50 € virus

White-Stripe · 31.12.2011, 19:09

Hallo,
ich habe mir ebenfalls den 50€ virus eingefangen, welcher verlangt 50€ zu bezahlen damit alle viren direkt gelöscht werden.
betriebssystem ist windows 7.

ich hab zwei benutzerkonten. das hauptkonto ist gesperrt und darauf kann ich gar nix mehr machen.
auf dem nebenkonto bin ich jetzt unterwegs.
über eine hilfe eurerseits würd ich mich sehr freuen.

danke

cosinus · 02.01.2012, 15:17

Hat das Nebenkonto denn auch Adminrechte? Ohne Adminrechte ist nix mit Analyse oder gar Bereinigung

White-Stripe · 02.01.2012, 23:16

jup da steht Administrator dabei

cosinus · 02.01.2012, 23:19

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

White-Stripe · 06.01.2012, 12:12

hallo,

hier die geforderten logs:
ESET:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4362082d687cf942941b8b9bf94b861a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 02:47:00
# local_time=2012-01-06 03:47:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 460438 62346497 103832 0
# compatibility_mode=5893 16776573 100 94 47036 77440832 0 0
# compatibility_mode=8192 67108863 100 0 3797 3797 0 0
# scanned=313583
# found=35
# cleaned=0
# scan_time=8379
C:\Users\Markus\AppData\Local\Temp\321.exe	a variant of Win32/Kryptik.YLQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\Local\Temp\plugtmp-405\plugin-liti.php	JS/Exploit.Pdfka.OSV.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\Local\Temp\plugtmp-406\plugin-liti.php	JS/Exploit.Pdfka.OSV.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\Local\Temp\plugtmp-408\plugin-liti.php	JS/Exploit.Pdfka.OSV.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\Local\Temp\plugtmp-60\plugin-libtiff-1.pdf	PDF/Exploit.Pidief.PBK.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\Local\Temp\plugtmp-60\plugin-libtiff.pdf	PDF/Exploit.Pidief.PBK.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3060a771-7aa5273c	a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja--southern-baja_v1_m56577569830496005.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja-directory-transport_v1_m56577569830496000.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja-health_v1_m56577569830496001.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja-language_v1_m56577569830496002.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja-los-cabos-planning-information.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Baja_Los_Cabos7th_Edition_August_2007\Baja & Los Cabos7th Edition  August 2007\baja-los-cabos_v1_m56577569830496003.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Guatemala3rd_Edition_September_2007\Guatemala3rd Edition  September 2007\guatemala-language_v1_m56577569830495601.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition  January 2007\central-honduras_v1_m56577569830489916.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition  January 2007\honduras-language_v1_m56577569830489923.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Honduras_the_Bay_Islands1st_Edition_January_2007\Honduras & the Bay Islands1st Edition  January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-food_v1_m56577569830491278.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-introduction-tools.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-social_v1_m56577569830491277.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Mexican_Spanish1st_Edition_October_2003\Mexican Spanish1st Edition  October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition  October 2006\nic-el-directory_v1_m56577569830489993.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition  October 2006\nic-el-health_v1_m56577569830489994.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Nicaragua_El_Salvador1st_Edition_October_2006\Nicaragua & El Salvador1st Edition  October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Panama4th_Edition_November_2007\Panama4th Edition  November 2007\panama-language_v1_m56577569830490020.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-acapulco_v1_m56577569830490072.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-directory_v1_m56577569830490075.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-health_v1_m56577569830490076.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-language_v1_m56577569830490078.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-mazatlan_v1_m56577569830490062.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I
D:\Lonely Planet\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-nayarit_v1_m56577569830490064.pdf	JS/Trackware.ReadNotify.A application (unable to clean)	00000000000000000000000000000000	I

Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.03.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
USERS :: MARKUS-MSI [Administrator]

Schutz: Aktiviert

03.01.2012 13:29:00
mbam-log-2012-01-03 (19-34-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 501169
Laufzeit: 3 Stunde(n), 50 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

 2012/01/03 13:28:24 +0100	MARKUS-MSI	USERS	MESSAGE	Starting protection
2012/01/03 13:28:26 +0100	MARKUS-MSI	USERS	MESSAGE	Protection started successfully
2012/01/03 13:28:29 +0100	MARKUS-MSI	USERS	MESSAGE	Starting IP protection
2012/01/03 13:28:30 +0100	MARKUS-MSI	USERS	MESSAGE	IP Protection started successfully
2012/01/03 13:28:50 +0100	MARKUS-MSI	USERS	MESSAGE	Executing scheduled update:  Daily
2012/01/03 13:28:51 +0100	MARKUS-MSI	USERS	MESSAGE	Database already up-to-date

Code:

ATTFilter

 2012/01/04 13:00:04 +0100	MARKUS-MSI	Markus	MESSAGE	Starting protection
2012/01/04 13:00:07 +0100	MARKUS-MSI	Markus	MESSAGE	Protection started successfully
2012/01/04 13:00:10 +0100	MARKUS-MSI	Markus	MESSAGE	Starting IP protection
2012/01/04 13:00:11 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection started successfully

Code:

ATTFilter

 2012/01/05 13:22:59 +0100	MARKUS-MSI	Markus	MESSAGE	Starting protection
2012/01/05 13:23:02 +0100	MARKUS-MSI	Markus	MESSAGE	Protection started successfully
2012/01/05 13:23:05 +0100	MARKUS-MSI	Markus	MESSAGE	Starting IP protection
2012/01/05 13:23:06 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection started successfully
2012/01/05 13:35:52 +0100	MARKUS-MSI	Markus	MESSAGE	Executing scheduled update:  Daily
2012/01/05 13:36:05 +0100	MARKUS-MSI	Markus	MESSAGE	Starting database refresh
2012/01/05 13:36:05 +0100	MARKUS-MSI	Markus	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.01.03.01 to version v2012.01.05.01
2012/01/05 13:36:05 +0100	MARKUS-MSI	Markus	MESSAGE	Stopping IP protection
2012/01/05 13:37:47 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection stopped
2012/01/05 13:37:49 +0100	MARKUS-MSI	Markus	MESSAGE	Database refreshed successfully
2012/01/05 13:37:49 +0100	MARKUS-MSI	Markus	MESSAGE	Starting IP protection
2012/01/05 13:37:50 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection started successfully
2012/01/05 16:58:58 +0100	MARKUS-MSI	Markus	IP-BLOCK	91.188.34.220 (Type: outgoing, Port: 18225, Process: skype.exe)
2012/01/05 16:58:58 +0100	MARKUS-MSI	Markus	IP-BLOCK	91.188.34.220 (Type: outgoing, Port: 18225, Process: skype.exe)
2012/01/05 22:09:40 +0100	MARKUS-MSI	Markus	IP-BLOCK	77.78.233.139 (Type: outgoing, Port: 18225, Process: skype.exe)
2012/01/05 22:09:49 +0100	MARKUS-MSI	Markus	IP-BLOCK	77.78.233.139 (Type: outgoing, Port: 18225, Process: skype.exe)
2012/01/05 22:09:49 +0100	MARKUS-MSI	Markus	IP-BLOCK	77.78.233.139 (Type: outgoing, Port: 18225, Process: skype.exe)

Code:

ATTFilter

 2012/01/06 01:18:40 +0100	MARKUS-MSI	Markus	IP-BLOCK	89.28.91.187 (Type: outgoing, Port: 52712, Process: skype.exe)
2012/01/06 01:18:40 +0100	MARKUS-MSI	Markus	IP-BLOCK	89.28.91.187 (Type: outgoing, Port: 52713, Process: skype.exe)
2012/01/06 01:18:40 +0100	MARKUS-MSI	Markus	IP-BLOCK	89.28.91.187 (Type: outgoing, Port: 52714, Process: skype.exe)
2012/01/06 01:18:40 +0100	MARKUS-MSI	Markus	IP-BLOCK	89.28.91.187 (Type: outgoing, Port: 52715, Process: skype.exe)
2012/01/06 11:55:43 +0100	MARKUS-MSI	Markus	MESSAGE	Executing scheduled update:  Daily
2012/01/06 11:55:52 +0100	MARKUS-MSI	Markus	MESSAGE	Starting database refresh
2012/01/06 11:55:52 +0100	MARKUS-MSI	Markus	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.01.05.01 to version v2012.01.06.02
2012/01/06 11:55:52 +0100	MARKUS-MSI	Markus	MESSAGE	Stopping IP protection
2012/01/06 11:57:35 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection stopped
2012/01/06 11:57:37 +0100	MARKUS-MSI	Markus	MESSAGE	Database refreshed successfully
2012/01/06 11:57:37 +0100	MARKUS-MSI	Markus	MESSAGE	Starting IP protection
2012/01/06 11:57:39 +0100	MARKUS-MSI	Markus	MESSAGE	IP Protection started successfully

White-Stripe · 06.01.2012, 12:14

nachdem malware durchlauf wurde anscheinend der virus gelöscht.
also seitdem kann ich meinen richtigen benutzer wieder nehmen und die "50€-Meldung" ist weg.
Die einzige Auffälligkeit in den letzten tagen war, das mir Malwarebytes eine meldung gab, das ein virus über skype rausgeschickt werden sollte, es aber verhindert wurde?

cosinus · 06.01.2012, 15:00

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

White-Stripe · 06.01.2012, 19:46

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/6/2012 7:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Markus\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 52.91% Memory free
6.00 Gb Paging File | 4.02 Gb Available in Paging File | 67.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.40 Gb Total Space | 9.44 Gb Free Space | 3.45% Space Free | Partition Type: NTFS
Drive D: | 182.26 Gb Total Space | 17.77 Gb Free Space | 9.75% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS-MSI | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/06 19:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/06 04:33:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/03 23:54:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/10 11:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/05 18:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2011/01/05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2010/11/26 15:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/26 15:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/18 09:31:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 10:47:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/08/25 01:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/05/25 17:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2010/05/25 17:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/14 02:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/04/01 19:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/03/18 01:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/26 20:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/08/05 22:28:20 | 002,072,576 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009/07/31 06:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2009/06/08 23:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/06/04 00:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009/03/27 11:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/07/24 20:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/02/02 16:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/12 16:40:05 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/12/10 23:50:03 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 06:13:00 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 06:12:52 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 06:12:35 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2011/10/13 06:12:33 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 06:12:21 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 06:12:10 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/13 06:12:08 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 06:11:29 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 06:11:24 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 06:11:09 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 06:10:32 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/01/05 18:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2011/01/05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.2\MDb.dll
MOD - [2010/06/04 13:20:26 | 000,623,104 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2010/06/04 13:20:26 | 000,237,056 | ---- | M] () -- C:\Program Files\Winamp\System\aacPlusDecoder.w5s
MOD - [2010/06/04 13:20:26 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2010/06/04 13:20:26 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2010/06/04 13:20:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2010/06/04 13:20:26 | 000,086,528 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2010/06/04 13:20:26 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2010/06/04 13:20:26 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2010/06/04 13:20:26 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2010/06/04 13:20:26 | 000,035,840 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2010/06/04 13:20:26 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2010/06/04 13:20:26 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2010/06/04 13:20:26 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2010/06/04 13:20:26 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2010/06/04 13:20:26 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2010/06/04 13:20:26 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2010/06/04 13:20:26 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2010/06/04 13:20:25 | 000,311,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2010/06/04 13:20:25 | 000,288,256 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2010/06/04 13:20:25 | 000,284,160 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2010/06/04 13:20:25 | 000,217,088 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2010/06/04 13:20:25 | 000,212,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2010/06/04 13:20:25 | 000,198,656 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2010/06/04 13:20:25 | 000,162,304 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2010/06/04 13:20:25 | 000,121,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2010/06/04 13:20:25 | 000,115,200 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2010/06/04 13:20:25 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2010/06/04 13:20:25 | 000,107,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2010/06/04 13:20:25 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2010/06/04 13:20:25 | 000,081,920 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2010/06/04 13:20:25 | 000,074,240 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2010/06/04 13:20:25 | 000,074,240 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2010/06/04 13:20:25 | 000,067,072 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2010/06/04 13:20:25 | 000,061,952 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2010/06/04 13:20:25 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2010/06/04 13:20:25 | 000,055,296 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2010/06/04 13:20:25 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2010/06/04 13:20:25 | 000,050,176 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2010/06/04 13:20:25 | 000,048,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2010/06/04 13:20:25 | 000,048,128 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2010/06/04 13:20:25 | 000,044,032 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2010/06/04 13:20:25 | 000,042,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2010/06/04 13:20:25 | 000,033,280 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2010/06/04 13:20:25 | 000,031,232 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2010/06/04 13:20:25 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2010/06/04 13:20:25 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2010/06/04 13:20:25 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2010/06/04 13:20:25 | 000,022,016 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2010/06/04 13:20:25 | 000,020,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2010/06/04 13:20:25 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2010/06/04 13:20:25 | 000,014,848 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2010/06/04 13:20:25 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2010/06/04 13:20:24 | 001,736,704 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2010/06/04 13:20:24 | 000,340,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2010/06/04 13:20:24 | 000,304,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2010/06/04 13:20:24 | 000,252,928 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2010/06/04 13:20:24 | 000,212,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2010/06/04 13:20:24 | 000,076,288 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2010/06/04 13:20:24 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2010/06/04 13:20:24 | 000,053,248 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2010/06/04 13:20:24 | 000,026,624 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2010/06/04 13:20:24 | 000,024,064 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2010/04/01 19:00:17 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2009/11/30 19:30:49 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/11/30 19:30:33 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006/09/14 08:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/06 04:33:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/26 05:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/03 23:54:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/10 11:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/11/26 15:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/09/10 00:38:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 01:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/07/31 06:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/27 11:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/06 04:33:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/06 04:33:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/27 01:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 01:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 01:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/12/28 06:05:06 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/12/07 12:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 12:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/30 03:10:35 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/12 08:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/08/28 20:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/08/05 23:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/05 21:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/29 05:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 20:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/29 03:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\enecir.sys -- (enecir)
DRV - [2009/06/19 18:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009/06/19 18:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 18:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 20:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - [2009/06/09 05:01:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/04 09:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/26 23:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/05/19 14:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\enecirhid.sys -- (enecirhid)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 03:32:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/29 02:00:30 | 000,007,168 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/24 11:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV - [2007/06/28 03:14:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/01/26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/26 00:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2857573&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wizvera.com/npverain: C:\Program Files\Wizvera\Verain\npverain.dll ( )
FF - HKLM\Software\MozillaPlugins\@wizvera.com/npVeraport20: C:\Program Files\Wizvera\Veraport20\npveraport20.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Markus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/26 15:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 11:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/12 16:35:37 | 000,000,000 | ---D | M]
 
[2010/06/04 12:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2012/01/06 16:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions
[2010/06/04 13:19:57 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/04 14:34:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/01/08 22:33:09 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2011/01/08 22:33:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions\engine@conduit.com
[2011/12/19 19:45:21 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vxqhp5b5.default\extensions\toolbar@web.de
[2010/12/30 08:46:14 | 000,000,919 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\vxqhp5b5.default\searchplugins\conduit.xml
[2012/01/05 19:42:27 | 000,001,056 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\vxqhp5b5.default\searchplugins\icqplugin.xml
[2010/06/04 14:34:48 | 000,001,196 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\vxqhp5b5.default\searchplugins\winamp-search.xml
[2011/12/12 16:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/21 23:16:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/12 16:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/12/12 16:35:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/11 06:02:50 | 000,077,824 | ---- | M] (MarkAny) -- C:\Program Files\mozilla firefox\plugins\npMAOnFPS_MultiBrowser.dll
[2010/05/25 17:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/04/01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/04/01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/04/01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/04/01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/11/24 16:33:34 | 000,002,025 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com 
O1 - Hosts: 127.0.0.1 adobeereg.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.de 
O1 - Hosts: 127.0.0.1 practivate.adobe.de 
O1 - Hosts: 13 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Markus\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [iexploer.exe] C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab (WRebw Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19F8B948-D538-46C6-AAFC-1BD72920AAEE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57154972-A759-4472-AB8C-EEB0F95C5DD3}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{856FA1EC-4EF9-466F-A5CB-4D3604B3E2BB}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{900CF834-530D-4A80-A6CC-A67E38FD2401}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A2E40F-61B4-48FA-A384-0976827B827F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10121.dll ((c) INITECH)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26d034b2-adc0-11e0-b190-40618614546d}\Shell - "" = AutoRun
O33 - MountPoints2\{26d034b2-adc0-11e0-b190-40618614546d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{26d034c5-adc0-11e0-b190-40618614546d}\Shell - "" = AutoRun
O33 - MountPoints2\{26d034c5-adc0-11e0-b190-40618614546d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{26d03511-adc0-11e0-b190-40618614546d}\Shell - "" = AutoRun
O33 - MountPoints2\{26d03511-adc0-11e0-b190-40618614546d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5430023d-e546-11df-ae32-40618614546d}\Shell - "" = AutoRun
O33 - MountPoints2\{5430023d-e546-11df-ae32-40618614546d}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{a848ed3d-6fc5-11df-8ac0-40618614546d}\Shell - "" = AutoRun
O33 - MountPoints2\{a848ed3d-6fc5-11df-8ac0-40618614546d}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/06 01:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/05 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2012/01/05 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2012/01/05 16:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2012/01/03 13:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/03 13:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/03 13:27:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/03 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/13 10:33:40 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2011/12/12 16:39:26 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/12/12 16:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/12/12 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/12/12 16:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/12 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/12 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\OpenOffice.org 3.3 (de) Installation Files
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/06 18:57:01 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1970715085-2231616245-3038582136-1000UA.job
[2012/01/06 18:57:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1970715085-2231616245-3038582136-1000Core.job
[2012/01/05 16:57:47 | 000,001,057 | ---- | M] () -- C:\Users\Markus\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2012/01/05 13:28:23 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 13:28:23 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 13:25:39 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/05 13:25:39 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/05 13:25:39 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/05 13:25:39 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/05 13:20:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/05 13:20:31 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 13:27:07 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/30 14:15:36 | 002,215,477 | ---- | M] () -- C:\Users\Public\Documents\DSC02349.JPG
[2011/12/30 14:15:36 | 000,095,734 | ---- | M] () -- C:\Users\Public\Documents\K1600_DSC02349.JPG
[2011/12/15 09:09:27 | 003,717,880 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/14 13:06:38 | 000,017,179 | ---- | M] () -- C:\Users\Markus\Desktop\geschäftsbrief.odt
[2011/12/13 10:34:09 | 000,001,207 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/12 16:39:27 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/05 16:57:47 | 000,001,057 | ---- | C] () -- C:\Users\Markus\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2012/01/03 13:27:07 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/13 11:16:33 | 000,017,179 | ---- | C] () -- C:\Users\Markus\Desktop\geschäftsbrief.odt
[2011/12/13 10:34:09 | 000,001,207 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/12 16:39:27 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/09/06 05:18:00 | 000,065,536 | ---- | C] () -- C:\windows\System32\cosa.dll
[2011/09/06 05:00:01 | 000,034,384 | ---- | C] () -- C:\windows\System32\uninst_MAWS_CITI.exe
[2011/06/08 02:18:10 | 000,604,112 | ---- | C] () -- C:\windows\System32\MAOnFPS_CitiBank.dll
[2011/04/20 01:43:32 | 000,114,688 | ---- | C] () -- C:\windows\System32\MAOnFPS_CallVista.dll
[2011/04/04 07:16:14 | 000,040,384 | ---- | C] () -- C:\windows\System32\drivers\vshook.sys
[2011/03/25 08:45:46 | 000,409,270 | -H-- | C] () -- C:\windows\System32\MaPrintInfoMAWS_CITI.dat
[2010/12/28 06:12:20 | 000,000,000 | ---- | C] () -- C:\windows\HMHud.INI
[2010/12/23 11:42:43 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/14 07:05:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/30 16:13:12 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\wklnhst.dat
[2010/06/04 12:50:39 | 000,097,360 | ---- | C] () -- C:\windows\System32\drivers\Fwusb1b.bin
[2009/11/30 19:31:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/11/30 19:31:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/11/30 19:31:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/11/30 19:31:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/11/30 19:16:05 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 003,717,880 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/02/28 07:35:58 | 000,072,504 | -H-- | C] () -- C:\windows\System32\img01Citi.dat
 
========== LOP Check ==========
 
[2010/11/03 21:59:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\acccore
[2012/01/05 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Audacity
[2011/09/24 22:49:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Hansenet
[2010/12/22 09:10:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HEM Data
[2011/07/25 06:38:44 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HoldemManager
[2012/01/05 13:21:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ
[2011/12/13 10:33:40 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2010/09/10 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Sierra Wireless
[2010/10/27 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TeamViewer
[2012/01/06 18:57:00 | 000,000,910 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1970715085-2231616245-3038582136-1000Core.job
[2012/01/06 18:57:01 | 000,000,932 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1970715085-2231616245-3038582136-1000UA.job
[2011/11/18 17:56:38 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/11/03 21:59:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\acccore
[2011/12/14 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe
[2010/06/04 11:55:07 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ArcSoft
[2012/01/05 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Audacity
[2010/06/15 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avira
[2011/12/15 16:48:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\dvdcss
[2011/09/24 22:49:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Hansenet
[2010/12/22 09:10:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HEM Data
[2011/07/25 06:38:44 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HoldemManager
[2012/01/05 13:21:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ
[2010/06/04 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Identities
[2010/06/04 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2012/01/05 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2009/11/30 19:15:33 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Media Center Programs
[2011/10/26 14:54:15 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2010/06/04 12:55:32 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla
[2011/01/08 22:50:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla-Cache
[2011/12/13 10:33:40 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2010/09/10 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Sierra Wireless
[2012/01/06 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Skype
[2011/07/03 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\skypePM
[2011/04/09 04:50:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Sony Corporation
[2010/10/27 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TeamViewer
[2011/12/12 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\vlc
[2010/06/04 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2011/11/12 12:12:20 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011/10/26 14:54:15 | 000,010,134 | R--- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---
[/code]

cosinus · 06.01.2012, 20:01

Zitat:

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com

Sry aber illegale Software wird hier in keinster Weise unterstützt!

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

02.01.2012, 15:17	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	50 € virus Hat das Nebenkonto denn auch Adminrechte? Ohne Adminrechte ist nix mit Analyse oder gar Bereinigung __________________ __________________

50 € virus

Plagegeister aller Art und deren Bekämpfung: 50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

50 € virus

Ähnliche Themen: 50 € virus

31.12.2011, 19:09	#1
White-Stripe	50 € virus Hallo, ich habe mir ebenfalls den 50€ virus eingefangen, welcher verlangt 50€ zu bezahlen damit alle viren direkt gelöscht werden. betriebssystem ist windows 7. ich hab zwei benutzerkonten. das hauptkonto ist gesperrt und darauf kann ich gar nix mehr machen. auf dem nebenkonto bin ich jetzt unterwegs. über eine hilfe eurerseits würd ich mich sehr freuen. danke

02.01.2012, 23:16	#3
White-Stripe	50 € virus jup da steht Administrator dabei __________________

06.01.2012, 12:14	#6
White-Stripe	50 € virus nachdem malware durchlauf wurde anscheinend der virus gelöscht. also seitdem kann ich meinen richtigen benutzer wieder nehmen und die "50€-Meldung" ist weg. Die einzige Auffälligkeit in den letzten tagen war, das mir Malwarebytes eine meldung gab, das ein virus über skype rausgeschickt werden sollte, es aber verhindert wurde?