| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizeivirus_österreich - computerkriminalitat des criminal intelligence service Einheit 5.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.08.2012, 19:05
| #1 |
 |  Polizeivirus_österreich - computerkriminalitat des criminal intelligence service Einheit 5.2 Hallo! Die Österreich-Variante des neuen 'Computer-Sperre durch Polizei - 100€' hat meinen PC gesperrt, ich bräuchte daher nun Hilfe. Auf > hxxp://blog.teesupport.com/manually-remove-bundespolizei-computerkriminalitat-des-criminal-intelligence-service-einheit-5-2-achtung-polizei-bpd-100-euro-virus-entfernen/< sieht man das 'Sperr-Bild'. (Keine Anweisung von dort ausgeführt) Nach Trennung vom Modem / Internet ist PC nutzbar, sobald Internetverbindung besteht, kommt der Sperr-Bildschirm. Es werden dann keine Kommandos mehr angenommen (bzw. am Bildschirm angezeigt). "defogger.exe" wie beschrieben ausgeführt (Disable Button-> Scan -->Finished --> OK --> Neustart. Habe bereits einen Malware-Scan und einen OTL-Scan durchgeführt, Logs --> : mbam-log-2012-08-23 (00-25-38): Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.10 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19088 ... :: B........... [limitiert] 23.08.2012 00:25:38 mbam-log-2012-08-23 (00-25-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|N:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 862503 Laufzeit: 2 Stunde(n), 25 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Daten: C:\Users\biene\AppData\Local\{258C3B07-094F-AAF1-66B7-907A44EE4ECA}\syshost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\biene\LOCALS~1\Temp\msukri.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{811D2E44-ED03-3357-8028-7844F9D81616} (Trojan.ZbotR.Gen) -> Daten: C:\Users\biene\AppData\Roaming\Icyxm\awhu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{811D2E4E-ED09-3357-8028-7844F9D81616} (Trojan.ZbotR.Gen) -> Daten: C:\Users\biene\AppData\Roaming\Icyxm\awhu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\...\AppData\Local\{258C3B07-094F-AAF1-66B7-907A44EE4ECA}\syshost.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\...\AppData\Local\Temp\3b5caa0d.tmp (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\...\Downloads\XVIDPlayerSetup.exe (PUP.Adware.RKN) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL: Scan-Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2012 17:01:30 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\biene\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,23 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,53% Memory free
6,68 Gb Paging File | 5,01 Gb Available in Paging File | 74,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 766,96 Gb Total Space | 437,50 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
Drive D: | 590,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 232,88 Gb Total Space | 2,19 Gb Free Space | 0,94% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 2,29 Gb Free Space | 62,65% Space Free | Partition Type: FAT32
Drive O: | 68,52 Gb Total Space | 5,67 Gb Free Space | 8,27% Space Free | Partition Type: NTFS
Drive T: | 16,00 Gb Total Space | 0,12 Gb Free Space | 0,76% Space Free | Partition Type: FAT32
Drive U: | 32,62 Gb Total Space | 1,65 Gb Free Space | 5,05% Space Free | Partition Type: FAT32
Drive V: | 69,12 Gb Total Space | 2,82 Gb Free Space | 4,08% Space Free | Partition Type: FAT32
Drive W: | 16384,00 Gb Total Space | 16384,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\biene\Desktop\OTL2.exe (OldTimer Tools)
PRC - C:\Users\biene\AppData\Local\Temp\qafgmrlwsmjsxefjbmhbf.exe (Smart Modular)
PRC - C:\Programme\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\ClamWin-Virenscanner\bin\ClamTray.exe (alch)
PRC - C:\Users\biene\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\biene\AppData\Roaming\Wuala\Wuala.exe (LaCie)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\Disk Unlocker\ASPFSVS.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
PRC - C:\Programme\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications)
PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Programme\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\WFR\HIDAgent.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
PRC - C:\Programme\MultiScreen\MultiScreen.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\Programme\AGEIA Technologies\TrayIcon.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\proxy_util_w32.dll ()
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\jcbfs3.dll ()
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\orangevolt-4n-1.1.2.dll ()
MOD - C:\Users\biene\AppData\Local\Temp\proxy_util_w32.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9e40949744b36534fe62cd64ddccb6a1\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
MOD - C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll ()
MOD - C:\Programme\WFR\HIDAgent.exe ()
MOD - C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\MultiScreen\MultiScreen.exe ()
MOD - C:\Programme\MultiScreen\MGResGer.dll ()
MOD - C:\Programme\MultiScreen\MultiMon.dll ()
MOD - C:\Programme\MultiScreen\ServiceHook.dll ()
MOD - C:\Programme\MagicTune Premium\GammaTray.exe ()
MOD - C:\Programme\AGEIA Technologies\TrayIcon.exe ()
