGCGFJi folder moved successfully.
C:\ProgramData\iHQ2j4YAs4Alb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jibi
->Temp folder emptied: 5229624315 bytes
->Temporary Internet Files folder emptied: 138471576 bytes
->Java cache emptied: 1370868 bytes
->FireFox cache emptied: 95726252 bytes
->Google Chrome cache emptied: 8446330 bytes
->Flash cache emptied: 8353400 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137016455 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 7955946 bytes

Total Files Cleaned = 5.366,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jibi
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01182012_063741

Files\Folders moved on Reboot...
C:\Users\Jibi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj04.dll not found!

Registry entries deleted on Reboot...
No. 2


Zitat

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 07:07:10
-----------------------------
07:07:10.282 OS Version: Windows x64 6.1.7601 Service Pack 1
07:07:10.282 Number of processors: 2 586 0x170A
07:07:10.283 ComputerName: JIBI-PC UserName: Jibi
07:07:12.961 Initialize success
07:08:52.024 AVAST engine defs: 12011701
07:11:31.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:11:31.661 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
07:11:31.671 Disk 0 MBR read successfully
07:11:31.673 Disk 0 MBR scan
07:11:31.693 Disk 0 Windows 7 default MBR code
07:11:31.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
07:11:31.710 Service scanning
07:11:35.515 Modules scanning
07:11:35.515 Disk 0 trace - called modules:
07:11:35.525 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
07:11:35.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf6760]
07:11:35.526 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004723520]
07:11:35.526 5 ACPI.sys[fffff88000f3b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004724680]
07:11:36.299 AVAST engine scan C:\Windows
07:11:38.440 AVAST engine scan C:\Windows\system32
07:13:49.722 AVAST engine scan C:\Windows\system32\drivers
07:14:04.882 AVAST engine scan C:\Users\Jibi
07:20:38.677 Disk 0 MBR has been saved successfully to "C:\Users\Jibi\Desktop\MBR.dat"
07:20:38.690 The log file has been saved successfully to "C:\Users\Jibi\Desktop\aswMBR.txt"
Seitenanfang Seitenende
18.01.2012, 12:34
Member

Beiträge: 420
#12 Dann sind wir bereit für den Hauptgang:

1. Folge bitte dieser Anleitung (und zwar genau)
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.
Seitenanfang Seitenende
18.01.2012, 16:58
...neu hier

Themenstarter

Beiträge: 10
#13 Nachdem Combofix den PC neustarten lies, ging kein Browser mehr, anscheinend wurde da irgendwas mitgelöscht (?)

Hab dann Firefox deinstalliert komplett, neugestartet und wieder rauf gemacht (hatte setup zj glück noch am pc, sonst hätte ich wohl systemwiederherstellung machen müssen)
IE geht komischerweise aber jetzt auch wieder mit.

hier der CF log:

Zitat

ComboFix 12-01-18.04 - Jibi 18.01.2012 16:39:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.2606 [GMT 1:00]
ausgeführt von:: c:\users\Jibi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\L3x4CWfr.ico
c:\programdata\qsQ6bSBN.ico
c:\programdata\XxksWjWBdt0XuC
c:\programdata\XxksWjWBdt0XuC\IJv6SoDIr.exe
c:\users\Jibi\AppData\Roaming\m_cpage1.gif
c:\users\Jibi\AppData\Roaming\m_dldr1.gif
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-18 bis 2012-01-18 ))))))))))))))))))))))))))))))
.
.
2012-01-18 15:44 . 2012-01-18 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 05:37 . 2012-01-18 05:37 -------- d-----w- C:\_OTL
2012-01-17 15:40 . 2012-01-17 15:40 -------- d-----w- c:\users\Jibi\AppData\Roaming\Malwarebytes
2012-01-17 15:40 . 2012-01-17 15:40 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 15:40 . 2012-01-17 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-17 15:40 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 05:16 . 2012-01-17 05:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-16 17:19 . 2012-01-16 17:19 -------- d-----w- c:\windows\system32\Macromed
2012-01-13 17:20 . 2012-01-13 17:20 -------- d-----w- c:\program files (x86)\ZeusPro
2012-01-11 14:11 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:11 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 17:19 . 2011-05-13 20:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-22 13:01 . 2011-12-08 17:20 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-14 20:28 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 04:54 . 2011-01-19 16:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:41 . 2011-12-14 20:29 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 20:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 20:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 20:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 20:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 20:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 20:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"FILSHtray"="c:\program files (x86)\FILSHtray\FILSHtray.exe" [2011-12-13 591872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files (x86)\Hama\Common\RaUI.exe [2011-1-11 1671168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Hama\Common\RaRegistry64.exe [2009-12-10 212256]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-28 6297088]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ver-filmes.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jibi\AppData\Roaming\Mozilla\Firefox\Profiles\58ohugm3.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-HmkMmTMayrr6JL - c:\programdata\XxksWjWBdt0XuC\IJv6SoDIr.exe
AddRemove-ffdshow_is1 - c:\program files (x86)\Video Capture Master\Filters\ffdshow\unins000.exe
AddRemove-QuicktimeAlt_is1 - c:\program files (x86)\Video Capture Master\Filters\QuickTime\unins000.exe
AddRemove-RealAlt_is1 - c:\program files (x86)\Video Capture Master\Filters\Real\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Hama\Common\RaRegistry.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-18 16:50:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-18 15:50
.
Vor Suchlauf: 16 Verzeichnis(se), 251.412.127.744 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 251.143.090.176 Bytes frei
.
- - End Of File - - A2757DC2E2BB93FAF71573B54E2383EE
Seitenanfang Seitenende
18.01.2012, 17:35
Member

Beiträge: 420
#14 Es wurde nichts gelöscht, was das verursachen könnte. Allerdings setzt Combofix einige Einstellungen zurück, könnte damit zusammenhängen.
Außerdem wurde wieder etwas gelöscht, was davor schon mit dem OTL-Fix weg sein sollte. Soll heißen, was auch immer es ist, es hat sich wieder regeneriert.

1. Lade bitte diese Datei bei VirusTotal hoch:

Zitat

c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys
und poste den Link zum Ergebnis der Untersuchung.

2. Beschreibe bitte, wie es dem System aktuell geht (irgendwelche Änderungen? Probleme mit den Browsern?)

3. Poste bitte ein frisches OTL-Log, mal sehen ob sich die Sache wieder zeigt.
Seitenanfang Seitenende
18.01.2012, 18:05
...neu hier

Themenstarter

Beiträge: 10
#15 c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys
Die Datei ist nicht in dem Ordner wie beschrieben und auch 'dump_wmimmc.sys' in der suche ergab keinen erfolg.

2. Im moment stürzt er garnicht mehr ab.

3. otl:

Zitat

OTL logfile created on: 18.01.2012 18:01:27 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jibi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,21% Memory free
7,93 Gb Paging File | 6,13 Gb Available in Paging File | 77,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 233,78 Gb Free Space | 50,19% Space Free | Partition Type: NTFS
Drive D: | 6,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JIBI-PC | User Name: Jibi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.05 11:55:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jibi\Downloads\OTL.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.20 14:08:30 | 001,671,168 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2007.04.18 23:00:30 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Programme\Adobe Photoshop CS3\Photoshop.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.18 10:12:51 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010.11.03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwinit.dll
MOD - [2010.11.03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwssl.dll
MOD - [2010.11.03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwapp.dll
MOD - [2010.11.03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhttp.dll
MOD - [2010.11.03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwftp.dll
MOD - [2010.11.03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwmime.dll
MOD - [2010.11.03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwdir.dll
MOD - [2010.11.03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwhtml.dll
MOD - [2010.11.03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwstream.dll
MOD - [2010.11.03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwfile.dll
MOD - [2010.11.03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcache.dll
MOD - [2010.11.03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwtrans.dll
MOD - [2010.11.03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwcore.dll
MOD - [2010.11.03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\wwwutils.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.10 12:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
MOD - [2009.12.01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\LIBEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\SSLEAY32.dll
MOD - [2009.12.01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files (x86)\Megaupload\Mega Manager\HS_REGEX.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
MOD - [2009.07.16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
MOD - [2009.07.16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
MOD - [2007.04.09 17:37:00 | 002,342,912 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\Photoshop.dll
MOD - [2007.04.09 17:36:10 | 000,049,152 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\QuickTimeGlue.dll
MOD - [2007.04.09 17:36:06 | 000,393,216 | ---- | M] () -- C:\Programme\Adobe Photoshop CS3\AdobeXMP.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.14 19:13:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.21 21:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 12:16:10 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.12.10 12:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.12.22 14:01:40 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.25 12:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.15 08:45:26 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010.02.24 15:06:00 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.31 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ver-filmes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fmdownloader@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.01.06 13:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.06 13:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.06 13:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.09.01 17:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.16 21:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.18 16:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.17 06:08:16 | 000,000,000 | ---D | M]

[2011.01.11 19:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Extensions
[2012.01.18 16:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions
[2011.04.14 07:11:58 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Jibi\AppData\Roaming\mozilla\Firefox\Profiles\58ohugm3.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012.01.18 16:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jibi\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jibi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jibi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\

O1 HOSTS File: ([2012.01.18 16:44:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>;) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FILSHtray] C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - Startup: C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jibi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50133406-D5AC-4738-8197-A8DB0BF1F9CB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E2DA27-D1D2-4AB9-B101-013156772492}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97DAF276-9375-4667-BA66-B100F94E1EBA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03560D7-381F-463A-AB56-BA8CB0E62106}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77FF8E5-DF4A-4134-9596-46E20FC992E5}: DhcpNameServer = 172.28.0.70 172.28.0.71
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.01.18 16:46:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.01.18 16:38:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.18 16:38:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.18 16:38:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.18 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.18 16:37:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.18 15:11:25 | 004,387,138 | R--- | C] (Swearware) -- C:\Users\Jibi\Desktop\ComboFix.exe
[2012.01.18 06:37:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.17 16:40:45 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Malwarebytes
[2012.01.17 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.17 16:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 16:40:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.17 16:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.17 06:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.17 06:16:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.01.17 06:16:18 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.01.17 06:16:18 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.01.17 06:14:29 | 015,134,848 | ---- | C] (Mozilla) -- C:\Users\Jibi\Desktop\Firefox_Setup_9.0.1.exe
[2012.01.16 18:19:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZeusPro
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Jibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeksoft
[2012.01.13 18:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeksoft
[2012.01.11 15:11:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 15:11:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 15:11:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 15:11:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 15:09:51 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 15:09:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 15:09:43 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 15:09:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 15:09:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.10 15:52:47 | 000,000,000 | ---D | C] -- C:\Users\Jibi\Desktop\RL Pics

