|
Plagegeister aller Art und deren Bekämpfung: Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.07.2012, 01:18 | #1 |
| Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ Guten Tag, habe mir den "Trojan.Dropper.BCMiner" laut Malwarebytes eingefangen. Leider habe ich ihn voreilig in Malwarebytes schon gelöscht. Ich hoffe es kann mir jemand weiterhelfen, wie ich weiter vorgehen soll, denn ich benötige den PC auch beruflich. Hier die OTL.txt und im Anhang die gezippte Extras.txt: OTL logfile created on: 13.07.2012 01:05:35 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jan\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,82% Memory free 7,99 Gb Paging File | 6,63 Gb Available in Paging File | 83,03% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,18 Gb Total Space | 2,08 Gb Free Space | 0,47% Space Free | Partition Type: NTFS Drive F: | 9,76 Gb Total Space | 0,02 Gb Free Space | 0,16% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 65,73 Mb Free Space | 65,73% Space Free | Partition Type: NTFS Drive H: | 1862,04 Gb Total Space | 1351,75 Gb Free Space | 72,60% Space Free | Partition Type: NTFS Drive I: | 59,45 Gb Total Space | 56,00 Gb Free Space | 94,20% Space Free | Partition Type: exFAT Drive J: | 8,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDRE-NOTEBOOK | User Name: André | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.13 01:00:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe PRC - [2012.07.13 01:00:51 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Downloads\Defogger.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2012.07.13 01:00:51 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Downloads\Defogger.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.16 16:44:36 | 000,036,160 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.07.12 20:52:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.13 21:31:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2012.04.12 16:09:28 | 000,760,320 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2011.09.16 16:51:20 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.01 06:42:12 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.08.07 21:22:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Disabled | Stopped] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.10.02 19:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009.08.28 16:22:38 | 000,221,184 | ---- | M] (Droppix) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Droppix\DxService.exe -- (Droppix Service) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS) SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011.07.19 13:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.28 10:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.03.28 10:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.03.28 10:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.04 17:59:00 | 000,046,080 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2xxUSB76.sys -- (C2xxUSB) DRV:64bit: - [2010.09.30 23:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.08.17 01:10:22 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.08.09 12:06:34 | 000,049,920 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2XXCOM76.sys -- (C2XXCOM) DRV:64bit: - [2010.06.10 16:15:00 | 000,009,216 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2xSTR76.sys -- (C2xxUsbStorage) DRV:64bit: - [2010.06.10 01:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.10.03 09:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.08.29 20:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.08.29 20:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.08.18 13:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.02 13:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.06.30 18:46:22 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.08 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.07.24 13:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2012.01.11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/27 02:08:02] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.11.29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.12.15 12:28:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/10/09 22:50:45] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100611180846045&tb_oid=11-06-2010&tb_mrud=11-06-2010 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100611180846045&tb_oid=11-06-2010&tb_mrud=11-06-2010 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE382 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE382&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9F8D8A63-A854-472D-8052-FCA2FB816B9E}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.01.24 03:28:52 | 000,000,000 | ---D | M] FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.01.24 03:28:52 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2012.07.07 15:44:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\extensions\firejump@firejump.net [2012.05.04 22:55:56 | 000,000,000 | ---D | M] [2010.10.13 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.05.30 20:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions [2012.04.05 02:33:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.02.21 06:13:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.05 18:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.05 02:34:32 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011.12.15 02:05:31 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\ffxtlbr@Facemoods.com [2012.05.04 22:55:56 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\firejump@firejump.net [2010.11.05 19:35:56 | 000,000,000 | ---D | M] ("Spam Fire") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\spamfire@robertnyman.com [2012.01.05 22:02:33 | 000,000,933 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\11-suche.xml [2011.01.18 03:40:37 | 000,000,570 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\bing.xml [2012.01.05 22:02:33 | 000,002,419 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\englische-ergebnisse.xml [2012.01.05 22:02:33 | 000,010,525 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\gmx-suche.xml [2012.07.12 18:37:57 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-1.xml [2011.09.09 18:57:01 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-10.xml [2011.09.16 15:15:16 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-11.xml [2011.10.19 16:30:52 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-12.xml [2011.11.09 04:13:15 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-13.xml [2012.01.19 00:11:06 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-14.xml [2012.03.14 00:50:28 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-15.xml [2012.04.05 18:44:29 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-16.xml [2012.04.29 23:21:33 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-17.xml [2011.06.25 11:10:21 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-2.xml [2011.07.12 14:07:53 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-3.xml [2011.07.13 21:46:26 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-4.xml [2011.07.18 19:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-5.xml [2011.08.18 18:49:03 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-6.xml [2011.08.20 12:51:09 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-7.xml [2011.09.07 18:32:20 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-8.xml [2011.09.09 18:46:07 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-9.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.src [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.xml [2012.01.05 22:02:33 | 000,002,457 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\lastminute.xml [2012.01.05 22:02:33 | 000,005,508 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\webde-suche.xml [2011.12.15 02:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.12.28 04:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.04 21:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.04 17:04:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.12 02:15:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.14 18:05:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.05.30 20:59:16 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2011.10.17 01:55:32 | 000,372,140 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI [2011.09.26 19:23:40 | 000,626,986 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI [2011.04.02 02:26:07 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2011.09.26 19:23:40 | 000,105,020 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI [2012.05.02 01:53:32 | 000,158,974 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI [2012.03.24 23:25:58 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012.04.19 01:45:42 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.08.30 22:59:02 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2010.06.11 20:08:32 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml [2011.12.15 02:05:33 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\ CHR - Extension: Facemoods = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\ O1 HOSTS File: ([2011.10.12 00:02:04 | 000,004,469 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 2o7.net O1 - Hosts: 127.0.0.1 doublecklick.net O1 - Hosts: 127.0.0.1 google-analytics.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 95 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (TweakMASTER Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files (x86)\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM () O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM () O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E42C238-B354-41C0-B36C-D26D093B567F}: DhcpNameServer = 10.129.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5920EE1C-C107-4A03-B3FB-1724011F53CF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5920EE1C-C107-4A03-B3FB-1724011F53CF}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF544B2A-10C1-4AA5-864D-65D0F66F744B}: NameServer = 156.154.70.25,156.154.71.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.12.22 21:49:22 | 001,073,156 | ---- | M] () - I:\autoexec.bin -- [ exFAT ] O32 - AutoRun File - [2010.10.28 10:39:04 | 000,000,078 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3aa0ad11-b42e-11df-9280-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{3aa0ad11-b42e-11df-9280-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{41f04fe7-0779-11e0-a230-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{41f04fe7-0779-11e0-a230-00262d854067}\Shell\AutoRun\command - "" = I:\MI.exe O33 - MountPoints2\{541a47d5-efa1-11e0-8e6a-9598d5abe68e}\Shell - "" = AutoRun O33 - MountPoints2\{541a47d5-efa1-11e0-8e6a-9598d5abe68e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.html O33 - MountPoints2\{6a8277ea-9fbb-11df-9a6a-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{6a8277ea-9fbb-11df-9a6a-00262d854067}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{6a8277ee-9fbb-11df-9a6a-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{6a8277ee-9fbb-11df-9a6a-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90baaa9e-a23f-11df-b9f9-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{90baaa9e-a23f-11df-b9f9-00262d854067}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{90baaaa1-a23f-11df-b9f9-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{90baaaa1-a23f-11df-b9f9-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b04b1ec2-a9e2-11df-a20a-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{b04b1ec2-a9e2-11df-a20a-00262d854067}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bea2cbca-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{bea2cbca-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{bea2cbcd-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{bea2cbcd-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{bea2cbd1-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{bea2cbd1-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bea2cbd5-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{bea2cbd5-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ebfa83ac-9fe9-11df-83a3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ebfa83ac-9fe9-11df-83a3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ebfa83c3-9fe9-11df-83a3-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{ebfa83c3-9fe9-11df-83a3-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2a59657-4751-11e0-950f-00262d854067}\Shell - "" = AutoRun O33 - MountPoints2\{f2a59657-4751-11e0-950f-00262d854067}\Shell\AutoRun\command - "" = H:\AutoInstaller.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 01:03:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\trojaner_files [2012.07.12 20:37:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.07.12 18:47:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.07.12 16:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup [2012.07.12 15:22:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\.thumb [2012.07.12 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler [2012.07.12 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDStyler [2012.07.10 20:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\GMap.NET [2012.07.10 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APM Planner [2012.07.10 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\APM Planner [2012.07.10 06:28:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\the kooks_web [2012.07.10 05:52:05 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Kooks Konzert Posthalle 09.07.12-print [2012.07.10 05:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Kooks Konzert Posthalle 09.07.12 [2012.07.10 03:56:44 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\brauhaus 09.07.12 [2012.07.08 05:15:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zaubi 07.07.12 [2012.07.08 04:57:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weinfest eibelstadt 07.07.12 [2012.07.07 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe [2012.07.07 19:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.07.07 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe [2012.07.07 15:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.07.07 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.07.07 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.07.07 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.07.07 15:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.07.07 03:20:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\kiliani 06.07.12 [2012.07.06 14:03:19 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingut_stein [2012.07.06 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\haribo 05.07.12 [2012.07.06 01:44:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\moser abi ball [2012.07.05 04:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingutstein 040712web [2012.07.05 04:13:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingut am stein 04.07.12 [2012.07.04 17:48:53 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.07.04 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{29BFADB7-50C6-47BC-B673-8A67A4B1B71C} [2012.07.04 16:50:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{FDB3CADA-9870-4C68-BE6E-B29C115BF994} [2012.07.04 01:05:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\abiball stativ [2012.07.03 22:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 30.06.12 [2012.07.03 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Brauhaus 02.07.12 [2012.07.02 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung2_2 [2012.07.02 01:44:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung2 [2012.07.02 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung [2012.07.01 06:05:30 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zauberberg 30.06.12 [2012.07.01 05:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\outdoor 30.06.12 [2012.06.29 06:55:31 | 000,000,000 | ---D | C] -- C:\sd [2012.06.29 03:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\em 28.06.12 [2012.06.28 16:06:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\ursulinen 28.06.12 [2012.06.28 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe-BackupByPhotoshopCS5Portable [2012.06.27 03:13:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe-BackupByPhotoshopCS5Portable [2012.06.26 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\red bull racing can 25.06.12 [2012.06.25 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink [2012.06.25 21:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless [2012.06.25 21:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver [2012.06.25 21:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.06.25 21:10:58 | 002,056,192 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll [2012.06.25 21:10:58 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll [2012.06.25 21:10:58 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll [2012.06.25 21:10:58 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll [2012.06.25 21:10:58 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll [2012.06.25 21:10:57 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll [2012.06.25 21:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink [2012.06.25 21:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\InstallShield [2012.06.24 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\phildieb [2012.06.24 06:13:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 23.06.12 [2012.06.23 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zaubi 22.06.12 [2012.06.23 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 22.06.12 [2012.06.22 03:12:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\uud 21.06.12 [2012.06.22 02:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{4E84473D-784D-4424-BEED-54F9C90ADD86} [2012.06.22 02:20:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{AB430FF1-FED8-461E-8434-69847E59A55C} [2012.06.20 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{7E1C8FE9-C360-4A46-A630-34234E2C982B} [2012.06.20 00:05:33 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{05481EBB-D93A-4F8A-8A8A-A0A5B4949725} [2012.06.19 05:40:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\brauhaus 18.06.12 [2012.06.18 21:23:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Shooting Scarlett [2012.06.18 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\em 17.04.12 [2012.06.18 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\randersacker 17.02.12 [2012.06.17 05:58:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zauberberg 16.06.12 [2012.06.16 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\einbein 15.06.12 [2012.06.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\odeon 15.06.12 [2012.06.14 03:03:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Posthalle Fankurve 13.06.12 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.13 01:23:24 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job [2012.07.13 01:03:42 | 000,065,848 | ---- | M] () -- C:\Users\Jan\Desktop\trojaner.htm [2012.07.13 01:02:18 | 000,000,000 | ---- | M] () -- C:\Users\Jan\defogger_reenable [2012.07.13 01:00:10 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job [2012.07.13 01:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job [2012.07.13 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 00:49:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 00:49:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 00:38:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.13 00:38:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.13 00:37:07 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2012.07.13 00:34:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 19:29:41 | 000,000,031 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mbam.context.scan [2012.07.12 19:23:33 | 000,002,728 | ---- | M] () -- C:\Users\Jan\Documents\DVD Architect Studio registrieren.htm [2012.07.12 19:20:54 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\DVD Architect Studio 5.0.lnk [2012.07.12 19:16:08 | 000,030,280 | ---- | M] () -- C:\Users\Jan\Desktop\396660_334528939964014_1687567269_n.jpg [2012.07.12 18:49:48 | 000,002,728 | ---- | M] () -- C:\Users\Jan\Documents\DVD Architect Pro registrieren.htm [2012.07.12 17:56:20 | 000,001,974 | ---- | M] () -- C:\Users\Jan\Desktop\DVD Architect Pro 5.0.lnk [2012.07.12 17:07:11 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 16:04:06 | 000,048,505 | ---- | M] () -- C:\Users\Jan\Desktop\600024_10151028374990769_319057127_n.jpg [2012.07.12 15:21:38 | 000,001,081 | ---- | M] () -- C:\Users\Jan\Desktop\DVDStyler.lnk [2012.07.12 14:10:39 | 000,012,856 | ---- | M] () -- C:\Users\Jan\Documents\easyct.ini [2012.07.12 14:10:23 | 000,034,961 | ---- | M] () -- C:\Users\Jan\Documents\Jahr2012.eca [2012.07.12 00:10:02 | 001,881,808 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_12072012_000933.png [2012.07.11 22:53:44 | 005,067,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 21:23:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job [2012.07.11 21:07:53 | 000,347,669 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_11072012_210652.png [2012.07.11 20:33:52 | 000,100,562 | ---- | M] () -- C:\Users\Jan\Desktop\live (1).jpg [2012.07.11 20:30:11 | 000,122,855 | ---- | M] () -- C:\Users\Jan\Desktop\552542_443756838989471_1311366834_n.jpg [2012.07.11 19:27:56 | 000,048,020 | ---- | M] () -- C:\Users\Jan\Desktop\527873_495330790483655_1778004771_n.jpg [2012.07.11 19:21:27 | 000,024,163 | ---- | M] () -- C:\Users\Jan\Desktop\TheHobbit_320x480_mobile-wallpaper.jpg [2012.07.11 17:41:27 | 000,037,377 | ---- | M] () -- C:\Users\Jan\Desktop\8866530486900046_IxgsXGwy_f.jpg [2012.07.10 20:53:27 | 000,054,908 | ---- | M] () -- C:\Users\Jan\Desktop\293802_441919932505018_607248145_n.jpg [2012.07.10 16:30:57 | 000,072,181 | ---- | M] () -- C:\Users\Jan\Desktop\391321_441123819261895_1500593594_n.jpg [2012.07.10 03:39:03 | 000,079,046 | ---- | M] () -- C:\Users\Jan\Desktop\417727_441544632542548_1456269016_n.jpg [2012.07.09 19:08:59 | 000,051,073 | ---- | M] () -- C:\Users\Jan\Desktop\486177_441511875879157_430364828_n.jpg [2012.07.09 18:42:36 | 000,716,564 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02042012_201631.png [2012.07.09 16:02:59 | 000,026,545 | ---- | M] () -- C:\Users\Jan\Desktop\fbd8ad035a4560a1aa5cd6a66aa87a08.jpg [2012.07.09 14:44:49 | 000,219,527 | ---- | M] () -- C:\Users\Jan\Desktop\avm_fritzbox_wlan_3270-v6.jpg [2012.07.09 04:59:58 | 000,494,457 | ---- | M] () -- C:\Users\Jan\Desktop\Clipboard01.jpg [2012.07.09 02:09:39 | 000,427,068 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_09072012_020918.png [2012.07.08 23:46:25 | 000,092,494 | ---- | M] () -- C:\Users\Jan\Desktop\396944_410403992344833_351460604_n.jpg [2012.07.07 20:00:30 | 003,576,636 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731_3.jpg [2012.07.07 19:49:01 | 003,590,230 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731_2.jpg [2012.07.07 19:41:37 | 003,515,153 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731.jpg [2012.07.07 18:41:47 | 000,001,096 | ---- | M] () -- C:\Users\Jan\Desktop\Ashampoo WinOptimizer 6.lnk [2012.07.07 15:56:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.07 03:39:05 | 001,181,365 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_2808.jpg [2012.07.07 02:31:44 | 001,201,595 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_07072012_023109.png [2012.07.07 02:06:33 | 000,039,210 | ---- | M] () -- C:\Users\Jan\Desktop\8084_10150922148443176_1409767915_n.jpg [2012.07.06 15:24:54 | 000,071,302 | ---- | M] () -- C:\Users\Jan\Desktop\579629_3666562228509_591003334_n.jpg [2012.07.06 15:21:41 | 000,356,181 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_06072012_152121.png [2012.07.06 13:59:03 | 000,068,888 | ---- | M] () -- C:\Users\Jan\Desktop\483293_10151071363130664_1460663421_n.jpg [2012.07.06 12:18:30 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job [2012.07.05 14:41:28 | 000,060,530 | ---- | M] () -- C:\Users\Jan\Desktop\550513_10150971121317250_624631558_n.jpg [2012.07.05 11:25:17 | 000,090,150 | ---- | M] () -- C:\Users\Jan\Desktop\309349_10150943442884821_1921945662_n.jpg [2012.07.05 10:57:00 | 000,414,892 | ---- | M] () -- C:\Users\Jan\Desktop\10.jpg [2012.07.05 02:29:46 | 000,265,659 | ---- | M] () -- C:\Users\Jan\Desktop\marspic_1024.jpg [2012.07.05 02:22:33 | 000,804,220 | ---- | M] () -- C:\Users\Jan\Desktop\Cratere_Bonneville_sur_Mars_vu_par_le_rover_Spirit.jpg [2012.07.04 15:34:48 | 000,555,405 | ---- | M] () -- C:\Users\Jan\Desktop\07.jpg [2012.07.04 04:57:05 | 000,040,205 | ---- | M] () -- C:\Users\Jan\Desktop\380680_4098551419305_1359789862_n.jpg [2012.07.04 04:56:18 | 000,024,896 | ---- | M] () -- C:\Users\Jan\Desktop\524247_4216004041902_219905661_n.jpg [2012.07.04 04:41:06 | 000,050,532 | ---- | M] () -- C:\Users\Jan\Desktop\Gong Rechnung Juni 2012.pdf [2012.07.04 01:33:42 | 000,037,728 | ---- | M] () -- C:\Users\Jan\Desktop\311531_350126945023774_619333422_n.jpg [2012.07.04 01:15:03 | 000,050,047 | ---- | M] () -- C:\Users\Jan\Desktop\baerlauch.jpg [2012.07.04 00:05:39 | 000,043,690 | ---- | M] () -- C:\Users\Jan\Desktop\Mars_1.jpg [2012.07.03 16:19:54 | 000,084,349 | ---- | M] () -- C:\Users\Jan\Desktop\581976_455878877764731_66146524_n.jpg [2012.07.03 16:19:17 | 000,041,272 | ---- | M] () -- C:\Users\Jan\Desktop\zujg.jpg [2012.07.03 15:47:37 | 000,027,674 | ---- | M] () -- C:\Users\Jan\Desktop\527894_449684868390009_319062588_n.jpg [2012.07.03 15:46:27 | 000,054,341 | ---- | M] () -- C:\Users\Jan\Desktop\557829_361127947294457_2092409336_n.jpg [2012.07.03 15:45:06 | 000,063,706 | ---- | M] () -- C:\Users\Jan\Desktop\600102_438665499497128_401874923_n.jpg [2012.07.03 15:40:48 | 000,070,330 | ---- | M] () -- C:\Users\Jan\Desktop\399174_363860620345926_532984886_n.jpg [2012.07.03 15:33:23 | 000,025,417 | ---- | M] () -- C:\Users\Jan\Desktop\528442_442013489152401_846630949_n.jpg [2012.07.03 15:32:32 | 000,030,054 | ---- | M] () -- C:\Users\Jan\Desktop\182540_331679326911910_1776086151_n.jpg [2012.07.03 15:31:19 | 000,021,962 | ---- | M] () -- C:\Users\Jan\Desktop\293274_467110876635473_1451069661_n.jpg [2012.07.03 15:28:08 | 000,034,180 | ---- | M] () -- C:\Users\Jan\Desktop\u.jpg [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 03:35:32 | 000,058,613 | ---- | M] () -- C:\Users\Jan\Desktop\376875_466463636700198_723921992_n.jpg [2012.07.02 02:52:09 | 000,588,555 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_025002.png [2012.07.02 01:20:19 | 000,167,907 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_012000.png [2012.07.02 00:12:52 | 000,216,525 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_001225.png [2012.07.01 19:06:18 | 000,168,910 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_01072012_190555.png [2012.06.29 01:43:57 | 000,543,885 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_29062012_014333.png [2012.06.29 01:19:43 | 000,412,016 | ---- | M] () -- C:\Users\Jan\Desktop\MVI_2202.mp3 [2012.06.28 18:25:17 | 000,506,585 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_28062012_182502.png [2012.06.28 18:20:45 | 000,248,763 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_28062012_182020.png [2012.06.28 18:11:41 | 000,238,984 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_0306.jpg [2012.06.28 03:17:27 | 001,633,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.28 03:17:27 | 000,704,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.28 03:17:27 | 000,658,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.28 03:17:27 | 000,151,910 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.28 03:17:27 | 000,124,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.27 23:19:07 | 000,253,241 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_27062012_231354.png [2012.06.27 22:14:25 | 000,219,689 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_27062012_221335.png [2012.06.26 16:14:01 | 000,416,382 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_161342.png [2012.06.26 16:11:46 | 000,415,864 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_161132.png [2012.06.26 15:36:57 | 000,485,921 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_153622.png [2012.06.26 01:21:50 | 000,153,019 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_012121.png [2012.06.26 00:54:57 | 000,225,466 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_005147.png [2012.06.26 00:54:27 | 000,225,280 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_005211.png [2012.06.25 19:27:31 | 000,692,860 | ---- | M] () -- C:\Users\Jan\Desktop\18.jpg [2012.06.24 23:25:29 | 000,397,968 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_24062012_232328.png [2012.06.24 16:55:06 | 000,022,874 | ---- | M] () -- C:\Users\Jan\Desktop\600697_286971414734082_1596480150_n.jpg [2012.06.24 16:53:31 | 000,153,376 | ---- | M] () -- C:\Users\Jan\Desktop\533397_383436081720107_1702884464_n.jpg [2012.06.24 15:29:00 | 000,043,860 | ---- | M] () -- C:\Users\Jan\Desktop\379104_289961341044811_1350045290_n.jpg [2012.06.24 15:26:12 | 000,084,051 | ---- | M] () -- C:\Users\Jan\Desktop\309507_291573407550271_426832357_n.jpg [2012.06.24 15:25:58 | 000,044,185 | ---- | M] () -- C:\Users\Jan\Desktop\374190_295424550498490_575297564_n.jpg [2012.06.24 15:25:40 | 000,159,980 | ---- | M] () -- C:\Users\Jan\Desktop\373859_300416319999313_1441714320_n.jpg [2012.06.24 15:25:21 | 000,110,068 | ---- | M] () -- C:\Users\Jan\Desktop\380165_320725134635098_1718565664_n.jpg [2012.06.24 15:25:04 | 000,027,231 | ---- | M] () -- C:\Users\Jan\Desktop\405513_327211960653082_582236530_n.jpg [2012.06.24 15:24:06 | 000,040,992 | ---- | M] () -- C:\Users\Jan\Desktop\431001_356492914391653_1886625402_n.jpg [2012.06.24 15:23:13 | 000,040,317 | ---- | M] () -- C:\Users\Jan\Desktop\485144_367968976577380_619537276_n.jpg [2012.06.24 15:22:53 | 000,142,854 | ---- | M] () -- C:\Users\Jan\Desktop\538864_372755956098682_422651986_n.jpg [2012.06.24 15:22:37 | 000,035,348 | ---- | M] () -- C:\Users\Jan\Desktop\319851_384024908305120_41244667_n.jpg [2012.06.24 15:21:41 | 000,093,357 | ---- | M] () -- C:\Users\Jan\Desktop\549289_412175318823412_1311443225_n.jpg [2012.06.24 15:21:22 | 000,145,425 | ---- | M] () -- C:\Users\Jan\Desktop\545514_411113625596248_57626409_n.jpg [2012.06.24 15:21:00 | 000,052,220 | ---- | M] () -- C:\Users\Jan\Desktop\578180_417952271579050_1176525883_n.jpg [2012.06.24 15:20:00 | 000,142,037 | ---- | M] () -- C:\Users\Jan\Desktop\292102_416053071768970_1762247089_n.jpg [2012.06.24 15:17:52 | 000,048,061 | ---- | M] () -- C:\Users\Jan\Desktop\540672_425409314166679_1109603287_n.jpg [2012.06.24 15:17:20 | 000,116,225 | ---- | M] () -- C:\Users\Jan\Desktop\600130_426293297411614_1054108455_n.jpg [2012.06.24 15:15:33 | 000,030,400 | ---- | M] () -- C:\Users\Jan\Desktop\479720_429007057140238_1551756514_n.jpg [2012.06.24 15:15:24 | 000,033,748 | ---- | M] () -- C:\Users\Jan\Desktop\599708_429446447096299_1729669172_n.jpg [2012.06.24 15:15:04 | 000,067,102 | ---- | M] () -- C:\Users\Jan\Desktop\208968_429513030422974_1871102937_n.jpg [2012.06.24 15:14:46 | 000,046,913 | ---- | M] () -- C:\Users\Jan\Desktop\480062_430067133700897_1319664948_n.jpg [2012.06.24 15:13:51 | 000,072,533 | ---- | M] () -- C:\Users\Jan\Desktop\532886_431111920263085_1310207881_n.jpg [2012.06.24 15:13:09 | 000,044,838 | ---- | M] () -- C:\Users\Jan\Desktop\556447_431616336879310_1628302468_n.jpg [2012.06.22 02:12:44 | 000,040,973 | ---- | M] () -- C:\Users\Jan\Desktop\250840_343712922365907_2029366532_n.jpg [2012.06.22 01:52:29 | 000,043,215 | ---- | M] () -- C:\Users\Jan\Desktop\581158_314567728638253_1333646722_n.jpg [2012.06.22 01:47:09 | 000,043,715 | ---- | M] () -- C:\Users\Jan\Desktop\542315_10151643410468484_351756534_n.jpg [2012.06.21 17:28:14 | 000,472,967 | ---- | M] () -- C:\Users\Jan\Desktop\A6_antrag_foto.pdf [2012.06.20 23:42:51 | 002,166,062 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1612.JPG [2012.06.20 23:40:51 | 000,770,102 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_234036.png [2012.06.20 22:24:44 | 000,190,213 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_222417.png [2012.06.20 20:51:37 | 001,395,524 | ---- | M] () -- C:\Users\Jan\Desktop\dj phil.wav [2012.06.20 20:47:06 | 000,019,159 | ---- | M] () -- C:\Users\Jan\Desktop\600738_427976630576614_172168825_n.jpg [2012.06.20 20:46:15 | 000,050,278 | ---- | M] () -- C:\Users\Jan\Desktop\196111_419795351394742_1115079185_n.jpg [2012.06.20 20:44:59 | 000,046,723 | ---- | M] () -- C:\Users\Jan\Desktop\562443_423728507668093_425654802_n.jpg [2012.06.20 20:33:06 | 000,070,501 | ---- | M] () -- C:\Users\Jan\Desktop\bob.jpg [2012.06.20 15:19:57 | 000,098,544 | ---- | M] () -- C:\Users\Jan\Desktop\pizza.jpg [2012.06.20 14:01:59 | 000,049,778 | ---- | M] () -- C:\Users\Jan\Desktop\601271_10151855169685584_595958766_n.jpg [2012.06.20 01:00:55 | 000,721,724 | ---- | M] () -- C:\Users\Jan\Desktop\hochzeit_ingo_nadine.mp4 [2012.06.20 00:52:19 | 000,139,060 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_005206.png [2012.06.20 00:16:14 | 001,203,391 | ---- | M] () -- C:\Users\Jan\Desktop\bruch.wmv [2012.06.19 21:34:54 | 000,023,175 | ---- | M] () -- C:\Users\Jan\Desktop\zukunft.jpg [2012.06.19 19:26:14 | 000,197,824 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_19062012_192525.png [2012.06.19 19:25:08 | 000,187,196 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_19062012_192458.png [2012.06.19 15:28:52 | 000,027,176 | ---- | M] () -- C:\Users\Jan\Desktop\538315_377709162290903_1580378685_n.jpg [2012.06.19 15:28:25 | 000,019,997 | ---- | M] () -- C:\Users\Jan\Desktop\533432_10151638156488484_1677446043_n.jpg [2012.06.19 15:26:01 | 000,054,568 | ---- | M] () -- C:\Users\Jan\Desktop\fussball.jpg [2012.06.19 03:19:42 | 000,053,109 | ---- | M] () -- C:\Users\Jan\Desktop\melone.jpg [2012.06.18 23:41:57 | 000,239,623 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_234128.png [2012.06.18 23:11:05 | 000,712,060 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_230527.png [2012.06.18 22:51:01 | 000,205,055 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_225048.png [2012.06.18 22:38:48 | 001,005,546 | ---- | M] () -- C:\Users\Jan\Desktop\pan3.jpg [2012.06.18 21:11:53 | 000,039,644 | ---- | M] () -- C:\Users\Jan\Desktop\batcat.jpg [2012.06.18 21:09:43 | 000,094,677 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_210933.png [2012.06.18 17:27:06 | 000,178,765 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_172635.png [2012.06.18 15:00:02 | 000,105,803 | ---- | M] () -- C:\Users\Jan\Documents\Jahr2011.eca [2012.06.18 13:46:19 | 000,061,158 | ---- | M] () -- C:\Users\Jan\Desktop\katz.jpg [2012.06.16 18:01:25 | 001,905,550 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_16062012_175924.png [2012.06.16 18:01:12 | 001,839,255 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_16062012_175913.png [2012.06.16 16:38:29 | 000,048,974 | ---- | M] () -- C:\Users\Jan\Desktop\carrot.jpg [2012.06.15 21:28:35 | 000,013,824 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.15 21:01:31 | 000,026,939 | ---- | M] () -- C:\Users\Jan\Desktop\father.jpg [2012.06.15 18:34:29 | 000,027,362 | ---- | M] () -- C:\Users\Jan\Desktop\2personenliege.jpg [2012.06.15 18:34:00 | 000,052,338 | ---- | M] () -- C:\Users\Jan\Desktop\kacken.jpg [2012.06.15 14:26:20 | 000,035,418 | ---- | M] () -- C:\Users\Jan\Desktop\166523_320183311399056_1005710147_n.jpg [2012.06.15 01:29:35 | 000,024,425 | ---- | M] () -- C:\Users\Jan\Desktop\542412_455731557788398_1977578464_n.jpg [2012.06.14 23:55:41 | 000,258,845 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_235527.png [2012.06.14 22:09:58 | 002,698,792 | ---- | M] () -- C:\Users\Jan\Desktop\Ohne Titel.mp4 [2012.06.14 22:08:42 | 000,234,350 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_220737.png [2012.06.14 19:36:03 | 001,150,158 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_193543.png [2012.06.14 16:04:03 | 000,026,344 | ---- | M] () -- C:\Users\Jan\Desktop\s715i.jpg [2012.06.14 03:01:39 | 000,380,808 | ---- | M] () -- C:\Users\Jan\Desktop\001.jpg [2012.06.13 15:00:13 | 000,386,404 | ---- | M] () -- C:\Users\Jan\Desktop\1_9_2 (2).jpg [2012.06.13 14:48:22 | 001,280,574 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_13062012_144713.png [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.13 01:03:38 | 000,065,848 | ---- | C] () -- C:\Users\Jan\Desktop\trojaner.htm [2012.07.13 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Jan\defogger_reenable [2012.07.13 00:39:25 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ [2012.07.12 20:38:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 19:29:41 | 000,000,031 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\mbam.context.scan [2012.07.12 19:20:54 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\DVD Architect Studio 5.0.lnk [2012.07.12 19:16:39 | 000,030,280 | ---- | C] () -- C:\Users\Jan\Desktop\396660_334528939964014_1687567269_n.jpg [2012.07.12 19:02:01 | 000,002,728 | ---- | C] () -- C:\Users\Jan\Documents\DVD Architect Studio registrieren.htm [2012.07.12 18:15:03 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000032.@ [2012.07.12 18:15:03 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\L\00000004.@ [2012.07.12 18:15:02 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000064.@ [2012.07.12 18:15:02 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000000.@ [2012.07.12 18:15:02 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000004.@ [2012.07.12 18:15:02 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\000000cb.@ [2012.07.12 17:56:20 | 000,001,974 | ---- | C] () -- C:\Users\Jan\Desktop\DVD Architect Pro 5.0.lnk [2012.07.12 17:14:56 | 000,002,728 | ---- | C] () -- C:\Users\Jan\Documents\DVD Architect Pro registrieren.htm [2012.07.12 16:04:13 | 000,048,505 | ---- | C] () -- C:\Users\Jan\Desktop\600024_10151028374990769_319057127_n.jpg [2012.07.12 15:21:38 | 000,001,081 | ---- | C] () -- C:\Users\Jan\Desktop\DVDStyler.lnk [2012.07.12 00:09:45 | 001,881,808 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_12072012_000933.png [2012.07.11 21:07:14 | 000,347,669 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_11072012_210652.png [2012.07.11 20:33:54 | 000,100,562 | ---- | C] () -- C:\Users\Jan\Desktop\live (1).jpg [2012.07.11 20:30:15 | 000,122,855 | ---- | C] () -- C:\Users\Jan\Desktop\552542_443756838989471_1311366834_n.jpg [2012.07.11 19:28:06 | 000,048,020 | ---- | C] () -- C:\Users\Jan\Desktop\527873_495330790483655_1778004771_n.jpg [2012.07.11 19:21:25 | 000,024,163 | ---- | C] () -- C:\Users\Jan\Desktop\TheHobbit_320x480_mobile-wallpaper.jpg [2012.07.11 17:41:36 | 000,037,377 | ---- | C] () -- C:\Users\Jan\Desktop\8866530486900046_IxgsXGwy_f.jpg [2012.07.10 20:53:30 | 000,054,908 | ---- | C] () -- C:\Users\Jan\Desktop\293802_441919932505018_607248145_n.jpg [2012.07.10 16:31:03 | 000,072,181 | ---- | C] () -- C:\Users\Jan\Desktop\391321_441123819261895_1500593594_n.jpg [2012.07.10 03:39:06 | 000,079,046 | ---- | C] () -- C:\Users\Jan\Desktop\417727_441544632542548_1456269016_n.jpg [2012.07.09 19:09:03 | 000,051,073 | ---- | C] () -- C:\Users\Jan\Desktop\486177_441511875879157_430364828_n.jpg [2012.07.09 18:42:30 | 000,716,564 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02042012_201631.png [2012.07.09 16:03:01 | 000,026,545 | ---- | C] () -- C:\Users\Jan\Desktop\fbd8ad035a4560a1aa5cd6a66aa87a08.jpg [2012.07.09 14:44:51 | 000,219,527 | ---- | C] () -- C:\Users\Jan\Desktop\avm_fritzbox_wlan_3270-v6.jpg [2012.07.09 02:09:34 | 000,427,068 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_09072012_020918.png [2012.07.08 23:47:08 | 000,092,494 | ---- | C] () -- C:\Users\Jan\Desktop\396944_410403992344833_351460604_n.jpg [2012.07.07 20:00:27 | 003,576,636 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731_3.jpg [2012.07.07 19:48:57 | 003,590,230 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731_2.jpg [2012.07.07 19:41:33 | 003,515,153 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731.jpg [2012.07.07 18:41:47 | 000,001,096 | ---- | C] () -- C:\Users\Jan\Desktop\Ashampoo WinOptimizer 6.lnk [2012.07.07 15:56:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.07 03:38:34 | 001,181,365 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_2808.jpg [2012.07.07 02:31:17 | 001,201,595 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_07072012_023109.png [2012.07.07 02:06:38 | 000,039,210 | ---- | C] () -- C:\Users\Jan\Desktop\8084_10150922148443176_1409767915_n.jpg [2012.07.06 15:24:57 | 000,071,302 | ---- | C] () -- C:\Users\Jan\Desktop\579629_3666562228509_591003334_n.jpg [2012.07.06 15:21:36 | 000,356,181 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_06072012_152121.png [2012.07.06 13:59:13 | 000,068,888 | ---- | C] () -- C:\Users\Jan\Desktop\483293_10151071363130664_1460663421_n.jpg [2012.07.05 14:41:31 | 000,060,530 | ---- | C] () -- C:\Users\Jan\Desktop\550513_10150971121317250_624631558_n.jpg [2012.07.05 11:25:21 | 000,090,150 | ---- | C] () -- C:\Users\Jan\Desktop\309349_10150943442884821_1921945662_n.jpg [2012.07.05 10:57:03 | 000,414,892 | ---- | C] () -- C:\Users\Jan\Desktop\10.jpg [2012.07.05 02:29:50 | 000,265,659 | ---- | C] () -- C:\Users\Jan\Desktop\marspic_1024.jpg [2012.07.05 02:22:42 | 000,804,220 | ---- | C] () -- C:\Users\Jan\Desktop\Cratere_Bonneville_sur_Mars_vu_par_le_rover_Spirit.jpg [2012.07.04 15:34:56 | 000,555,405 | ---- | C] () -- C:\Users\Jan\Desktop\07.jpg [2012.07.04 04:57:09 | 000,040,205 | ---- | C] () -- C:\Users\Jan\Desktop\380680_4098551419305_1359789862_n.jpg [2012.07.04 04:56:27 | 000,024,896 | ---- | C] () -- C:\Users\Jan\Desktop\524247_4216004041902_219905661_n.jpg [2012.07.04 04:41:04 | 000,050,532 | ---- | C] () -- C:\Users\Jan\Desktop\Gong Rechnung Juni 2012.pdf [2012.07.04 01:33:47 | 000,037,728 | ---- | C] () -- C:\Users\Jan\Desktop\311531_350126945023774_619333422_n.jpg [2012.07.04 01:15:15 | 000,050,047 | ---- | C] () -- C:\Users\Jan\Desktop\baerlauch.jpg [2012.07.04 00:05:42 | 000,043,690 | ---- | C] () -- C:\Users\Jan\Desktop\Mars_1.jpg [2012.07.03 16:19:58 | 000,084,349 | ---- | C] () -- C:\Users\Jan\Desktop\581976_455878877764731_66146524_n.jpg [2012.07.03 16:19:26 | 000,041,272 | ---- | C] () -- C:\Users\Jan\Desktop\zujg.jpg [2012.07.03 15:47:40 | 000,027,674 | ---- | C] () -- C:\Users\Jan\Desktop\527894_449684868390009_319062588_n.jpg [2012.07.03 15:46:31 | 000,054,341 | ---- | C] () -- C:\Users\Jan\Desktop\557829_361127947294457_2092409336_n.jpg [2012.07.03 15:45:10 | 000,063,706 | ---- | C] () -- C:\Users\Jan\Desktop\600102_438665499497128_401874923_n.jpg [2012.07.03 15:40:53 | 000,070,330 | ---- | C] () -- C:\Users\Jan\Desktop\399174_363860620345926_532984886_n.jpg [2012.07.03 15:33:25 | 000,025,417 | ---- | C] () -- C:\Users\Jan\Desktop\528442_442013489152401_846630949_n.jpg [2012.07.03 15:32:35 | 000,030,054 | ---- | C] () -- C:\Users\Jan\Desktop\182540_331679326911910_1776086151_n.jpg [2012.07.03 15:31:23 | 000,021,962 | ---- | C] () -- C:\Users\Jan\Desktop\293274_467110876635473_1451069661_n.jpg [2012.07.03 15:28:21 | 000,034,180 | ---- | C] () -- C:\Users\Jan\Desktop\u.jpg [2012.07.03 03:35:38 | 000,058,613 | ---- | C] () -- C:\Users\Jan\Desktop\376875_466463636700198_723921992_n.jpg [2012.07.02 02:51:40 | 000,588,555 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_025002.png [2012.07.02 01:20:16 | 000,167,907 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_012000.png [2012.07.02 00:12:47 | 000,216,525 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_001225.png [2012.07.01 19:06:12 | 000,168,910 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_01072012_190555.png [2012.06.29 01:43:51 | 000,543,885 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_29062012_014333.png [2012.06.29 01:19:38 | 000,412,016 | ---- | C] () -- C:\Users\Jan\Desktop\MVI_2202.mp3 [2012.06.28 18:25:12 | 000,506,585 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_28062012_182502.png [2012.06.28 18:20:41 | 000,248,763 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_28062012_182020.png [2012.06.28 18:11:40 | 000,238,984 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_0306.jpg [2012.06.27 23:14:38 | 000,253,241 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_27062012_231354.png [2012.06.27 22:13:50 | 000,219,689 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_27062012_221335.png [2012.06.26 16:13:57 | 000,416,382 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_161342.png [2012.06.26 16:11:41 | 000,415,864 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_161132.png [2012.06.26 15:36:30 | 000,485,921 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_153622.png [2012.06.26 01:21:37 | 000,153,019 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_012121.png [2012.06.26 00:54:54 | 000,225,466 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_005147.png [2012.06.26 00:54:22 | 000,225,280 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_005211.png [2012.06.25 19:27:35 | 000,692,860 | ---- | C] () -- C:\Users\Jan\Desktop\18.jpg [2012.06.24 23:24:17 | 000,397,968 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_24062012_232328.png [2012.06.24 16:55:09 | 000,022,874 | ---- | C] () -- C:\Users\Jan\Desktop\600697_286971414734082_1596480150_n.jpg [2012.06.24 16:53:34 | 000,153,376 | ---- | C] () -- C:\Users\Jan\Desktop\533397_383436081720107_1702884464_n.jpg [2012.06.24 15:29:02 | 000,043,860 | ---- | C] () -- C:\Users\Jan\Desktop\379104_289961341044811_1350045290_n.jpg [2012.06.24 15:26:15 | 000,084,051 | ---- | C] () -- C:\Users\Jan\Desktop\309507_291573407550271_426832357_n.jpg [2012.06.24 15:26:01 | 000,044,185 | ---- | C] () -- C:\Users\Jan\Desktop\374190_295424550498490_575297564_n.jpg [2012.06.24 15:25:42 | 000,159,980 | ---- | C] () -- C:\Users\Jan\Desktop\373859_300416319999313_1441714320_n.jpg [2012.06.24 15:25:24 | 000,110,068 | ---- | C] () -- C:\Users\Jan\Desktop\380165_320725134635098_1718565664_n.jpg [2012.06.24 15:25:06 | 000,027,231 | ---- | C] () -- C:\Users\Jan\Desktop\405513_327211960653082_582236530_n.jpg [2012.06.24 15:24:09 | 000,040,992 | ---- | C] () -- C:\Users\Jan\Desktop\431001_356492914391653_1886625402_n.jpg [2012.06.24 15:23:15 | 000,040,317 | ---- | C] () -- C:\Users\Jan\Desktop\485144_367968976577380_619537276_n.jpg [2012.06.24 15:22:55 | 000,142,854 | ---- | C] () -- C:\Users\Jan\Desktop\538864_372755956098682_422651986_n.jpg [2012.06.24 15:22:40 | 000,035,348 | ---- | C] () -- C:\Users\Jan\Desktop\319851_384024908305120_41244667_n.jpg [2012.06.24 15:21:43 | 000,093,357 | ---- | C] () -- C:\Users\Jan\Desktop\549289_412175318823412_1311443225_n.jpg [2012.06.24 15:21:24 | 000,145,425 | ---- | C] () -- C:\Users\Jan\Desktop\545514_411113625596248_57626409_n.jpg [2012.06.24 15:21:02 | 000,052,220 | ---- | C] () -- C:\Users\Jan\Desktop\578180_417952271579050_1176525883_n.jpg [2012.06.24 15:20:02 | 000,142,037 | ---- | C] () -- C:\Users\Jan\Desktop\292102_416053071768970_1762247089_n.jpg [2012.06.24 15:17:55 | 000,048,061 | ---- | C] () -- C:\Users\Jan\Desktop\540672_425409314166679_1109603287_n.jpg [2012.06.24 15:17:23 | 000,116,225 | ---- | C] () -- C:\Users\Jan\Desktop\600130_426293297411614_1054108455_n.jpg [2012.06.24 15:15:36 | 000,030,400 | ---- | C] () -- C:\Users\Jan\Desktop\479720_429007057140238_1551756514_n.jpg [2012.06.24 15:15:26 | 000,033,748 | ---- | C] () -- C:\Users\Jan\Desktop\599708_429446447096299_1729669172_n.jpg [2012.06.24 15:15:07 | 000,067,102 | ---- | C] () -- C:\Users\Jan\Desktop\208968_429513030422974_1871102937_n.jpg [2012.06.24 15:14:49 | 000,046,913 | ---- | C] () -- C:\Users\Jan\Desktop\480062_430067133700897_1319664948_n.jpg [2012.06.24 15:13:54 | 000,072,533 | ---- | C] () -- C:\Users\Jan\Desktop\532886_431111920263085_1310207881_n.jpg [2012.06.24 15:13:15 | 000,044,838 | ---- | C] () -- C:\Users\Jan\Desktop\556447_431616336879310_1628302468_n.jpg [2012.06.22 02:12:47 | 000,040,973 | ---- | C] () -- C:\Users\Jan\Desktop\250840_343712922365907_2029366532_n.jpg [2012.06.22 01:52:31 | 000,043,215 | ---- | C] () -- C:\Users\Jan\Desktop\581158_314567728638253_1333646722_n.jpg [2012.06.22 01:47:14 | 000,043,715 | ---- | C] () -- C:\Users\Jan\Desktop\542315_10151643410468484_351756534_n.jpg [2012.06.21 17:27:30 | 000,472,967 | ---- | C] () -- C:\Users\Jan\Desktop\A6_antrag_foto.pdf [2012.06.20 23:42:32 | 002,166,062 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1612.JPG [2012.06.20 23:40:43 | 000,770,102 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_234036.png [2012.06.20 22:24:40 | 000,190,213 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_222417.png [2012.06.20 20:51:19 | 001,395,524 | ---- | C] () -- C:\Users\Jan\Desktop\dj phil.wav [2012.06.20 20:47:05 | 000,019,159 | ---- | C] () -- C:\Users\Jan\Desktop\600738_427976630576614_172168825_n.jpg [2012.06.20 20:46:15 | 000,050,278 | ---- | C] () -- C:\Users\Jan\Desktop\196111_419795351394742_1115079185_n.jpg [2012.06.20 20:44:59 | 000,046,723 | ---- | C] () -- C:\Users\Jan\Desktop\562443_423728507668093_425654802_n.jpg [2012.06.20 20:33:03 | 000,070,501 | ---- | C] () -- C:\Users\Jan\Desktop\bob.jpg [2012.06.20 15:20:01 | 000,098,544 | ---- | C] () -- C:\Users\Jan\Desktop\pizza.jpg [2012.06.20 14:02:57 | 000,049,778 | ---- | C] () -- C:\Users\Jan\Desktop\601271_10151855169685584_595958766_n.jpg [2012.06.20 01:00:36 | 000,721,724 | ---- | C] () -- C:\Users\Jan\Desktop\hochzeit_ingo_nadine.mp4 [2012.06.20 00:52:10 | 000,139,060 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_005206.png [2012.06.20 00:16:04 | 001,203,391 | ---- | C] () -- C:\Users\Jan\Desktop\bruch.wmv [2012.06.19 21:35:06 | 000,023,175 | ---- | C] () -- C:\Users\Jan\Desktop\zukunft.jpg [2012.06.19 19:26:00 | 000,197,824 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_19062012_192525.png [2012.06.19 19:25:03 | 000,187,196 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_19062012_192458.png [2012.06.19 15:28:55 | 000,027,176 | ---- | C] () -- C:\Users\Jan\Desktop\538315_377709162290903_1580378685_n.jpg [2012.06.19 15:28:27 | 000,019,997 | ---- | C] () -- C:\Users\Jan\Desktop\533432_10151638156488484_1677446043_n.jpg [2012.06.19 15:26:14 | 000,054,568 | ---- | C] () -- C:\Users\Jan\Desktop\fussball.jpg [2012.06.19 03:19:49 | 000,053,109 | ---- | C] () -- C:\Users\Jan\Desktop\melone.jpg [2012.06.18 23:41:38 | 000,239,623 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_234128.png [2012.06.18 23:10:49 | 000,712,060 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_230527.png [2012.06.18 22:50:56 | 000,205,055 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_225048.png [2012.06.18 22:37:45 | 001,005,546 | ---- | C] () -- C:\Users\Jan\Desktop\pan3.jpg [2012.06.18 21:12:01 | 000,039,644 | ---- | C] () -- C:\Users\Jan\Desktop\batcat.jpg [2012.06.18 21:09:41 | 000,094,677 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_210933.png [2012.06.18 17:26:52 | 000,178,765 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_172635.png [2012.06.18 13:46:39 | 000,061,158 | ---- | C] () -- C:\Users\Jan\Desktop\katz.jpg [2012.06.16 17:59:57 | 001,905,550 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_16062012_175924.png [2012.06.16 17:59:51 | 001,839,255 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_16062012_175913.png [2012.06.16 16:38:37 | 000,048,974 | ---- | C] () -- C:\Users\Jan\Desktop\carrot.jpg [2012.06.15 21:01:44 | 000,026,939 | ---- | C] () -- C:\Users\Jan\Desktop\father.jpg [2012.06.15 18:34:33 | 000,027,362 | ---- | C] () -- C:\Users\Jan\Desktop\2personenliege.jpg [2012.06.15 18:34:14 | 000,052,338 | ---- | C] () -- C:\Users\Jan\Desktop\kacken.jpg [2012.06.15 14:26:33 | 000,035,418 | ---- | C] () -- C:\Users\Jan\Desktop\166523_320183311399056_1005710147_n.jpg [2012.06.15 01:29:52 | 000,024,425 | ---- | C] () -- C:\Users\Jan\Desktop\542412_455731557788398_1977578464_n.jpg [2012.06.14 23:55:35 | 000,258,845 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_235527.png [2012.06.14 22:08:36 | 000,234,350 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_220737.png [2012.06.14 22:07:42 | 002,698,792 | ---- | C] () -- C:\Users\Jan\Desktop\Ohne Titel.mp4 [2012.06.14 19:35:51 | 001,150,158 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_193543.png [2012.06.14 16:04:12 | 000,026,344 | ---- | C] () -- C:\Users\Jan\Desktop\s715i.jpg [2012.06.14 03:01:42 | 000,380,808 | ---- | C] () -- C:\Users\Jan\Desktop\001.jpg [2012.06.13 15:00:15 | 000,386,404 | ---- | C] () -- C:\Users\Jan\Desktop\1_9_2 (2).jpg [2012.06.13 14:48:10 | 001,280,574 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_13062012_144713.png [2012.04.29 22:36:46 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Starglow.exe [2012.04.20 18:21:03 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.04.20 18:21:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.04.05 04:52:46 | 000,000,005 | ---- | C] () -- C:\Windows\BorisFX BCC7.ini [2012.01.25 07:16:47 | 000,000,238 | ---- | C] () -- C:\Windows\wininit.ini [2012.01.25 03:59:15 | 000,004,441 | ---- | C] () -- C:\Windows\jcvtwwx48.ini [2012.01.11 18:33:16 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\@ [2011.12.14 23:21:36 | 000,000,147 | ---- | C] () -- C:\Windows\RealFlight.INI [2011.11.11 04:54:40 | 000,000,054 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\updater.cfg [2011.10.17 21:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\RegKey.exe [2011.10.17 21:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\Sony Vegas Pro 10 Portable.exe [2011.09.29 17:30:05 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI [2011.09.18 07:34:58 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2011.09.11 02:46:15 | 001,810,360 | ---- | C] () -- C:\Users\Jan\herbst.png [2011.09.11 02:46:15 | 001,520,612 | ---- | C] () -- C:\Users\Jan\sommer.png [2011.09.11 02:46:15 | 001,433,407 | ---- | C] () -- C:\Users\Jan\frühling.png [2011.09.11 02:46:15 | 000,810,133 | ---- | C] () -- C:\Users\Jan\winter.png [2011.08.30 01:50:34 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.08.30 01:45:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.08.30 01:38:21 | 000,063,940 | ---- | C] () -- C:\Users\Jan\t2.jpg [2011.08.30 01:38:21 | 000,032,760 | ---- | C] () -- C:\Users\Jan\t1.jpg [2011.08.15 20:07:24 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2011.08.15 20:07:23 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2011.08.15 20:07:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2011.08.15 20:07:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2011.08.15 20:07:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2011.07.18 02:40:42 | 001,656,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.16 13:09:13 | 000,002,706 | ---- | C] () -- C:\Windows\lightworks.ini [2011.06.11 13:32:57 | 000,000,842 | ---- | C] () -- C:\Users\Jan\.recently-used.xbel [2011.06.04 15:00:50 | 000,049,642 | ---- | C] () -- C:\Users\Jan\index.php [2011.03.14 19:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll [2011.02.03 03:21:09 | 000,007,597 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2010.09.26 16:37:02 | 000,013,824 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.26 16:05:54 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.22 15:11:25 | 000,000,336 | ---- | C] () -- C:\Windows\ULEAD32.INI [2010.08.18 00:50:34 | 000,001,456 | ---- | C] () -- C:\Users\Jan\AppData\Local\Adobe Für Web speichern 11.0 Prefs [2010.08.04 14:35:32 | 000,000,238 | ---- | C] () -- C:\Windows\EasyCT.INI [2009.11.02 22:43:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010.08.04 14:03:26 | 000,000,000 | -HSD | M] -- C:\Users\Jan\AppData\Roaming\.# [2010.06.11 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\acccore [2010.08.26 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audacity [2011.08.02 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audio Recorder for Free [2012.02.06 03:39:14 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\avidemux [2012.04.20 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Babylon [2010.12.12 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Canneverbe Limited [2012.05.09 17:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Canon [2011.10.29 04:35:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.09.29 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DesktopIconForAmazon [2012.07.12 16:47:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Dropbox [2011.08.01 00:24:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft [2011.02.21 06:13:22 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.14 06:30:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\elsterformular [2011.06.17 01:05:08 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\EurekaLog [2011.06.18 05:39:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\fdrtools.com [2012.07.13 00:09:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FileZilla [2010.08.25 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FlashGet [2012.03.16 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Free Download Manager [2010.06.04 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GameConsole [2012.04.30 03:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GetRightToGo [2010.08.25 02:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\gtk-2.0 [2011.10.22 04:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Gunther Wegner [2012.03.23 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ [2011.08.03 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\IrfanView [2011.06.10 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\jAlbum [2011.09.21 15:14:33 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MAGIX [2012.01.15 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MAXON [2011.01.15 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Moyea [2011.11.04 06:01:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\NeatVideo SV 64 [2011.10.31 07:19:25 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Nvu [2012.01.10 00:39:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy [2010.08.04 23:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org [2010.08.09 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Opera [2010.06.04 16:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Packard Bell [2011.08.15 04:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PhotoScape [2011.06.08 02:26:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Pixmantec [2010.06.04 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PlayFirst [2012.04.06 05:47:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\proDAD [2010.12.08 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ProtectDisc [2011.10.17 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Publish Providers [2012.03.01 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\QuickScan [2011.11.11 04:54:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Red Giant Link [2012.07.12 19:19:42 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony [2011.10.27 08:41:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony Creative Software Inc [2012.07.09 02:51:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Spotify [2010.10.14 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.12.09 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TeamViewer [2010.10.11 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Thinstall [2011.07.22 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1 [2010.08.17 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TrueCrypt [2011.10.06 03:11:12 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software [2010.08.05 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Uniblue [2010.07.27 21:34:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ViquaSoft [2010.08.17 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Vodafone [2011.01.03 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Windows Live Writer [2012.07.13 01:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job [2012.07.13 01:00:10 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job [2012.07.06 12:18:30 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job [2012.06.02 04:03:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
13.07.2012, 17:53 | #2 |
/// Malware-holic | Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ hi
__________________wenn du onlinebanking machst, rufe die bank an, sperren lassen wegen zero access rootkit. da dieses ein gefärhliches rootkit ist: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
Themen zu Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ |
00000008.@, adobe, application/pdf:, autorun, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, canon, cyberghost, explorer, firefox, flash player, format, free download, google earth, haribo, home, launch, limited.com/facebook, logfile, mozilla, mp3, nvidia, object, packard bell, photoshop, plug-in, realtek, rundll, scan, searchscopes, security, senden, software, spam, tracker, trojan.dropper.bcminer, trojaner, windows, wlan |