MOD - C:\Programme\WinUHA\shellwinuha.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\bin\python23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\shell.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32gui.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32file.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32api.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32security.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32process.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32pipe.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32event.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\pythoncom23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\pywintypes23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_winreg.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\datetime.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_ssl.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_sre.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_socket.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_bsddb.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_ctypes.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\wxc.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\wxmsw24h.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\mxDateTime.pyd ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$KSR) -- C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$ACT7) -- C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (ASDiskUnlocker) -- C:\Programme\ASUS\Disk Unlocker\ASPFSVS.exe (ASUSTeK Computer Inc.)
SRV - (asHmComSvc) -- C:\Programme\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
SRV - (asComSvc) -- C:\Programme\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (Intel® PROSet Monitoring Service) -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (msftesql$KSR) -- C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (vtigercrmMysql510) -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe ()
SRV - (vtigercrmApache510) -- C:\Programme\vtigercrm-5.1.0\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld-nt.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Apache2.2) -- c:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (KSR_Date2Contact_Service) -- C:\Programme\KSR\Date2Contact\Date2Contact_Service.exe (KSR EDV Ingenieurbüro GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
SRV - (MSSQL$JTLWAWI) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nvlddmkm) -- system32\DRIVERS\nvlddmkm.sys File not found
DRV - (KNetWchV) -- system32\DRIVERS\KNetWchV.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BjsPort) -- C:\Windows\system32\drivers\BjsPort.SYS File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (vidsflt61) -- C:\Windows\System32\drivers\vsflt61.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (bdsandbox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (AiCharger) -- C:\Windows\System32\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (VDiskBus) -- C:\Windows\System32\drivers\VDiskBus32.sys (ASUSTeK Computer Inc.)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6032.sys (Intel Corporation)
DRV - (ASFLTDrv.sys) -- C:\Programme\ASUS\Disk Unlocker\ASFLTDrv.sys (ASUSTeK Computer Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ICCWDT) -- C:\Windows\System32\drivers\ICCWDT.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (F-Secure Standalone Minifilter) -- C:\Users\Admin\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (BazisVirtualCD) -- C:\Windows\System32\drivers\BazisVirtualCD.sys ()
DRV - (VirtDiskBus) -- C:\Windows\System32\drivers\VirtDiskBus.sys ()
DRV - (Si3132r5) -- C:\Windows\System32\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV - (ATSpy) -- C:\Windows\System32\ATSpy.sys (Kingsoft Corporation)
DRV - (NCPro) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys ()
DRV - (bfastfao) -- C:\Users\Admin\AppData\Local\Temp\bfastfao.sys ()
DRV - (hcw88bda) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\Windows\System32\drivers\SI3132.sys (Silicon Image, Inc)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (TridVid) -- C:\Windows\System32\drivers\tridvid.sys (10moons Technologies Co.,Ltd)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=815f139b0000000000000009dd5084cf
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=815f139b0000000000000009dd5084cf
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{0CB7C0E7-7851-4548-8ADA-421DB08BBB03}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{3583A043-F19E-4770-9008-F3DB3E796BA5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{CFCE3D0B-7721-4f38-BEFC-2C140F2B220A}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.04 15:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 19:22:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files\DNA [2008.07.25 12:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f6bf92e0-b190-11dd-ad8b-0800200c9a67}: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a67} [2010.09.14 23:35:29 | 000,000,000 | ---D | M]
[2008.06.24 03:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.09.14 23:35:29 | 000,000,000 | ---D | M] (Advantage extension) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a67}
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\staged-xpis
[2011.10.05 11:37:48 | 000,000,917 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\searchplugins\conduit.xml
[2011.12.13 12:22:32 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\searchplugins\sweetim.xml
[2012.05.14 10:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.14 03:30:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.10.28 12:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007.08.29 23:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.16 20:56:40 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Programme\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Programme\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin-Virenscanner\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\Run: [HIDAgent] C:\Programme\WFR\HIDAgent.exe ()
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [] C:\Users\biene\AppData\Local\Temp\qafgmrlwsmjsxefjbmhbf.exe (Smart Modular)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [HIDAgent] C:\Programme\WFR\HIDAgent.exe ()
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [sxkfpdebbkfufif] C:\ProgramData\sxkfpdeb.exe File not found
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\RunOnce: [CanonUPW_000] C:\Programme\Common Files\Canon\UPW\2.0.0.0\UPWClean.exe (CANON INC.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk = C:\Programme\TeamDrive2.0\bin\TeamDrive2.exe (TeamDrive Systems GmbH)
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbam.exe - Verknüpfung.lnk = C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = File not found
F3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001 WinNT: Load - (C:\Users\biene\LOCALS~1\Temp\msukri.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66250287-D58E-4671-BF0C-04813A818A7D}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B45A792B-BF4B-4A29-80CE-E0EFF7E54426}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75678A6-ED73-464C-BD44-AF2ABB322FE6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.22 16:14:09 | 000,000,201 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fbe6a23c-3b8e-11dd-8a10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe6a23c-3b8e-11dd-8a10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.23 09:23:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.30 22:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 22:05:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 21:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\rkenxumjbfytmie
[2010.08.31 17:34:14 | 029,029,136 | ---- | C] (Sage Software ) -- C:\Users\Admin\AppData\Roaming\ACT2010Hotfix_DE_SS.exe
[2010.08.11 13:53:20 | 000,126,464 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddIn.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInSV.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInPT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInPL.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInNO.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInNL.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInLV.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInLT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInIT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInHU.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInFR.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInFI.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInES.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInENU.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInENG.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInDE.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInDA.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInCS.dll
[2010.08.11 13:53:20 | 000,004,608 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInTR.dll
[2010.08.11 13:53:20 | 000,004,608 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInET.dll
[2008.08.10 09:19:33 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmmdm.sys
[2008.08.10 09:19:33 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmserd.sys
[2008.08.10 09:19:33 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmbus.sys
[2008.08.10 09:19:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\usbsermptxp.sys
[2008.08.10 09:19:33 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmmdfl.sys
[2008.08.10 09:19:33 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmcmnt.sys
[2008.08.10 09:19:33 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmwhnt.sys
[2008.08.10 09:19:33 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmcr.sys
[2008.08.10 09:19:32 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\usbsermpt.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.23 17:11:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{066A2B56-8B08-4258-B7AF-2048F8185A5A}.job
[2012.08.23 16:52:51 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.08.23 16:50:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.23 16:50:10 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 16:50:07 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 16:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.23 16:49:19 | 3473,788,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 15:26:21 | 000,002,941 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.23 14:27:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.23 13:02:14 | 000,000,160 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.08.23 09:23:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.09 21:49:12 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012.07.31 23:43:33 | 001,090,414 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.31 23:43:33 | 000,921,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.31 23:43:33 | 000,297,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.31 23:43:33 | 000,249,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 22:07:00 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 21:38:27 | 000,000,051 | ---- | M] () -- C:\ProgramData\ucaeqzkoxwdylfm
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.23 16:49:16 | 3473,788,928 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.23 13:02:05 | 000,000,160 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.07.30 22:05:41 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 21:38:23 | 000,000,051 | ---- | C] () -- C:\ProgramData\ucaeqzkoxwdylfm
[2012.05.22 19:12:08 | 000,235,637 | ---- | C] () -- C:\ProgramData\1337698956.bdinstall.bin
[2012.05.12 03:27:08 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2012.05.12 03:26:13 | 000,494,402 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2012.05.12 03:25:32 | 000,324,258 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012.05.12 03:00:58 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012.04.09 22:55:25 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.04.09 22:55:25 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2012.03.14 14:59:18 | 000,032,578 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.08 03:32:09 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.05 20:56:55 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.03.05 20:20:20 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.03.01 02:55:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.03.01 02:36:58 | 000,011,456 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.03.01 02:36:57 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.03.01 02:36:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.25 00:07:14 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2012.01.11 14:26:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.11 14:26:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.25 11:00:31 | 000,001,610 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.05.25 11:00:20 | 000,027,585 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.18 20:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.26 18:04:29 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010.10.20 21:01:40 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2010.09.29 03:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.08.31 17:47:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B80C2F2C12.sys
[2010.08.31 17:47:01 | 000,001,160 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.01 17:03:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.25 03:29:55 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.25 22:37:21 | 000,098,320 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (5)
[2009.01.25 22:37:21 | 000,052,503 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (4)
[2009.01.25 22:37:21 | 000,020,708 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (3)
[2009.01.25 22:37:21 | 000,009,913 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (2)
[2009.01.25 22:37:21 | 000,008,888 | ---- | C] () -- C:\Users\Admin\1232915840-(null) - Kopie
[2009.01.25 22:37:21 | 000,008,400 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie
[2009.01.25 22:37:21 | 000,006,989 | ---- | C] () -- C:\Users\Admin\1232915840-(null)
[2009.01.25 22:37:21 | 000,004,477 | ---- | C] () -- C:\Users\Admin\1232915841-(null)
[2008.08.10 09:19:33 | 000,009,913 | ---- | C] () -- C:\Users\Admin\MCCI_MDM.INF
[2008.08.10 09:19:33 | 000,009,232 | ---- | C] () -- C:\Users\Admin\USB_MOT_BRIT.INF
[2008.08.10 09:19:33 | 000,006,989 | ---- | C] () -- C:\Users\Admin\MCCI_BUS.INF
[2008.08.10 09:19:33 | 000,006,141 | ---- | C] () -- C:\Users\Admin\USBMOT2000XP.INF
[2008.08.10 09:19:33 | 000,005,960 | ---- | C] () -- C:\Users\Admin\USB_MOT_A1000.INF
[2008.08.10 09:19:33 | 000,005,880 | ---- | C] () -- C:\Users\Admin\USB_CMCS_2000.INF
[2008.08.10 09:19:33 | 000,004,477 | ---- | C] () -- C:\Users\Admin\MCCI_SDM.INF
[2008.08.10 09:19:32 | 000,007,201 | ---- | C] () -- C:\Users\Admin\USBMOT2000.INF
[2008.07.23 16:46:52 | 000,011,264 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012.03.03 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\4AC1266C-1BFF-4027-B921-ACADD9833BAB
[2012.02.25 15:12:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2010.08.31 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACT
[2012.07.31 01:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\advantage
[2012.04.16 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2012.05.22 18:25:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitdefender
[2008.07.24 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2009.09.23 06:19:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro
[2008.09.30 23:52:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2011.01.07 13:38:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2011.03.18 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media
[2012.05.14 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\f-secure
[2010.09.16 11:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010.10.13 19:36:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2012.05.16 19:40:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gearbox Software
[2009.09.27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Intalev
[2010.08.31 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IsolatedStorage
[2011.12.13 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JAM Software
[2008.10.07 02:19:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kingsoft
[2009.04.21 13:51:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KSR
[2010.03.28 15:57:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Maytec
[2010.03.28 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Maytec.net
[2008.06.21 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.05.22 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2011.11.11 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpaceMonger
[2012.06.28 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamDrive
[2010.09.29 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.03.22 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010.12.05 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Webocton - Scriptly
[2012.02.25 00:43:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis
[2010.09.28 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACT
[2010.09.28 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010.09.28 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IsolatedStorage
[2010.10.25 20:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\KSR
[2011.05.18 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010.09.29 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2012.02.25 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Acronis
[2010.08.31 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\ACT
[2011.09.15 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\AnvSoft
[2009.01.23 13:36:33 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Ashampoo
[2012.05.22 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Bitdefender
[2012.08.23 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Dropbox
[2011.03.19 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Engelmann Media
[2012.08.11 03:33:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FileZilla
[2012.05.20 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FireShot
[2010.09.19 18:17:15 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FlashGet
[2011.04.27 12:39:37 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\foobar2000
[2010.10.14 10:16:23 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FreeFLVConverter
[2009.03.11 02:51:48 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FSW2
[2012.05.19 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Gearbox Software
[2012.04.23 12:37:25 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\gizza
[2012.06.17 18:29:41 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\gtk-2.0
[2010.06.23 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Hunspell
[2012.01.01 23:45:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Icyxm
[2009.09.27 19:23:53 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Intalev
[2012.07.31 01:02:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Internet Exprorer Add-on
[2010.08.31 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\IsolatedStorage
[2008.10.07 02:19:22 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\kingsoft
[2011.11.17 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\MicroST
[2010.02.11 17:00:19 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\OpenOffice.org
[2012.03.19 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Opera
[2012.05.13 12:39:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\QuickScan
[2012.03.30 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Replay Media Catcher 4
[2010.11.01 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Scopevisio
[2010.02.04 18:32:09 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Shareaza
[2008.07.02 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\streamripper
[2009.06.23 12:50:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Talkative IRC
[2010.09.29 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\TeamViewer
[2011.10.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Tropico 3
[2012.06.10 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Ubisoft
[2009.01.01 10:41:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Video DVD Maker FREE
[2010.05.29 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\VitySoft
[2009.04.16 01:57:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Viva
[2010.12.05 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Webocton - Scriptly
[2012.06.28 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Wuala
[2011.11.09 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Xoib
[2011.04.12 11:32:13 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\YCanPDF
[2010.09.02 09:49:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ACT
[2010.09.18 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\FlashGet
[2010.09.02 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\IsolatedStorage
[2010.09.03 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2012.08.23 15:26:21 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.23 17:11:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{066A2B56-8B08-4258-B7AF-2048F8185A5A}.job
[2012.02.07 02:11:52 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8897869F-78BD-409F-A164-0F27FD38D6AE}.job
[2010.08.02 15:58:50 | 000,000,698 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Email Reminder.job
[2010.08.02 15:58:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Notification Scheduler.job
[2010.08.02 15:58:51 | 000,000,598 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Recurring Invoice.job
[2010.08.02 15:58:51 | 000,000,570 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM WorkFlow.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:1B378270312B4974
< End of report >
|
| Themen zu Polizeivirus_österreich - computerkriminalitat des criminal intelligence service Einheit 5.2 |
| 192.168.0.2, bho, canon, conduit, defender, email, excel, explorer, ezsidmv.dat, format, ftp, google earth, internet, kgygaavl.sys, locker, logfile, monitor.exe, notification, object, pc sperre österreich polizei, plug-in, pup.adware.rkn, realtek, registry, scan, search the web, server, software, trojan.agent, trojan.phex.thagen, trojan.phex.thagen6, trojan.zbotr.gen, usb, usb 3.0, vista |
Baum-Darstellung