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.01.18 17:01:35 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 17:01:35 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 16:58:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.18 16:58:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.18 16:58:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.18 16:58:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.18 16:58:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.18 16:55:38 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.18 16:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.18 16:54:12 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.18 16:44:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.18 16:38:12 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\Jibi\Desktop\ComboFix.exe
[2012.01.18 15:47:25 | 000,422,803 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_4.gif
[2012.01.18 15:47:24 | 000,478,725 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_4.gif
[2012.01.18 07:20:38 | 000,000,512 | ---- | M] () -- C:\Users\Jibi\Desktop\MBR.dat
[2012.01.17 17:20:58 | 000,348,236 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-2.jpg
[2012.01.17 16:40:31 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.17 06:14:29 | 015,134,848 | ---- | M] (Mozilla) -- C:\Users\Jibi\Desktop\Firefox_Setup_9.0.1.exe
[2012.01.17 06:07:11 | 000,147,198 | ---- | M] () -- C:\Users\Jibi\Desktop\bookmarks-2012-01-17.json
[2012.01.16 18:46:59 | 000,421,457 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_1.gif
[2012.01.16 18:46:58 | 000,477,992 | ---- | M] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_1.gif
[2012.01.16 18:19:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.15 16:38:56 | 000,375,527 | ---- | M] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-022.jpg
[2012.01.15 16:34:14 | 000,184,189 | ---- | M] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-02.jpg
[2012.01.14 16:55:05 | 000,017,197 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2012.01.14 16:51:15 | 000,021,023 | ---- | M] () -- C:\Users\Jibi\Desktop\b6aedf19.png
[2012.01.14 14:54:43 | 000,055,407 | ---- | M] () -- C:\Users\Jibi\Desktop\garg.jpg
[2012.01.12 19:02:52 | 000,055,668 | ---- | M] () -- C:\Users\Jibi\Desktop\390171_322351221128345_100000604098744_1206995_800891825_n.jpg
[2012.01.12 13:43:11 | 000,355,436 | ---- | M] () -- C:\Users\Jibi\Desktop\titel2.jpg
[2012.01.12 06:49:37 | 000,427,785 | ---- | M] () -- C:\Users\Jibi\Desktop\titel.png
[2012.01.11 14:32:14 | 002,463,812 | ---- | M] () -- C:\Users\Jibi\Desktop\6672912647_d3d278c3bb_o.jpg
[2012.01.09 16:40:37 | 000,100,017 | ---- | M] () -- C:\Users\Jibi\Desktop\tumblr_lxhcbqisZy1r9lx7no1_500.jpg
[2012.01.09 05:59:21 | 000,074,690 | ---- | M] () -- C:\Users\Jibi\Desktop\402629_320686984628999_100000631006834_1031284_1425229460_n.jpg
[2012.01.08 17:18:20 | 000,015,934 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2012.01.02 16:26:46 | 003,780,754 | ---- | M] () -- C:\Users\Jibi\Desktop\WWE.MP3
[2012.01.02 16:20:23 | 000,021,714 | ---- | M] () -- C:\Users\Jibi\Desktop\Unbenannt-4.jpg
[2012.01.02 16:12:35 | 000,004,042 | ---- | M] () -- C:\Users\Jibi\Desktop\it-begins.png
[2011.12.23 12:16:08 | 002,259,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.22 14:01:40 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.21 17:59:52 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.01.18 16:55:38 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.18 16:55:38 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.18 16:38:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.18 16:38:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.18 16:38:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.18 16:38:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.18 16:38:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.18 07:20:38 | 000,000,512 | ---- | C] () -- C:\Users\Jibi\Desktop\MBR.dat
[2012.01.17 17:20:57 | 000,348,236 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-2.jpg
[2012.01.17 16:40:31 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.17 06:07:11 | 000,147,198 | ---- | C] () -- C:\Users\Jibi\Desktop\bookmarks-2012-01-17.json
[2012.01.17 02:00:52 | 000,422,803 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_4.gif
[2012.01.17 02:00:50 | 000,478,725 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_4.gif
[2012.01.16 13:08:58 | 000,421,457 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ic_1.gif
[2012.01.16 13:08:57 | 000,477,992 | ---- | C] () -- C:\Users\Jibi\AppData\Roaming\m_cmon_ff_1.gif
[2012.01.15 16:38:54 | 000,375,527 | ---- | C] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-022.jpg
[2012.01.15 16:34:14 | 000,184,189 | ---- | C] () -- C:\Users\Jibi\Desktop\2012_0-09128-47481-6-02.jpg
[2012.01.14 16:55:04 | 000,017,197 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-6.jpg
[2012.01.14 16:51:14 | 000,021,023 | ---- | C] () -- C:\Users\Jibi\Desktop\b6aedf19.png
[2012.01.14 14:54:42 | 000,055,407 | ---- | C] () -- C:\Users\Jibi\Desktop\garg.jpg
[2012.01.12 19:02:52 | 000,055,668 | ---- | C] () -- C:\Users\Jibi\Desktop\390171_322351221128345_100000604098744_1206995_800891825_n.jpg
[2012.01.12 13:43:11 | 000,355,436 | ---- | C] () -- C:\Users\Jibi\Desktop\titel2.jpg
[2012.01.12 06:49:36 | 000,427,785 | ---- | C] () -- C:\Users\Jibi\Desktop\titel.png
[2012.01.11 14:32:14 | 002,463,812 | ---- | C] () -- C:\Users\Jibi\Desktop\6672912647_d3d278c3bb_o.jpg
[2012.01.09 16:40:36 | 000,100,017 | ---- | C] () -- C:\Users\Jibi\Desktop\tumblr_lxhcbqisZy1r9lx7no1_500.jpg
[2012.01.09 05:59:20 | 000,074,690 | ---- | C] () -- C:\Users\Jibi\Desktop\402629_320686984628999_100000631006834_1031284_1425229460_n.jpg
[2012.01.08 17:18:19 | 000,015,934 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-5.jpg
[2012.01.02 16:26:38 | 003,780,754 | ---- | C] () -- C:\Users\Jibi\Desktop\WWE.MP3
[2012.01.02 16:20:21 | 000,021,714 | ---- | C] () -- C:\Users\Jibi\Desktop\Unbenannt-4.jpg
[2012.01.02 16:12:34 | 000,004,042 | ---- | C] () -- C:\Users\Jibi\Desktop\it-begins.png
[2011.09.06 14:49:27 | 000,007,680 | ---- | C] () -- C:\Users\Jibi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.02 07:48:43 | 000,004,305 | ---- | C] () -- C:\Windows\jqhzvb32.ini
[2011.05.02 07:48:43 | 000,001,442 | ---- | C] () -- C:\Windows\cwhh_h16.ini
[2011.04.29 17:10:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.08 10:17:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.02.08 10:16:35 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.02.08 10:16:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.08 15:06:31 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.11.08 15:06:31 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.11.08 15:06:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.11.08 15:06:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.11.08 15:06:29 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

< End of report >
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: