| |  Polizeivirus Österreich
 Hallo liebe Helfer ! Erstmals finde ich es toll dass es euch gibt und ihr schon so viele User helfen konntet , echt toll von euch! Ich hab mir wie so viele andere , nun auch diesen Polizeitrojaner (Österreich Version mit der aufforderung 100 € einzuzahlen usw) eingefangen. Ich bitte euch um Hilfe, ich weiss nicht mehr weiter. In den eigentlichen Benutzer komm ich nicht mehr rein. Ich hab mir einen 2ten Benutzer via Abegsicherter Modus angelegt und bin jetzt hier drinnen habe aber viele wichtige Daten am befallenen Benutzerkonto die ich retten bzw nicht löschen möchte ! Ich wollte einfach Systemwiederherstellung machen doch das geht anscheinend bei mehreren Windows 7 Nutzer nicht.
Ich hab mir Malwarebytes und OTL bereits geladen..... Malwarebytes hat bei mir zwei Logdatein angegeben ?!? Ich häng mal an, lieben dank einstweil ! PHP-Code: OTL logfile created on: 22.07.2012 21:29:19 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Secure\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,20% Memory free
7,90 Gb Paging File | 6,08 Gb Available in Paging File | 76,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 325,75 Gb Free Space | 72,10% Space Free | Partition Type: NTFS
Drive D: | 268,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: THOMAS-VAIO | User Name: Secure | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.07.22 21:29:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.03.01 21:23:36 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011.03.01 21:23:36 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.07.12 11:57:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.29 08:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012.07.18 16:28:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:[b]64bit:[/b] - [2011.03.29 11:00:53 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:[b]64bit:[/b] - [2011.03.29 10:55:05 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.03.29 08:15:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011.02.17 05:06:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2011.02.16 14:50:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:32 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:28 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:[b]64bit:[/b] - [2010.07.20 15:49:16 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:[b]64bit:[/b] - [2010.07.10 23:02:58 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:[b]64bit:[/b] - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzu0AyCtAzy0EyD0AyEyEzztByD0E0FzzyCtN0D0TzutBtDtCtBtDyCtBtA&cr=13915486
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6EBE8718-D052-3530-1F83-0FF35056FFC9}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {2D6C0518-920E-41C0-83B1-7773B7A85754}
IE - HKCU\..\SearchScopes\{2D6C0518-920E-41C0-83B1-7773B7A85754}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{3F1E9CAF-5845-4881-90D7-256D0AF31ED6}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{4CFF6993-C1B8-44B1-967A-C543696A9DD2}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{52F54DBE-B9BA-4773-93FB-07C610A1796C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{54BBFBD3-67D3-4E30-8273-EB960405A670}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{A3463F22-E1B5-4487-9EE9-C03FA7277086}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29898-16445-29/4?mpre=hxxp://shop.ebay.at/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[color=#E56717]========== FireFox ==========[/color]
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 22:58:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.07.19 11:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Secure\AppData\Roaming\mozilla\Extensions
[2012.07.18 20:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 19:03:54 | 000,000,000 | ---D | M] (Controller) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2012.04.12 22:58:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23DE1942-ED20-4DCD-902C-54A192B2EFD3}: DhcpNameServer = 10.0.0.138
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell - "" = AutoRun
O33 - MountPoints2\{eecbccd5-d0e4-11e1-92fb-9439e5a44826}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.07.22 21:29:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
[2012.07.22 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Malwarebytes
[2012.07.22 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 21:25:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 21:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 11:51:35 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Sony Corporation
[2012.07.21 11:35:34 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Microsoft Games
[2012.07.19 11:07:20 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Macromedia
[2012.07.19 11:06:43 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Mozilla
[2012.07.19 11:06:43 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Mozilla
[2012.07.18 21:00:04 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Canneverbe Limited
[2012.07.18 19:42:45 | 000,000,000 | ---D | C] -- C:\Users\Secure\Desktop\Neuer Ordner
[2012.07.18 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.18 19:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
[2012.07.18 19:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverFinder
[2012.07.18 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\DriverFinder
[2012.07.18 19:21:28 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Adobe
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\Searches
[2012.07.18 18:59:25 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.18 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Sony Corporation
[2012.07.18 18:59:15 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Identities
[2012.07.18 18:59:12 | 000,000,000 | R--D | C] -- C:\Users\Secure\Contacts
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Vorlagen
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Verlauf
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Temporary Internet Files
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Startmenü
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\SendTo
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Recent
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Netzwerkumgebung
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Lokale Einstellungen
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Videos
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Musik
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Eigene Dateien
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Documents\Eigene Bilder
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Druckumgebung
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Cookies
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\AppData\Local\Anwendungsdaten
[2012.07.18 18:58:49 | 000,000,000 | -HSD | C] -- C:\Users\Secure\Anwendungsdaten
[2012.07.18 18:58:44 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.18 18:58:44 | 000,000,000 | R--D | C] -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Temp
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Local\Microsoft
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Media Center Programs
[2012.07.18 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\Secure\AppData\Roaming\Macromedia
[2012.07.18 18:58:42 | 000,000,000 | --SD | C] -- C:\Users\Secure\AppData\Roaming\Microsoft
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Videos
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Saved Games
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Pictures
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Music
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Links
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Favorites
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Downloads
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Documents
[2012.07.18 18:58:40 | 000,000,000 | R--D | C] -- C:\Users\Secure\Desktop
[2012.07.18 18:58:40 | 000,000,000 | -H-D | C] -- C:\Users\Secure\AppData
[2012.07.18 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.18 16:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.13 06:25:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.13 06:25:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.13 06:25:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.13 06:25:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.13 06:25:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.13 06:25:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.13 06:25:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.13 06:25:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.13 06:25:20 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.13 06:25:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.13 06:25:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.13 06:25:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.13 06:25:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 10:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 10:06:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 10:06:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 10:06:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 10:06:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 08:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.07.07 22:19:23 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.06.27 13:19:09 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.27 13:19:09 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.27 13:19:09 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.27 13:18:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.27 13:18:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.27 13:18:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.27 13:18:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.27 13:18:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.25 21:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2012.06.25 21:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
[2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.23 23:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.23 23:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.23 23:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2012.06.23 23:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free RAR Extract Frog
[2012.06.23 22:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Top Deluxe
[2012.06.23 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Double Top Deluxe
[2012.06.23 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BittorrentBar_DE
[2012.06.23 22:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.06.23 22:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.07.22 21:29:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Secure\Desktop\OTL.exe
[2012.07.22 21:25:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 21:20:50 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 21:20:50 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 21:17:48 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 21:17:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 21:17:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 21:17:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 21:17:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 21:16:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 21:15:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.22 21:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 21:13:20 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 16:01:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 16:01:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 11:52:40 | 000,031,980 | ---- | M] () -- C:\Windows\SysNative\s000001.dat
[2012.07.22 11:50:49 | 000,000,102 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2012.07.22 11:50:49 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[2012.07.18 21:02:39 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.07.18 19:37:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.18 19:32:02 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\DriverFinder.lnk
[2012.07.18 16:28:27 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.07.18 16:28:27 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.14 19:34:33 | 000,311,172 | ---- | M] () -- C:\test.xml
[2012.07.13 12:38:33 | 000,297,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 15:54:50 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 11:57:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 11:57:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.08 08:51:34 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 21:34:49 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.25 21:34:37 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.23 23:32:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\039142067658bf8c5af309d9f90637f8_c
[2012.06.23 23:21:18 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012.06.23 22:42:42 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.07.22 21:25:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 11:52:40 | 000,031,980 | ---- | C] () -- C:\Windows\SysNative\s000001.dat
[2012.07.21 18:11:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.18 19:37:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.18 19:32:02 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\DriverFinder.lnk
[2012.07.18 18:59:29 | 000,001,405 | ---- | C] () -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.07.18 18:59:27 | 000,001,439 | ---- | C] () -- C:\Users\Secure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.18 16:28:27 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.07.18 16:28:27 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.07.08 08:51:34 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.06.25 21:34:48 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.25 21:34:37 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\YourFile Downloader.lnk
[2012.06.23 23:32:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\039142067658bf8c5af309d9f90637f8_c
[2012.06.23 23:21:18 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2012.06.23 22:42:42 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.04.03 22:24:32 | 000,096,940 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.03.13 01:12:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.13 01:09:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012.03.13 00:16:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
[2012.03.13 00:16:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??????) -- C:\Windows\SysWow64\ɇ筵Ɏ硎疔
< End of report >
|
22.07.2012, 21:14
Baum-Darstellung