Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i can not enable antivirus protection [Closed]


  • This topic is locked This topic is locked

#1
ruxandra

ruxandra

    Member

  • Member
  • PipPip
  • 20 posts
I can not enable the antivirus protection. I have the G data Internetsecurity 2013. Everytime I start my computer i get a message that Firewall can not start Error Code 0x80070424. I have downloaded both the registry files Windows firewall - Firewall and Base filtering engine - BFE, i have done permission to everyone by HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE. Now in control Panel and also at the firewall section in Gdata say that is enabled. Until yesterday i couldn't enable it. But i still receive the error when I start the computer. The other problem is that i can not enable the antivirus protection. Everytime I click the enable button, nothing happens. i have done an OTL scan and here is the result:





OTL logfile created on: 10/8/2012 20:48:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rux\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.19% Memory free
6.17 Gb Paging File | 4.52 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 28.76 Gb Free Space | 36.81% Space Free | Partition Type: NTFS
Drive D: | 108.18 Gb Total Space | 70.14 Gb Free Space | 64.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RUX-PC | User Name: Rux | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rux\Downloads\OTL.com (OldTimer Tools)
PRC - C:\Users\Rux\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe ()
PRC - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dlbccoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe ()
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (dlbc_device) -- C:\Windows\System32\dlbccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (rwrwaxnd) -- C:\Program Files\Common Files\Microsoft Shared\rwrwaxnd.dll File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (PCTBD) -- C:\Windows\System32\drivers\PCTBD.sys (PC Tools)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (adusbser) -- C:\Windows\System32\drivers\adusbser.sys (QUALCOMM Incorporated)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8A-27F1ABBBFFD1
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-78E4F39F7BC3}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{2F99AC55-281F-4C3F-8455-0964E3569A57}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/19 23:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 00:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 19:16:45 | 000,000,000 | ---D | M]

[2012/05/06 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Extensions
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions
[2012/08/30 20:50:49 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/02/20 11:30:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\[email protected]
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
[2010/06/27 23:27:25 | 000,002,384 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\askcom.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\Search_Results.xml
[2012/10/08 06:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/08 06:10:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012/08/12 08:44:30 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/03/17 21:18:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/11 00:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/28 18:55:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/31 18:38:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 18:38:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Rux\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/09/02 12:17:00 | 000,001,692 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [Ehewniru] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [ehTray.exe] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized File not found
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD70C58-F99C-4269-9AA0-411D7A51AF1C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21c052e7-e242-11de-9257-ea1163804fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{21c052e7-e242-11de-9257-ea1163804fd7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\AutoRun\command - "" = hni.cmd
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\explore\Command - "" = hni.cmd
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\open\Command - "" = hni.cmd
O33 - MountPoints2\{4fc79bdd-1528-11e1-a393-cf6076231f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4fc79bdd-1528-11e1-a393-cf6076231f4a}\Shell\AutoRun\command - "" = F:\setup.exe /autorun
O33 - MountPoints2\{7f1d2503-d8b2-11e0-9038-9c72073efa11}\Shell - "" = AutoRun
O33 - MountPoints2\{7f1d2503-d8b2-11e0-9038-9c72073efa11}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\AutoRun\command - "" = system32/rundll.exe
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\explore\command - "" = system32/rundll.exe
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\open\command - "" = system32/rundll.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\AutoRun\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\explore\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\open\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = explorer.exe Start.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2012/10/08 06:10:28 | 001,836,568 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.scr
[2012/10/08 06:10:28 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/10/07 23:21:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/07 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\DriverCure
[2012/10/07 22:55:59 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\SpeedyPC Software
[2012/10/07 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/07 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2012/10/04 17:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 17:08:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/04 17:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\fahrradtour
[2012/09/06 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Regim
[2012/09/05 20:11:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Tarantino Collection
[2012/09/02 12:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012/09/02 12:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/09/02 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/09/02 11:43:34 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Burg Vischering
[2012/08/30 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\New Folder
[2012/08/18 21:59:19 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Drensteinfurt
[2012/08/16 11:01:22 | 000,000,000 | ---D | C] -- C:\tmpDownload
[2012/08/13 08:48:49 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Ruxandra
[2012/08/12 15:33:58 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\G DATA
[2012/08/12 10:03:49 | 000,030,256 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2012/08/12 08:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012/08/12 08:44:24 | 000,045,944 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2012/08/12 08:44:23 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012/08/12 08:44:21 | 000,053,664 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012/08/11 18:00:47 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012/08/11 17:59:55 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2012/08/11 17:47:26 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Downloaded Installations
[2012/07/20 10:25:53 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Lebenslauf Stefan
[2012/07/20 09:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/07/20 09:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/19 23:37:13 | 000,070,768 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/07/19 23:37:12 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/19 23:37:12 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/19 23:37:12 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/19 08:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Threat Expert
[2012/07/19 07:16:10 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Malwarebytes
[2012/07/19 07:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/18 21:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/07/18 21:08:17 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/07/18 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/18 21:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/18 21:07:57 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\TestApp
[2012/07/18 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/18 20:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61000112BF0053707FC2E33D86
[2012/07/18 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Epeg
[2012/07/18 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Cotu
[2012/06/01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/01 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/10 19:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/10 19:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/30 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/29 21:24:32 | 000,000,000 | ---D | C] -- C:\USERS\RUX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SopCast
[2012/04/29 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2012/04/29 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\skin
[2012/04/29 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\languages
[2012/04/29 21:12:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\codec
[2012/04/29 21:12:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\adv
[2012/03/01 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Casa Lahr
[2012/02/24 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\JustVoip
[2012/02/23 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Babylon
[2012/02/23 22:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/02/23 22:08:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/02/23 15:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
[2012/02/23 15:10:34 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Netscape
[2012/02/23 15:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex
[2012/02/23 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Photodex
[2012/02/23 14:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2012/02/23 14:09:50 | 000,000,000 | ---D | C] -- C:\Users\Rux\Documents\SMP
[2012/02/02 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Yahoo!
[2011/12/26 21:09:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/26 17:24:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/26 17:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/17 15:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/14 21:07:31 | 000,000,000 | ---D | C] -- C:\Users\Rux\resuscitare
[2011/11/27 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Rux\doctorat
[2011/11/14 15:47:33 | 000,000,000 | ---D | C] -- C:\USERS\RUX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\IrfanView
[2011/11/14 15:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/11/14 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\IrfanView
[2011/11/06 10:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/10/28 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\PrimoPDF
[2011/10/28 12:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011/10/26 18:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/10/21 12:34:50 | 000,000,000 | R--D | C] -- C:\Users\Rux\Documents\Scanned Documents
[2011/10/21 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\Rux\Documents\Fax
[2009/12/06 14:52:44 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/10/08 21:01:04 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9DBD632-500B-4C93-8C4B-977756834674}.job
[2012/10/08 20:55:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/08 20:25:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Rux-Startup.job
[2012/10/08 20:25:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 20:24:50 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/08 20:24:50 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/08 20:24:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:24:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:24:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 20:24:39 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 20:22:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/08 17:10:55 | 000,819,056 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012/10/08 17:10:55 | 000,044,736 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012/10/08 06:11:06 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012/10/08 06:10:34 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012/10/08 06:10:34 | 000,045,944 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2012/10/08 06:10:34 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012/10/08 06:10:29 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012/10/05 06:47:49 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 06:47:49 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/04 17:09:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 14:47:24 | 000,010,792 | ---- | M] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/09/11 21:01:38 | 003,792,763 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:58:02 | 004,402,551 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:51:16 | 004,440,972 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:42:09 | 001,015,713 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:38:01 | 000,700,664 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:21:38 | 000,569,181 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:22 | 000,771,193 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:18:00 | 000,613,099 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:39 | 000,768,243 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 20:04:57 | 004,832,553 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2544.JPG
[2012/09/09 15:42:52 | 003,031,908 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2471.JPG
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 06:34:46 | 002,195,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/02 14:28:21 | 000,003,584 | ---- | M] () -- C:\Users\Rux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/02 13:57:27 | 003,673,710 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2279.JPG
[2012/09/02 13:04:02 | 005,696,432 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2373.JPG
[2012/09/02 13:02:28 | 004,825,795 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2426.JPG
[2012/09/02 12:49:34 | 004,791,311 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2397.JPG
[2012/09/02 12:34:54 | 004,204,361 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2366.JPG
[2012/09/02 12:34:02 | 005,520,932 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2365.JPG
[2012/08/21 16:30:27 | 004,971,499 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2159.JPG
[2012/08/12 20:02:33 | 277,343,645 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 10:03:49 | 000,030,256 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2012/08/12 08:41:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/11 19:59:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2012/08/11 19:59:31 | 000,002,268 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/07/20 09:27:21 | 001,942,839 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/19 08:29:15 | 000,003,836 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/06/14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/06/14 12:31:22 | 002,267,096 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/14 12:31:22 | 001,681,368 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/14 12:31:22 | 000,149,464 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/14 12:31:00 | 000,767,960 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012/06/14 11:03:42 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012/06/14 11:03:42 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012/06/14 11:03:42 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012/06/14 11:03:42 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[2012/05/25 05:37:24 | 001,836,568 | ---- | M] (G Data Software AG) -- C:\Windows\System32\GdScrSv.scr
[2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/04/29 21:12:44 | 000,075,938 | ---- | M] () -- C:\Windows\System32\Uninstall-TvPlugin-5.4
[2012/02/24 00:06:43 | 229,884,344 | ---- | M] () -- C:\Users\Rux\Desktop\ProShow Slideshow.avi
[2012/02/23 22:26:41 | 000,000,474 | ---- | M] () -- C:\user.js
[2012/02/23 15:10:39 | 000,001,902 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2012/02/23 15:10:39 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\ProShow Gold.lnk
[2012/02/22 19:21:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/02/11 19:16:09 | 040,918,773 | ---- | M] () -- C:\Users\Rux\Desktop\Snow Feldberg.wmv
[2012/02/07 18:00:25 | 000,274,277 | ---- | M] () -- C:\Users\Rux\Documents\2.JPG
[2012/01/31 05:59:04 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/26 21:07:55 | 000,000,870 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 21:03:49 | 000,000,943 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 09:44:11 | 000,100,446 | ---- | M] () -- C:\Users\Rux\Documents\cc_20120111_084401.reg
[2011/11/30 21:57:53 | 001,023,604 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0912.jpg
[2011/11/30 21:55:28 | 000,739,378 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0906.jpg
[2011/11/30 21:55:04 | 001,115,643 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0502.jpg
[2011/11/22 19:09:42 | 000,017,408 | ---- | M] () -- C:\Users\Rux\AppData\Local\WebpageIcons.db
[2011/11/14 15:47:33 | 000,000,807 | ---- | M] () -- C:\Users\Rux\Desktop\IrfanView.lnk
[2011/11/06 10:57:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/05 06:46:06 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/10/04 18:34:02 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/10/04 18:33:47 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/04 17:09:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 21:00:56 | 003,792,763 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:36:46 | 004,402,551 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:36:45 | 000,700,664 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:35:51 | 004,440,972 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:35:50 | 001,015,713 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:35:49 | 003,031,908 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2471.JPG
[2012/09/11 20:21:36 | 000,569,181 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:21 | 000,771,193 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:17:59 | 000,613,099 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:16 | 000,768,243 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 19:54:58 | 004,832,553 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2544.JPG
[2012/09/02 13:43:21 | 003,673,710 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2279.JPG
[2012/09/02 13:25:06 | 005,520,932 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2365.JPG
[2012/09/02 13:04:24 | 005,696,432 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2373.JPG
[2012/09/02 13:04:24 | 004,825,795 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2426.JPG
[2012/09/02 13:04:24 | 004,791,311 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2397.JPG
[2012/09/02 13:04:24 | 004,204,361 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2366.JPG
[2012/09/02 12:08:55 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012/09/02 12:08:02 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012/09/02 12:07:35 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012/09/02 12:05:25 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012/09/02 12:02:50 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2012/09/02 12:02:06 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012/08/21 16:26:22 | 004,971,499 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2159.JPG
[2012/08/12 20:02:02 | 277,343,645 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/12 11:57:13 | 000,819,056 | ---- | C] () -- C:\Windows\System32\sig.bin
[2012/08/12 11:57:13 | 000,044,736 | ---- | C] () -- C:\Windows\System32\nmp.map
[2012/08/11 19:59:31 | 000,002,268 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/08/11 19:59:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2012/08/02 21:14:51 | 000,003,584 | ---- | C] () -- C:\Users\Rux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 09:26:57 | 001,942,839 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/19 23:37:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/19 23:37:12 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/19 23:37:12 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/19 23:37:12 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/19 23:37:12 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/07/19 08:29:15 | 000,003,836 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/04/29 21:12:42 | 000,075,938 | ---- | C] () -- C:\Windows\System32\Uninstall-TvPlugin-5.4
[2012/02/23 23:36:59 | 229,884,344 | ---- | C] () -- C:\Users\Rux\Desktop\ProShow Slideshow.avi
[2012/02/23 22:26:34 | 000,000,474 | ---- | C] () -- C:\user.js
[2012/02/23 15:10:39 | 000,001,902 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2012/02/23 15:10:39 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\ProShow Gold.lnk
[2012/02/22 19:16:45 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/02/11 19:09:46 | 040,918,773 | ---- | C] () -- C:\Users\Rux\Desktop\Snow Feldberg.wmv
[2012/02/07 18:00:12 | 000,274,277 | ---- | C] () -- C:\Users\Rux\Documents\2.JPG
[2012/01/26 21:07:55 | 000,000,870 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 21:03:49 | 000,000,943 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 09:44:07 | 000,100,446 | ---- | C] () -- C:\Users\Rux\Documents\cc_20120111_084401.reg
[2011/11/30 21:57:43 | 001,023,604 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0912.jpg
[2011/11/30 21:55:21 | 000,739,378 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0906.jpg
[2011/11/30 21:54:53 | 001,115,643 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0502.jpg
[2011/11/22 19:09:39 | 000,017,408 | ---- | C] () -- C:\Users\Rux\AppData\Local\WebpageIcons.db
[2011/11/14 15:47:33 | 000,000,807 | ---- | C] () -- C:\Users\Rux\Desktop\IrfanView.lnk
[2011/10/28 12:17:12 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/06/24 14:09:38 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/24 14:09:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/06/24 14:09:35 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/24 14:09:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/24 14:09:35 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/24 17:58:15 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 23:11:56 | 000,000,251 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/11 06:46:38 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE

========== ZeroAccess Check ==========

[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\l.xml
[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\n.xml
[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\u.xml
[2006/11/02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 14:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 06:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/27 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ApexDC++
[2009/11/17 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Autodesk
[2011/06/24 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\BSplayer
[2008/06/21 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\BSplayer Pro
[2008/07/11 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw MINDMAP
[2008/07/11 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw MindMap 6
[2008/07/11 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw Project 5
[2012/07/18 20:37:20 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Cotu
[2008/07/11 16:47:53 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\CSOdessa
[2011/04/07 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DNA
[2012/10/07 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DriverCure
[2012/07/19 08:14:33 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Epeg
[2011/06/21 20:19:04 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\FreeBurner
[2011/08/21 00:26:35 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Garden Planner
[2011/06/24 13:16:09 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ImgBurn
[2011/11/14 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\IrfanView
[2008/06/20 20:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\iSilo
[2012/02/24 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\JustVoip
[2008/07/11 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\LGSync
[2012/02/23 15:10:34 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Netscape
[2010/06/28 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\OpenOffice.org
[2009/12/17 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Opera
[2011/02/20 11:19:08 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\PCDr
[2012/02/23 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Photodex
[2011/10/28 12:51:20 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\PrimoPDF
[2012/10/07 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\SpeedyPC Software
[2012/07/18 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\TestApp
[2010/03/17 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Thinstall
[2009/12/06 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Vodafone

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

I hope that you can help me.

Thank you in advance
  • 0

Advertisements


#2
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
i forgot to tell you that i have done also a scan with malwarebytes anti-malware but now he has not something found....

maybe has someone an idea what can i make....
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I would like a diffferent look with OTL first, there will only be one log this time

  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you very much for your reply. I have done the OTL check as you said to me. I think that I have to tell you that all my problems have started sience i moved in germany- one year ago, because in this time i succeded to infect my computer 3 times with "Budespolizei virus".

here is the OTL.txt file...the extras file is not ready yet:



OTL logfile created on: 10/9/2012 20:55:26 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Rux\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 44.91% Memory free
6.17 Gb Paging File | 4.48 Gb Available in Paging File | 72.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 28.19 Gb Free Space | 36.08% Space Free | Partition Type: NTFS
Drive D: | 108.18 Gb Total Space | 70.14 Gb Free Space | 64.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RUX-PC | User Name: Rux | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 20:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Rux\Downloads\OTL.exe
PRC - [2012/09/17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012/09/11 20:03:12 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2012/09/11 00:56:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/30 05:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2012/08/23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/06/04 11:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2012/03/29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012/02/23 15:10:22 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2012/01/27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012/01/27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/11 00:56:10 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/08/05 10:34:34 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/11 00:56:10 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/02 12:00:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/30 05:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012/08/23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/04 11:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2012/03/29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/02/23 15:10:22 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/01/27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2009/08/24 14:47:07 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/11 17:26:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | System | Unknown] -- C:\Program Files\Common Files\Microsoft Shared\rwrwaxnd.dll -- (rwrwaxnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/08 21:09:58 | 000,053,112 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012/10/08 06:10:34 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012/10/08 06:10:34 | 000,045,944 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012/10/08 06:10:34 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/10/08 06:10:29 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/12 10:03:49 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012/06/14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/08/02 16:19:28 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/08/02 16:19:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/08/02 16:19:24 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/08/02 16:19:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2009/08/03 04:48:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/16 15:27:13 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2008/06/02 05:44:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2007/10/10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/20 05:58:26 | 000,097,920 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2006/11/21 03:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/20 13:34:16 | 000,037,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2005/12/22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8A-27F1ABBBFFD1
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-78E4F39F7BC3}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{2F99AC55-281F-4C3F-8455-0964E3569A57}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/19 23:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 00:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 19:16:45 | 000,000,000 | ---D | M]

[2012/05/06 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Extensions
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions
[2012/08/30 20:50:49 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/02/20 11:30:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\[email protected]
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
[2010/06/27 23:27:25 | 000,002,384 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\askcom.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\Search_Results.xml
[2012/10/08 06:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/08 06:10:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012/08/12 08:44:30 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/03/17 21:18:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/11 00:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/28 18:55:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/31 18:38:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 18:38:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Rux\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/09/02 12:17:00 | 000,001,692 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [Ehewniru] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [ehTray.exe] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized File not found
O4 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD70C58-F99C-4269-9AA0-411D7A51AF1C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21c052e7-e242-11de-9257-ea1163804fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{21c052e7-e242-11de-9257-ea1163804fd7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\AutoRun\command - "" = hni.cmd
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\explore\Command - "" = hni.cmd
O33 - MountPoints2\{238f1340-a838-11dd-9a67-93735652b166}\Shell\open\Command - "" = hni.cmd
O33 - MountPoints2\{4fc79bdd-1528-11e1-a393-cf6076231f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{4fc79bdd-1528-11e1-a393-cf6076231f4a}\Shell\AutoRun\command - "" = F:\setup.exe /autorun
O33 - MountPoints2\{7f1d2503-d8b2-11e0-9038-9c72073efa11}\Shell - "" = AutoRun
O33 - MountPoints2\{7f1d2503-d8b2-11e0-9038-9c72073efa11}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\AutoRun\command - "" = system32/rundll.exe
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\explore\command - "" = system32/rundll.exe
O33 - MountPoints2\{8d04cf13-ba94-11de-b6de-b698a2e0dbc6}\Shell\open\command - "" = system32/rundll.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\AutoRun\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\explore\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\{db820478-d594-11de-82b1-fdafffb5bd3b}\Shell\open\command - "" = F:\GODINA/cure.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = explorer.exe Start.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 360 Days ==========

[2012/10/08 06:10:28 | 001,836,568 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.scr
[2012/10/08 06:10:28 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/10/07 23:21:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/07 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\DriverCure
[2012/10/07 22:55:59 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\SpeedyPC Software
[2012/10/07 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/07 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2012/10/04 17:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 17:08:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/04 17:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\fahrradtour
[2012/09/06 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Regim
[2012/09/05 20:11:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Tarantino Collection
[2012/09/02 12:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012/09/02 12:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/09/02 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/09/02 11:43:34 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Burg Vischering
[2012/08/30 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\New Folder
[2012/08/18 21:59:19 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Drensteinfurt
[2012/08/16 11:01:22 | 000,000,000 | ---D | C] -- C:\tmpDownload
[2012/08/13 08:48:49 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Ruxandra
[2012/08/12 15:33:58 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\G DATA
[2012/08/12 10:03:49 | 000,030,256 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2012/08/12 08:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012/08/12 08:44:24 | 000,045,944 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2012/08/12 08:44:23 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012/08/12 08:44:21 | 000,053,664 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012/08/11 18:00:47 | 000,053,112 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012/08/11 17:59:55 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2012/08/11 17:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2012/08/11 17:47:26 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Downloaded Installations
[2012/07/20 10:25:53 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Lebenslauf Stefan
[2012/07/20 09:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/07/20 09:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/19 23:37:13 | 000,070,768 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/07/19 23:37:12 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/19 23:37:12 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/19 23:37:12 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/19 08:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/19 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Threat Expert
[2012/07/19 07:16:10 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Malwarebytes
[2012/07/19 07:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/18 21:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/07/18 21:08:17 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/07/18 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/18 21:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/18 21:07:57 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\TestApp
[2012/07/18 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/18 20:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61000112BF0053707FC2E33D86
[2012/07/18 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Epeg
[2012/07/18 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Cotu
[2012/06/01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/01 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/10 19:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/10 19:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/30 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/29 21:24:32 | 000,000,000 | ---D | C] -- C:\USERS\RUX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SopCast
[2012/04/29 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2012/04/29 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\skin
[2012/04/29 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\languages
[2012/04/29 21:12:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\codec
[2012/04/29 21:12:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\adv
[2012/03/01 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\Casa Lahr
[2012/02/24 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\JustVoip
[2012/02/23 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\Babylon
[2012/02/23 22:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/02/23 22:08:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/02/23 15:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
[2012/02/23 15:10:34 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Netscape
[2012/02/23 15:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex
[2012/02/23 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Photodex
[2012/02/23 14:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2012/02/23 14:09:50 | 000,000,000 | ---D | C] -- C:\Users\Rux\Documents\SMP
[2012/02/02 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\Yahoo!
[2011/12/26 21:09:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/26 17:24:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/26 17:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/17 15:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/14 21:07:31 | 000,000,000 | ---D | C] -- C:\Users\Rux\resuscitare
[2011/11/27 15:53:38 | 000,000,000 | ---D | C] -- C:\Users\Rux\doctorat
[2011/11/14 15:47:33 | 000,000,000 | ---D | C] -- C:\USERS\RUX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\IrfanView
[2011/11/14 15:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/11/14 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\IrfanView
[2011/11/06 10:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/10/28 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\PrimoPDF
[2011/10/28 12:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011/10/26 18:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/10/21 12:34:50 | 000,000,000 | R--D | C] -- C:\Users\Rux\Documents\Scanned Documents
[2011/10/21 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\Rux\Documents\Fax
[2009/12/06 14:52:44 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/10/09 21:20:37 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9DBD632-500B-4C93-8C4B-977756834674}.job
[2012/10/09 20:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 20:48:52 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 20:48:52 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 18:53:51 | 000,819,677 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012/10/09 18:53:51 | 000,044,756 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012/10/09 18:49:17 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/09 18:49:17 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/09 18:48:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 07:09:11 | 001,737,407 | ---- | M] () -- C:\Users\Rux\Desktop\DSC_7751.JPG
[2012/10/09 07:08:25 | 001,482,275 | ---- | M] () -- C:\Users\Rux\Desktop\DSC_7806.JPG
[2012/10/09 06:55:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 21:09:58 | 000,053,112 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012/10/08 20:25:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Rux-Startup.job
[2012/10/08 20:24:39 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 20:22:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/08 06:10:34 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012/10/08 06:10:34 | 000,045,944 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2012/10/08 06:10:34 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012/10/08 06:10:29 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012/10/05 06:47:49 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 06:47:49 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/04 17:09:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 14:47:24 | 000,010,792 | ---- | M] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/09/11 21:01:38 | 003,792,763 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:58:02 | 004,402,551 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:51:16 | 004,440,972 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:42:09 | 001,015,713 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:38:01 | 000,700,664 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:21:38 | 000,569,181 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:22 | 000,771,193 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:18:00 | 000,613,099 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:39 | 000,768,243 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 20:04:57 | 004,832,553 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2544.JPG
[2012/09/09 15:42:52 | 003,031,908 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2471.JPG
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 06:34:46 | 002,195,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/02 14:28:21 | 000,003,584 | ---- | M] () -- C:\Users\Rux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/02 13:57:27 | 003,673,710 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2279.JPG
[2012/09/02 13:04:02 | 005,696,432 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2373.JPG
[2012/09/02 13:02:28 | 004,825,795 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2426.JPG
[2012/09/02 12:49:34 | 004,791,311 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2397.JPG
[2012/09/02 12:34:54 | 004,204,361 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2366.JPG
[2012/09/02 12:34:02 | 005,520,932 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2365.JPG
[2012/08/21 16:30:27 | 004,971,499 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2159.JPG
[2012/08/12 20:02:33 | 277,343,645 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 10:03:49 | 000,030,256 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2012/08/12 08:41:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/11 19:59:35 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2012/08/11 19:59:31 | 000,002,268 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/07/20 09:27:21 | 001,942,839 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/19 08:29:15 | 000,003,836 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/06/14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/06/14 12:31:22 | 002,267,096 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/14 12:31:22 | 001,681,368 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/14 12:31:22 | 000,149,464 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/14 12:31:00 | 000,767,960 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012/06/14 11:03:42 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012/06/14 11:03:42 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012/06/14 11:03:42 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012/06/14 11:03:42 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[2012/05/25 05:37:24 | 001,836,568 | ---- | M] (G Data Software AG) -- C:\Windows\System32\GdScrSv.scr
[2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/04/29 21:12:44 | 000,075,938 | ---- | M] () -- C:\Windows\System32\Uninstall-TvPlugin-5.4
[2012/02/24 00:06:43 | 229,884,344 | ---- | M] () -- C:\Users\Rux\Desktop\ProShow Slideshow.avi
[2012/02/23 22:26:41 | 000,000,474 | ---- | M] () -- C:\user.js
[2012/02/23 15:10:39 | 000,001,902 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2012/02/23 15:10:39 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\ProShow Gold.lnk
[2012/02/22 19:21:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/02/11 19:16:09 | 040,918,773 | ---- | M] () -- C:\Users\Rux\Desktop\Snow Feldberg.wmv
[2012/02/07 18:00:25 | 000,274,277 | ---- | M] () -- C:\Users\Rux\Documents\2.JPG
[2012/01/31 05:59:04 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/26 21:07:55 | 000,000,870 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 21:03:49 | 000,000,943 | ---- | M] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 09:44:11 | 000,100,446 | ---- | M] () -- C:\Users\Rux\Documents\cc_20120111_084401.reg
[2011/11/30 21:57:53 | 001,023,604 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0912.jpg
[2011/11/30 21:55:28 | 000,739,378 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0906.jpg
[2011/11/30 21:55:04 | 001,115,643 | ---- | M] () -- C:\Users\Rux\Documents\IMAG0502.jpg
[2011/11/22 19:09:42 | 000,017,408 | ---- | M] () -- C:\Users\Rux\AppData\Local\WebpageIcons.db
[2011/11/14 15:47:33 | 000,000,807 | ---- | M] () -- C:\Users\Rux\Desktop\IrfanView.lnk
[2011/11/06 10:57:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/09 07:06:47 | 001,737,407 | ---- | C] () -- C:\Users\Rux\Desktop\DSC_7751.JPG
[2012/10/09 07:03:41 | 001,482,275 | ---- | C] () -- C:\Users\Rux\Desktop\DSC_7806.JPG
[2012/10/05 06:46:06 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/10/04 18:34:02 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/10/04 18:33:47 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/04 17:09:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 21:00:56 | 003,792,763 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:36:46 | 004,402,551 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:36:45 | 000,700,664 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:35:51 | 004,440,972 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:35:50 | 001,015,713 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:35:49 | 003,031,908 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2471.JPG
[2012/09/11 20:21:36 | 000,569,181 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:21 | 000,771,193 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:17:59 | 000,613,099 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:16 | 000,768,243 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 19:54:58 | 004,832,553 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2544.JPG
[2012/09/02 13:43:21 | 003,673,710 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2279.JPG
[2012/09/02 13:25:06 | 005,520,932 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2365.JPG
[2012/09/02 13:04:24 | 005,696,432 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2373.JPG
[2012/09/02 13:04:24 | 004,825,795 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2426.JPG
[2012/09/02 13:04:24 | 004,791,311 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2397.JPG
[2012/09/02 13:04:24 | 004,204,361 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2366.JPG
[2012/09/02 12:08:55 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012/09/02 12:08:02 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012/09/02 12:07:35 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012/09/02 12:05:25 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012/09/02 12:02:50 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2012/09/02 12:02:06 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012/08/21 16:26:22 | 004,971,499 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2159.JPG
[2012/08/12 20:02:02 | 277,343,645 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/12 11:57:13 | 000,819,677 | ---- | C] () -- C:\Windows\System32\sig.bin
[2012/08/12 11:57:13 | 000,044,756 | ---- | C] () -- C:\Windows\System32\nmp.map
[2012/08/11 19:59:31 | 000,002,268 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/08/11 19:59:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2012/08/02 21:14:51 | 000,003,584 | ---- | C] () -- C:\Users\Rux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 09:26:57 | 001,942,839 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/19 23:37:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/19 23:37:12 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/19 23:37:12 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/19 23:37:12 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/19 23:37:12 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/07/19 08:29:15 | 000,003,836 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/04/29 21:12:42 | 000,075,938 | ---- | C] () -- C:\Windows\System32\Uninstall-TvPlugin-5.4
[2012/02/23 23:36:59 | 229,884,344 | ---- | C] () -- C:\Users\Rux\Desktop\ProShow Slideshow.avi
[2012/02/23 22:26:34 | 000,000,474 | ---- | C] () -- C:\user.js
[2012/02/23 15:10:39 | 000,001,902 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2012/02/23 15:10:39 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\ProShow Gold.lnk
[2012/02/22 19:16:45 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/02/11 19:09:46 | 040,918,773 | ---- | C] () -- C:\Users\Rux\Desktop\Snow Feldberg.wmv
[2012/02/07 18:00:12 | 000,274,277 | ---- | C] () -- C:\Users\Rux\Documents\2.JPG
[2012/01/26 21:07:55 | 000,000,870 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/26 21:07:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 21:03:49 | 000,000,943 | ---- | C] () -- C:\Users\Rux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/11 09:44:07 | 000,100,446 | ---- | C] () -- C:\Users\Rux\Documents\cc_20120111_084401.reg
[2011/11/30 21:57:43 | 001,023,604 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0912.jpg
[2011/11/30 21:55:21 | 000,739,378 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0906.jpg
[2011/11/30 21:54:53 | 001,115,643 | ---- | C] () -- C:\Users\Rux\Documents\IMAG0502.jpg
[2011/11/22 19:09:39 | 000,017,408 | ---- | C] () -- C:\Users\Rux\AppData\Local\WebpageIcons.db
[2011/11/14 15:47:33 | 000,000,807 | ---- | C] () -- C:\Users\Rux\Desktop\IrfanView.lnk
[2011/10/28 12:17:12 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/06/24 14:09:38 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/24 14:09:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/06/24 14:09:35 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/24 14:09:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/24 14:09:35 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/24 17:58:15 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 23:11:56 | 000,000,251 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/11 06:46:38 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE

========== ZeroAccess Check ==========

[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\l.xml
[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\n.xml
[2010/05/24 07:08:18 | 000,000,064 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3576319258-3730388377-3009755145-1000\$R3C0WVT\Data\u.xml
[2006/11/02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 14:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 06:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 11:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 11:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2006/11/02 11:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2007/09/12 20:21:10 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2006/11/02 11:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/06/15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008/04/19 10:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2006/11/02 11:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2006/11/02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/03/03 06:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2007/09/12 20:20:12 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/06/20 19:51:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006/11/02 11:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 11:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2007/09/12 20:19:33 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/06/19 05:25:22 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2006/11/02 11:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2006/11/02 11:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2006/11/02 11:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2006/11/02 11:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2006/11/02 11:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006/11/02 11:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/06/20 20:14:48 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006/11/02 11:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006/11/02 14:32:28 | 000,560,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 11:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2006/11/02 11:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/03/03 06:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2006/11/02 11:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2006/11/02 14:33:02 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006/11/02 11:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006/11/02 11:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2007/07/11 17:30:33 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2008/06/20 20:14:48 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2006/11/02 11:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006/11/02 11:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2006/11/02 11:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2006/11/02 11:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2006/11/02 11:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006/11/02 11:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2006/11/02 14:33:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2007/07/11 17:26:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 11:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2007/07/11 17:30:05 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006/11/02 14:32:34 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2006/11/02 11:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006/11/02 11:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/08/07 04:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2006/11/02 11:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 21:32:59 | 000,502,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 14:16:11 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/06/20 19:56:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/06/20 19:56:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2008/09/19 19:02:42 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=088EB52906C5C50C41F09668B0EE5512 -- C:\Windows\System32\ro-RO\services.exe.mui
[2008/09/19 19:02:42 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=088EB52906C5C50C41F09668B0EE5512 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_ro-ro_ae7f51437b9455c4\services.exe.mui
[2006/11/02 14:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 14:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2011/03/17 21:14:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=16B97328203A9C79EA6A8AF28FA33CF6 -- C:\Windows\System32\lt-LT\services.exe.mui
[2011/03/17 21:14:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=16B97328203A9C79EA6A8AF28FA33CF6 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_lt-lt_ddcbd607cae8af00\services.exe.mui

< MD5 for: SERVICES.LNK >
[2006/11/02 14:52:39 | 000,001,688 | ---- | M] () MD5=FCDB193E85408D9C5EDBCFCBFABFD677 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2006/11/02 14:52:39 | 000,001,688 | ---- | M] () MD5=FCDB193E85408D9C5EDBCFCBFABFD677 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 14:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 14:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.PNG >
[2011/10/06 02:23:28 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.RDB >
[2010/05/20 23:34:38 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/20 23:28:42 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.ZIP >
[2012/07/08 05:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Users\Public\Desktop\CC Support\Tools\ServicesRepair\Temp\Services.zip

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 09:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 09:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 09:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I now have a handle on this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | System | Unknown] -- C:\Program Files\Common Files\Microsoft Shared\rwrwaxnd.dll -- (rwrwaxnd)
IE - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-78E4F39F7BC3}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3576319258-3730388377-3009755145-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

AND FINALLY

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • 0

#6
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
thank you...meanwile...before i read your new post...i have started another OTL scan...but i still don't know why i still don't have the extras file...
  • 0

#7
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
this is the run fix report:

All processes killed
========== OTL ==========
Error: No service named rwrwaxnd was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rwrwaxnd deleted successfully.
File C:\Program Files\Common Files\Microsoft Shared\rwrwaxnd.dll not found.
Registry key HKEY_USERS\S-1-5-21-3576319258-3730388377-3009755145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3576319258-3730388377-3009755145-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3576319258-3730388377-3009755145-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rux
->Temp folder emptied: 5086921 bytes
->Temporary Internet Files folder emptied: 25033541 bytes
->Java cache emptied: 48645121 bytes
->FireFox cache emptied: 799799374 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 80682 bytes
->Flash cache emptied: 63422 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 797220067 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17915990 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 742 bytes
RecycleBin emptied: 4879485935 bytes

Total Files Cleaned = 6,269.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10092012_221536

Files\Folders moved on Reboot...
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF7D7.tmp not found!
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF810.tmp not found!
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF847.tmp not found!
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF892.tmp not found!
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF8C1.tmp not found!
File\Folder C:\Users\Rux\AppData\Local\Temp\~DF953.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Now i can see that gdata antivirus is enabled :) Thank you very much!
Now i'm going to do the Roguekiller step too :)
  • 0

#8
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
this is the Combofix report... Even though i have disabled the antivirus i received notifications from it.


ComboFix 12-10-09.01 - Rux 10/09/2012 22:38:44.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3069.2088 [GMT 2:00]
Running from: c:\users\Rux\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Isilo
c:\program files\Isilo\iSilo\ISWSetup.exe
c:\programdata\SEC15AD.tmp
c:\programdata\SEC480F.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Uninstall-TvPlugin-5.4
.
Infected copy of c:\windows\System32\printfilterpipelinesvc.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\printfilterpipelinesvc.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 20:44 . 2012-10-09 20:47 -------- d-----w- c:\users\Rux\AppData\Local\temp
2012-10-09 20:44 . 2012-10-09 20:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-09 20:44 . 2012-10-09 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 20:15 . 2012-10-09 20:15 -------- d-----w- C:\_OTL
2012-10-08 04:10 . 2012-09-25 12:47 10792 ----a-w- c:\windows\system32\GdScrSv.en.dll
2012-10-08 04:10 . 2012-05-25 03:37 1836568 ----a-w- c:\windows\system32\GdScrSv.scr
2012-10-08 04:10 . 2012-08-10 03:21 51224 ----a-w- c:\program files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2012-10-07 20:56 . 2012-10-07 20:56 -------- d-----w- c:\users\Rux\AppData\Roaming\DriverCure
2012-10-07 20:55 . 2012-10-07 20:55 -------- d-----w- c:\users\Rux\AppData\Roaming\SpeedyPC Software
2012-10-07 20:55 . 2012-10-07 21:25 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-07 20:36 . 2012-10-07 20:36 -------- d-----w- c:\program files\BitLocker
2012-10-04 15:08 . 2012-10-04 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-04 15:08 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:09 . 2012-08-11 16:00 53112 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-10-08 04:10 . 2012-08-12 06:44 45944 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-10-08 04:10 . 2012-08-12 06:44 41888 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-10-08 04:10 . 2012-08-11 15:59 93728 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-10-08 04:10 . 2012-08-12 06:44 53664 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2012-08-12 08:03 . 2012-08-12 08:03 30256 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-08-11 17:59 . 2012-08-11 17:59 2268 ----a-w- C:\FixitRegBackup.reg
2009-12-06 12:52 . 2009-12-06 12:52 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2001-05-24 11:59 . 2009-03-11 04:46 162304 ----a-w- c:\program files\UNWISE.EXE
2012-09-10 22:56 . 2012-01-26 19:07 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"ehTray.exe"="explorer.exe" [2008-10-29 2923520]
"Ehewniru"="explorer.exe" [2008-10-29 2923520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Rux^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Rux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4600 Scan2PC]
2009-09-10 14:36 1968640 ----a-w- c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:08 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-06-02 03:44 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:34 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 15:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 04:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-16 08:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 08:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 14:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-08-14 09:22 614400 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-06-20 17:52 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3576319258-3730388377-3009755145-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 13:53]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 13:53]
.
2012-10-09 c:\windows\Tasks\User_Feed_Synchronization-{A9DBD632-500B-4C93-8C4B-977756834674}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.ro
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-JustVoip - c:\program files\JustVoip.com\JustVoip\JustVoip.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-Microsoft Firewall 2 - c:\users\Rux\AppData\Roaming\WMPRWISE.EXE
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 22:47
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4916)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\G Data\GDScan\GDScan.exe
c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe
c:\program files\G Data\InternetSecurity\AVK\AVKService.exe
c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\windows\system32\dlbccoms.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Photodex\ProShow Gold\ScsiAccess.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\STacSV.exe
c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-10-09 22:54:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-09 20:54
.
Pre-Run: 35,791,994,880 bytes free
Post-Run: 35,444,822,016 bytes free
.
- - End Of File - - E8F61C1607C4C0992256F80F57F18BAA




this is the combofix-quarantine file:




2012-10-09 20:53:07 . 2012-10-09 20:53:07 514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SopCast Tv Plugin 5.4 Setup.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Windows Mobile Device Center.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 954 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Search Protection.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-msnmsgr.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 934 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Microsoft Firewall 2.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 984 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DellSupportCenter.reg.dat
2012-10-09 20:52:59 . 2012-10-09 20:52:59 944 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DAEMON Tools Lite.reg.dat
2012-10-09 20:52:58 . 2012-10-09 20:52:58 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BitTorrent.reg.dat
2012-10-09 20:52:52 . 2012-10-09 20:52:52 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-JustVoip.reg.dat
2012-10-09 20:52:52 . 2012-10-09 20:52:52 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527}.reg.dat
2012-10-09 20:52:52 . 2012-10-09 20:52:52 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-10-09 20:52:51 . 2012-10-09 20:52:51 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-10-09 20:52:50 . 2012-10-09 20:52:50 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}.reg.dat
2012-10-09 20:52:50 . 2012-10-09 20:52:50 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.reg.dat
2012-10-09 20:42:23 . 2012-10-09 20:42:23 8,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-10-09 20:37:31 . 2012-10-09 20:38:44 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-29 19:12:42 . 2012-04-29 19:12:44 75,938 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Uninstall-TvPlugin-5.4.vir
2011-06-27 11:26:51 . 2011-06-27 11:27:08 32,690,998 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\SEC480F.tmp.vir
2011-06-27 11:24:27 . 2011-06-27 11:24:40 27,379,378 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\SEC15AD.tmp.vir
2009-11-10 23:06:08 . 2009-03-03 02:40:08 654,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\printfilterpipelinesvc.exe.vir
2008-06-22 07:26:10 . 2011-04-04 13:05:45 435 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.ics.vir
2008-06-20 18:53:20 . 2003-10-15 01:00:00 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\iSilo\iSilo\ISWSetup.exe.vir
  • 0

#9
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here is the Roguekiller report, i haven't deleted any files...i didn't now what to do:


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Rux [Admin rights]
Mode : Scan -- Date : 10/09/2012 23:03:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9200420AS ATA Device +++++
--- User ---
[MBR] 9ae67b2bd51ad18de6117cf5f3d3fe11
[BSP] 8d527f0925c429137dfa00addcf14190 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 80000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163842048 | Size: 110780 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#10
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And finally here it is the OTL quick scan report:

OTL logfile created on: 10/9/2012 23:09:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Rux\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.67% Memory free
6.17 Gb Paging File | 4.94 Gb Available in Paging File | 80.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 32.92 Gb Free Space | 42.13% Space Free | Partition Type: NTFS
Drive D: | 108.18 Gb Total Space | 70.14 Gb Free Space | 64.83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RUX-PC | User Name: Rux | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 20:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Rux\Downloads\OTL.exe
PRC - [2012/09/17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012/09/11 00:56:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/30 05:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2012/08/23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/06/04 11:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2012/03/29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012/02/23 15:10:22 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2012/01/27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012/01/27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/11 00:56:10 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/11 00:56:10 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/02 12:00:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/30 05:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012/08/23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/04 11:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2012/03/29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/02/23 15:10:22 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/01/27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2009/08/24 14:47:07 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2007/09/20 13:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/11 17:26:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Rux\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/08 21:09:58 | 000,053,112 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012/10/08 06:10:34 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012/10/08 06:10:34 | 000,045,944 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012/10/08 06:10:34 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/10/08 06:10:29 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/12 10:03:49 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012/06/14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/08/02 16:19:28 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/08/02 16:19:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/08/02 16:19:24 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/08/02 16:19:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2009/08/03 04:48:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/16 15:27:13 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2008/06/02 05:44:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2007/10/10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/20 05:58:26 | 000,097,920 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2006/11/21 03:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/20 13:34:16 | 000,037,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2005/12/22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8A-27F1ABBBFFD1
IE - HKCU\..\SearchScopes\{2F99AC55-281F-4C3F-8455-0964E3569A57}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/19 23:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 00:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 19:16:45 | 000,000,000 | ---D | M]

[2012/05/06 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Extensions
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions
[2012/08/30 20:50:49 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/02/20 11:30:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\[email protected]
[2012/10/03 02:59:03 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
[2010/06/27 23:27:25 | 000,002,384 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\askcom.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Users\Rux\AppData\Roaming\Mozilla\Firefox\Profiles\foerfg0y.default\searchplugins\Search_Results.xml
[2012/10/08 06:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/08 06:10:22 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012/08/12 08:44:30 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/03/17 21:18:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/11 00:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/28 18:55:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/31 18:38:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/29 21:23:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 18:38:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.215\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Rux\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/10/09 22:47:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ehewniru] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD70C58-F99C-4269-9AA0-411D7A51AF1C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rux\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\RK_Quarantine
[2012/10/09 22:47:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/09 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Local\temp
[2012/10/09 22:37:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/09 22:37:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/09 22:37:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/10/09 22:37:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/09 22:37:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/09 22:35:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/09 22:33:21 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\Rux\Desktop\ComboFix.exe
[2012/10/09 22:15:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 06:10:28 | 001,836,568 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.scr
[2012/10/08 06:10:28 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/10/07 23:21:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/07 22:56:00 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\DriverCure
[2012/10/07 22:55:59 | 000,000,000 | ---D | C] -- C:\Users\Rux\AppData\Roaming\SpeedyPC Software
[2012/10/07 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/07 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2012/10/04 17:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 17:08:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/04 17:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Rux\Desktop\fahrradtour
[2009/12/06 14:52:44 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe

========== Files - Modified Within 30 Days ==========

[2012/10/09 23:20:07 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9DBD632-500B-4C93-8C4B-977756834674}.job
[2012/10/09 23:02:19 | 001,422,336 | ---- | M] () -- C:\Users\Rux\Desktop\RogueKiller.exe
[2012/10/09 22:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 22:52:20 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/09 22:52:20 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/09 22:47:52 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/09 22:47:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/09 22:47:31 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/09 22:47:31 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/09 22:47:26 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 22:47:26 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 22:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 22:47:19 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 22:45:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/09 22:32:40 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\Rux\Desktop\ComboFix.exe
[2012/10/09 18:53:51 | 000,819,677 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012/10/09 18:53:51 | 000,044,756 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012/10/09 07:09:11 | 001,737,407 | ---- | M] () -- C:\Users\Rux\Desktop\DSC_7751.JPG
[2012/10/09 07:08:25 | 001,482,275 | ---- | M] () -- C:\Users\Rux\Desktop\DSC_7806.JPG
[2012/10/08 21:09:58 | 000,053,112 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012/10/08 06:10:34 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012/10/08 06:10:34 | 000,045,944 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2012/10/08 06:10:34 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012/10/08 06:10:29 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012/10/04 17:09:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 14:47:24 | 000,010,792 | ---- | M] (G Data Software AG) -- C:\Windows\System32\GdScrSv.en.dll
[2012/09/11 21:01:38 | 003,792,763 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:58:02 | 004,402,551 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:51:16 | 004,440,972 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:42:09 | 001,015,713 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:38:01 | 000,700,664 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:21:38 | 000,569,181 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:22 | 000,771,193 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:18:00 | 000,613,099 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:39 | 000,768,243 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 20:04:57 | 004,832,553 | ---- | M] () -- C:\Users\Rux\Desktop\IMG_2544.JPG

========== Files Created - No Company Name ==========

[2012/10/09 23:02:18 | 001,422,336 | ---- | C] () -- C:\Users\Rux\Desktop\RogueKiller.exe
[2012/10/09 22:37:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/09 22:37:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/09 22:37:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/09 22:37:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/09 22:37:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/09 07:06:47 | 001,737,407 | ---- | C] () -- C:\Users\Rux\Desktop\DSC_7751.JPG
[2012/10/09 07:03:41 | 001,482,275 | ---- | C] () -- C:\Users\Rux\Desktop\DSC_7806.JPG
[2012/10/05 06:46:06 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/10/04 18:34:02 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/10/04 18:33:47 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/04 17:09:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 21:00:56 | 003,792,763 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2505.JPG
[2012/09/11 20:36:46 | 004,402,551 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2476.JPG
[2012/09/11 20:36:45 | 000,700,664 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2489.JPG
[2012/09/11 20:35:51 | 004,440,972 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2468.JPG
[2012/09/11 20:35:50 | 001,015,713 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2464.JPG
[2012/09/11 20:35:49 | 003,031,908 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2471.JPG
[2012/09/11 20:21:36 | 000,569,181 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2520.jpg
[2012/09/11 20:19:21 | 000,771,193 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2518.jpg
[2012/09/11 20:17:59 | 000,613,099 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2517.jpg
[2012/09/11 20:16:16 | 000,768,243 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2519.jpg
[2012/09/11 19:54:58 | 004,832,553 | ---- | C] () -- C:\Users\Rux\Desktop\IMG_2544.JPG
[2012/08/12 11:57:13 | 000,819,677 | ---- | C] () -- C:\Windows\System32\sig.bin
[2012/08/02 21:14:51 | 000,003,584 | ---- | C] () -- C:\Users\Rux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 23:37:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/22 19:09:39 | 000,017,408 | ---- | C] () -- C:\Users\Rux\AppData\Local\WebpageIcons.db
[2011/10/28 12:17:12 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/06/24 14:09:38 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/24 14:09:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/06/24 14:09:35 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/24 14:09:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/24 14:09:35 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/24 17:58:15 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 23:11:56 | 000,000,251 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/11 06:46:38 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE

========== ZeroAccess Check ==========

[2006/11/02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 14:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 06:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/27 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ApexDC++
[2009/11/17 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Autodesk
[2011/06/24 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\BSplayer
[2008/06/21 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\BSplayer Pro
[2008/07/11 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw MINDMAP
[2008/07/11 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw MindMap 6
[2008/07/11 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ConceptDraw Project 5
[2012/07/18 20:37:20 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Cotu
[2008/07/11 16:47:53 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\CSOdessa
[2011/04/07 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DNA
[2012/10/07 22:56:00 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\DriverCure
[2012/07/19 08:14:33 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Epeg
[2011/06/21 20:19:04 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\FreeBurner
[2011/08/21 00:26:35 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Garden Planner
[2011/06/24 13:16:09 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\ImgBurn
[2011/11/14 15:47:23 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\IrfanView
[2008/06/20 20:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\iSilo
[2012/02/24 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\JustVoip
[2008/07/11 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\LGSync
[2012/02/23 15:10:34 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Netscape
[2010/06/28 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\OpenOffice.org
[2009/12/17 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Opera
[2011/02/20 11:19:08 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\PCDr
[2012/02/23 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Photodex
[2011/10/28 12:51:20 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\PrimoPDF
[2012/10/07 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\SpeedyPC Software
[2012/07/18 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\TestApp
[2010/03/17 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Thinstall
[2009/12/06 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Rux\AppData\Roaming\Vodafone

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >




Thank you very much so far :)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No they all look good, how is the computer behaving now ?
  • 0

#12
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Gdata is active...the only problem i can see is that everytime i turn on the computer on the Desktop appear also 2 open windows with my Documents. The other question that i have: what do you think about Gdata, the computer will be protected in future against these Bundespolizei virus?

Manny thanks for your help
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
GData uses the Avast and one other AV engine, but this malware is constantly changing. So all AV's are baically the same

Lets see if I can stop the documents opening

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Ehewniru=-
ehTray.exe=-

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
ruxandra

ruxandra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am back! i've done wat you said, her's the log:
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ehewniru deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rux
->Temp folder emptied: 2803263 bytes
->Temporary Internet Files folder emptied: 632876 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97084587 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2983 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10146454 bytes
RecycleBin emptied: 221832 bytes

Total Files Cleaned = 106.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10122012_183947

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



But now i have 2 problems-questions: consequently to gdata is my computer now very very very slow, sometimes it blocks and also the internet conection stops until i restart?

Thank you
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is Gdata a paid for version ?

If so then download a fresh copy to your desktop
Save the licence file
Download the Gdata removal tool
Disconnect from the internet
From Control Panel > Programs and Features uninstall Gdata
After the reboot run the Gdata removal tool
Reboot
Install the fresh copy of Gdata

Have the documents ceased opening at start ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP