| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unerklärlicher Übergriff, Fachleute gesucht!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2013, 15:51
| #1 |
 |  Unerklärlicher Übergriff, Fachleute gesucht! Hallo, ich habe folgendes Problem: Habe über facebook messenger gechattet, 2 mal mit der gleichen person(übers Handy). Diese Unterhaltung plus Daten aus meinem email eingang(nicht facebook), wurden per email, von meiner email adresse, an meine Freundin geschickt. Wie geht das? War in der Zeit im wlan. Danke für eure Hilfe Das hat mein Virenscan ergeben: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Ron :: HOME [Administrator] Schutz: Aktiviert 22.01.2013 15:44:41 mbam-log-2013-01-22 (15-44-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210033 Laufzeit: 23 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 c:\users\ron\downloads\uusee_setup_2007_oversea.exe (PUP.Uusee) -> Erfolgreich gelöscht und in Quarantäne gestellt. c:\users\ron\downloads\install_flash_player.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von sunsetx1 (22.01.2013 um 16:13 Uhr) |
|
22.01.2013, 16:19
| #2 |
| /// Malware-holic   | Unerklärlicher Übergriff, Fachleute gesucht! hi
__________________1. ist das wlan verschlüsselt, wenn ja wie? 2. warum hat dieses System noch nie updates gesehen, windows ist ohne Servicepack 2 zb. 3. sind das alle Malwarebytes Logs? falls nein, öffne es, Logdateien, poste Berichte mit funden. 4. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
23.01.2013, 11:25
| #3 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Hallo Markus, danke für dein engagement.ich bin ein absolutes greenhorn in sachen pc, hoffe dennoch alles richtig gemacht zu haben. das w lan ist verschlüsselt, man muss einen code eingeben.
__________________hier die daten:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.01.2013 21:02:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ron\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1012,45 Mb Total Physical Memory | 224,54 Mb Available Physical Memory | 22,18% Memory free 2,24 Gb Paging File | 0,62 Gb Available in Paging File | 27,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 320,70 Gb Total Space | 133,03 Gb Free Space | 41,48% Space Free | Partition Type: NTFS Drive D: | 14,63 Gb Total Space | 10,19 Gb Free Space | 69,67% Space Free | Partition Type: FAT32 Computer Name: HOME | User Name: Ron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.22 20:21:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.09.25 16:01:16 | 013,019,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.07.03 11:58:10 | 000,464,896 | ---- | M] (telegate MEDIA AG) -- C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE PRC - [2009.06.26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.12.13 17:51:46 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008.12.13 17:15:26 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.12.03 12:47:34 | 001,205,760 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 13:15:10 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 13:15:08 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.09.19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.06.03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.08.17 12:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2008.07.29 12:51:22 | 000,806,912 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtNetwork4.dll MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.01.19 00:53:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.17 19:30:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.12.13 17:15:26 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 13:15:10 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 13:15:08 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.26 15:09:56 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.06.26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2009.05.27 23:41:06 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 23:41:01 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 23:41:00 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.12.13 17:15:26 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008.09.15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.09.15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.09.15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.09.15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2008.01.03 14:18:13 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.04.13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=111863&tt=290312_bexdll&babsrc=SP_ss&mntrId=7618d20d000000000000001d9222e750 IE - HKCU\..\SearchScopes\{1266AF82-A6E3-4B42-B015-052395CD9A04}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultenginename,S: S", "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://www.mybiz.de/" FF - prefs.js..browser.startup.homepage: h", "hxxp://search.babylon.com/home?AF=16502&tt=110112_ncp1" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=111863&tt=290312_bexdll&babsrc=adbartrp&mntrId=7618d20d000000000000001d9222e750&q=" FF - prefs.js..keyword.URL,h: h", "hxxp://search.babylon.com/?babsrc=KW_def&AF=16502&tt=110112_ncp1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.02.10 16:38:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 00:53:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 00:53:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 00:53:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 00:53:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.09.02 13:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Extensions [2012.11.23 14:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\cmm6nye8.default\extensions [2012.11.23 14:50:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\cmm6nye8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.19 00:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 00:53:07 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2009.08.08 02:02:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.01.19 00:53:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.25 01:10:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.29 21:15:31 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 22:48:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.25 01:10:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.25 01:10:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.25 01:10:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.25 01:10:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=16502&tt=110112_ncp1&babsrc=SP_def&mntrId=7618d20d000000000000001d9222e750 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: wirtschaftslinks, links wirtschaft, portal business, business-portal, suchdienst, finanzen, geldanlage, aktien, aktienfonds, fonds, zinsen, linksammlung, wirtschaftsdienste CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Facebook Update] "C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE (telegate MEDIA AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C284AF-C7E0-4233-A052-537AA2AA7231}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c714eca0-1ca9-11df-a64c-001d9222e750}\Shell - "" = AutoRun O33 - MountPoints2\{c714eca0-1ca9-11df-a64c-001d9222e750}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{e6deb475-cd71-11dd-b366-001d9222e750}\Shell\AutoRun\command - "" = I:\EmDesk.exe O33 - MountPoints2\{e6deb475-cd71-11dd-b366-001d9222e750}\Shell\EmDesk\command - "" = I:\EmDesk.exe O33 - MountPoints2\{f0fa19d4-a6f6-11df-9a54-001d9222e750}\Shell - "" = AutoRun O33 - MountPoints2\{f0fa19d4-a6f6-11df-9a54-001d9222e750}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.22 16:27:15 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\PC Sicherheit [2013.01.22 15:42:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Malwarebytes [2013.01.22 15:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.22 15:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.22 15:41:47 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.22 15:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.22 01:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.22 01:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.22 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.22 01:08:56 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.01.22 01:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.22 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\Simply Super Software [2013.01.22 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Simply Super Software [2013.01.22 01:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.01.22 01:06:51 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll [2013.01.22 01:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.01.22 01:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.01.19 00:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.06 03:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2013.01.05 03:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\eMule [2013.01.05 03:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [2013.01.05 03:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\eMule [2013.01.03 20:40:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Mental [2013.01.03 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Poker [2013.01.03 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Yamadi [2013.01.03 20:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.03 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.03 20:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.03 20:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.03 20:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.01.03 20:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.03 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.22 21:05:06 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job [2013.01.22 21:01:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job [2013.01.22 20:50:12 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job [2013.01.22 20:35:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.22 20:31:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.22 20:19:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 20:19:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 19:01:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job [2013.01.22 16:19:25 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.22 16:19:25 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.22 16:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.22 16:19:15 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys [2013.01.22 01:24:38 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.22 01:24:38 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.21 23:50:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job [2013.01.07 16:58:51 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.07 16:58:51 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.07 16:58:51 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.07 16:58:51 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.05 19:48:51 | 000,078,336 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.05 03:09:35 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk [2013.01.03 20:25:55 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 20:03:01 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.22 01:10:11 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.22 01:10:10 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.22 01:10:04 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.22 01:09:30 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.22 01:06:51 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll [2013.01.22 01:06:51 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2013.01.22 01:06:51 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2013.01.22 01:06:51 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2013.01.05 03:09:35 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk [2013.01.03 20:25:55 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 20:03:01 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.01.03 19:56:25 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.03.29 21:16:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2008.01.03 15:29:11 | 000,078,336 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.29 17:56:13 | 000,000,091 | ---- | C] () -- C:\Users\Ron\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.02.19 20:22:41 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\ACD Systems [2011.12.28 21:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\AllDup [2012.04.09 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\BOM [2009.05.29 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Image Zone Express [2009.11.24 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\klickTel [2013.01.06 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Nokia [2009.02.10 16:40:58 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\PC Suite [2008.09.18 10:49:04 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Printer Info Cache [2012.02.10 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\QuickStoresToolbar [2010.08.07 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\RayV [2009.02.10 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Samsung [2013.01.22 01:07:07 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Simply Super Software [2011.02.14 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\TeamViewer [2012.11.01 12:31:53 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.14 21:07:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.05.30 21:23:26 | 000,000,000 | -HSD | M] -- C:\Boot [2008.03.04 16:33:06 | 000,000,000 | ---D | M] -- C:\Casino [2013.01.18 03:27:53 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.12.29 17:51:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.03.02 03:10:08 | 000,000,000 | ---D | M] -- C:\Intel [2010.08.19 23:15:43 | 000,000,000 | ---D | M] -- C:\lj631ge [2010.08.19 23:17:43 | 000,000,000 | ---D | M] -- C:\lj632 [2008.01.03 14:25:14 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.05.30 21:08:02 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.08.07 22:25:31 | 000,000,000 | ---D | M] -- C:\Poker [2013.01.22 16:14:27 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.22 15:41:52 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.12.29 17:51:31 | 000,000,000 | -HSD | M] -- C:\Programme [2013.01.22 21:06:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2007.12.29 17:55:11 | 000,000,000 | R--D | M] -- C:\Users [2013.01.03 20:34:09 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.01.19 08:33:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2007.12.29 23:42:07 | 000,000,414 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job [2009.07.01 02:46:00 | 000,001,060 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job [2009.07.01 02:46:02 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job [2010.05.27 21:34:54 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.05.27 21:34:57 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.10.01 22:40:13 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job [2011.10.01 22:40:44 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job [2012.06.07 23:08:46 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.01.22 01:10:04 | 000,000,620 | ---- | C] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.22 01:10:10 | 000,000,616 | ---- | C] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.22 01:10:11 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.02.11 03:08:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.02.11 03:08:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.10.15 21:19:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.10.15 21:19:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 08:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.19 08:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.01.22 21:16:14 | 003,932,160 | -HS- | M] () -- C:\Users\Ron\ntuser.dat [2013.01.22 21:16:14 | 000,262,144 | -H-- | M] () -- C:\Users\Ron\ntuser.dat.LOG1 [2007.12.29 17:55:34 | 000,000,000 | -H-- | M] () -- C:\Users\Ron\ntuser.dat.LOG2 [2013.01.22 16:17:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.01.22 16:17:26 | 000,524,288 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2007.12.30 00:07:17 | 000,524,288 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2007.12.29 17:55:34 | 000,000,020 | -HS- | M] () -- C:\Users\Ron\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
23.01.2013, 11:49
| #4 |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! hatt spybot oder trojan remover was gefunden? wenn ja, Berichte posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 11:56
| #5 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Die Fenster hab ich leider wieder geschlossen, nach dem scan. |
|
23.01.2013, 13:21
| #6 |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! dann öffne die Programme und schaue, ob logs gespeichert wurden, dies passiert automatisch.
__________________ --> Unerklärlicher Übergriff, Fachleute gesucht! |
|
23.01.2013, 14:48
| #7 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Hallo Markus, das folgende hab ich noch auf spybot gefunden. Hast du eine Ahnung, wie er das gemacht hat und kann ich ihn ausfindig machen? Gruss Search results from Spybot - Search & Destroy 22.01.2013 13:00:02 Scan took 11:16:29. 145 items found. Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1 Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1 Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1 Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1 Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1 Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1 Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc Babylon.Toolbar: [SBI $C2E2DFDF] Program directory (Directory, nothing done) C:\Program Files\BabylonToolbar\ Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Directory.subfile.size=330240 Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47 Directory.subfile.filedate=1312297518 Directory.subfile.filedatetext=2011-08-02 16:05:18 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Directory.subfile.size=539648 Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15 Directory.subfile.filedate=1312297490 Directory.subfile.filedatetext=2011-08-02 16:04:50 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe Directory.subfile.size=347648 Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3 Directory.subfile.filedate=1312297572 Directory.subfile.filedatetext=2011-08-02 16:06:12 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Directory.subfile.size=237680 Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988 Directory.subfile.filedate=1313324632 Directory.subfile.filedatetext=2011-08-14 13:23:52 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe Directory.subfile.size=82870 Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2 Directory.subfile.filedate=1333052188 Directory.subfile.filedatetext=2012-03-29 21:16:28 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Directory.subfile.size=270960 Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F Directory.subfile.filedate=1313324666 Directory.subfile.filedatetext=2011-08-14 13:24:26 Babylon.Toolbar: [SBI $6FD65E4E] Program directory (Directory, nothing done) C:\Program Files\BabylonToolbar\BabylonToolbar\ Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Directory.subfile.size=330240 Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47 Directory.subfile.filedate=1312297518 Directory.subfile.filedatetext=2011-08-02 16:05:18 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Directory.subfile.size=539648 Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15 Directory.subfile.filedate=1312297490 Directory.subfile.filedatetext=2011-08-02 16:04:50 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe Directory.subfile.size=347648 Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3 Directory.subfile.filedate=1312297572 Directory.subfile.filedatetext=2011-08-02 16:06:12 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Directory.subfile.size=237680 Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988 Directory.subfile.filedate=1313324632 Directory.subfile.filedatetext=2011-08-14 13:23:52 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe Directory.subfile.size=82870 Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2 Directory.subfile.filedate=1333052188 Directory.subfile.filedatetext=2012-03-29 21:16:28 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Directory.subfile.size=270960 Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F Directory.subfile.filedate=1313324666 Directory.subfile.filedatetext=2011-08-14 13:24:26 Babylon.Toolbar: [SBI $DC3E8AFA] IE start page (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\Main\Start Page Babylon.Toolbar: [SBI $BD2D2D7E] Program directory (Directory, nothing done) C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\ Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Directory.subfile.size=330240 Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47 Directory.subfile.filedate=1312297518 Directory.subfile.filedatetext=2011-08-02 16:05:18 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Directory.subfile.size=539648 Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15 Directory.subfile.filedate=1312297490 Directory.subfile.filedatetext=2011-08-02 16:04:50 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe Directory.subfile.size=347648 Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3 Directory.subfile.filedate=1312297572 Directory.subfile.filedatetext=2011-08-02 16:06:12 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Directory.subfile.size=237680 Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988 Directory.subfile.filedate=1313324632 Directory.subfile.filedatetext=2011-08-14 13:23:52 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe Directory.subfile.size=82870 Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2 Directory.subfile.filedate=1333052188 Directory.subfile.filedatetext=2012-03-29 21:16:28 Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Directory.subfile.size=270960 Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F Directory.subfile.filedate=1313324666 Directory.subfile.filedatetext=2011-08-14 13:24:26 Babylon.Toolbar: [SBI $7C2CF2C5] Program directory (Directory, nothing done) C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\ Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Directory.subfile.size=270960 Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F Directory.subfile.filedate=1313324666 Directory.subfile.filedatetext=2011-08-14 13:24:26 Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done) C:\ProgramData\Babylon\ Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Roaming\Babylon\ Directory.subfile=C:\Users\Ron\AppData\Roaming\Babylon\log_file.txt Directory.subfile.size=4099 Directory.subfile.md5=7FBDD3C464E86D9C7AAE4265091CD6F3 Directory.subfile.filedate=1333052158 Directory.subfile.filedatetext=2012-03-29 21:15:58 Babylon.Toolbar: [SBI $0C3B54D0] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Babylon\ Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\bab033.tbinst.dat Directory.subfile.size=236 Directory.subfile.md5=1EE8C638E49EE7137607722768AFC5A2 Directory.subfile.filedate=1307274978 Directory.subfile.filedatetext=2011-06-05 12:56:18 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\bab091.norecovericon.dat Directory.subfile.size=174 Directory.subfile.md5=4F6E1FDBEF102CDBD379FDAC550B9F48 Directory.subfile.filedate=1308125304 Directory.subfile.filedatetext=2011-06-15 09:08:24 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Babylon.dat Directory.subfile.size=11205 Directory.subfile.md5=8E6B33A7F03E2693A614002587A35DDD Directory.subfile.filedate=1322746935 Directory.subfile.filedatetext=2011-12-01 14:42:15 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\BExternal-9.0.3.34.zpb Directory.subfile.size=47992 Directory.subfile.md5=B4C74D56F07E5EB2996ACC2595DFA229 Directory.subfile.filedate=1333052131 Directory.subfile.filedatetext=2012-03-29 21:15:30 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\BExternal.dll Directory.subfile.size=129536 Directory.subfile.md5=DB5E9AD61B4B79E90A234D03E477F4DF Directory.subfile.filedate=1322747017 Directory.subfile.filedatetext=2011-12-01 14:43:37 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\IECookieLow.dll Directory.subfile.size=5120 Directory.subfile.md5=D1A5AEBE2A21C95D965372831FA1BEFC Directory.subfile.filedate=1322747008 Directory.subfile.filedatetext=2011-12-01 14:43:28 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb Directory.subfile.size=1149080 Directory.subfile.md5=8182E482CE818DD9AB659C5ED2202093 Directory.subfile.filedate=1333052135 Directory.subfile.filedatetext=2012-03-29 21:15:35 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Setup.exe Directory.subfile.size=1789040 Directory.subfile.md5=CA99DD593A24A7369D07DDEF76023819 Directory.subfile.filedate=1322754554 Directory.subfile.filedatetext=2011-12-01 16:49:13 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\SetupStrings.dat Directory.subfile.size=78257 Directory.subfile.md5=34546AEE591222803EC21650738AE9EE Directory.subfile.filedate=1322746937 Directory.subfile.filedatetext=2011-12-01 14:42:16 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\sqlite3.dll Directory.subfile.size=520234 Directory.subfile.md5=0F66E8E2340569FB17E774DAC2010E31 Directory.subfile.filedate=1269864168 Directory.subfile.filedatetext=2010-03-29 13:02:48 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png Directory.subfile.size=3547 Directory.subfile.md5=F42EF9814569EC9F8C120D0ED4914326 Directory.subfile.filedate=1304004693 Directory.subfile.filedatetext=2011-04-28 16:31:33 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\common.js Directory.subfile.size=3291 Directory.subfile.md5=61326FE65B7AB277221D5FD3C3D8154F Directory.subfile.filedate=1310995363 Directory.subfile.filedatetext=2011-07-18 14:22:43 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\eula.html Directory.subfile.size=79858 Directory.subfile.md5=1636D09667D7915D32F5C1B157942D70 Directory.subfile.filedate=1322754364 Directory.subfile.filedatetext=2011-12-01 16:46:04 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png Directory.subfile.size=25645 Directory.subfile.md5=D494998CD34C0FF5973635026F0805D6 Directory.subfile.filedate=1306936602 Directory.subfile.filedatetext=2011-06-01 14:56:42 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.css Directory.subfile.size=3710 Directory.subfile.md5=D4C0D08D93A6DD53B2CE883F4AD8F22C Directory.subfile.filedate=1306398580 Directory.subfile.filedatetext=2011-05-26 09:29:40 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.html Directory.subfile.size=4698 Directory.subfile.md5=29D9063A9364656B7FCA644A6B1787E8 Directory.subfile.filedate=1310995363 Directory.subfile.filedatetext=2011-07-18 14:22:43 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.js Directory.subfile.size=8138 Directory.subfile.md5=B256A4B205477A42E0FF9DFFB970798E Directory.subfile.filedate=1309852935 Directory.subfile.filedatetext=2011-07-05 09:02:15 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css Directory.subfile.size=3811 Directory.subfile.md5=4A26ECDEECFB5BD336096C42F2DE6D68 Directory.subfile.filedate=1306943377 Directory.subfile.filedatetext=2011-06-01 16:49:37 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.css Directory.subfile.size=2782 Directory.subfile.md5=613F21FD9BE71493F7F0F7F289FABA46 Directory.subfile.filedate=1310391298 Directory.subfile.filedatetext=2011-07-11 14:34:58 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.html Directory.subfile.size=3814 Directory.subfile.md5=FD652A422B85B3E5A13862375E2D80ED Directory.subfile.filedate=1320058422 Directory.subfile.filedatetext=2011-10-31 11:53:42 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.js Directory.subfile.size=3667 Directory.subfile.md5=59658B575F68F8CC30E5790720E705DE Directory.subfile.filedate=1320058422 Directory.subfile.filedatetext=2011-10-31 11:53:42 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css Directory.subfile.size=1876 Directory.subfile.md5=3ACBC4A0B720FD5DAFF11530AE9E0295 Directory.subfile.filedate=1310391298 Directory.subfile.filedatetext=2011-07-11 14:34:58 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page9.html Directory.subfile.size=667 Directory.subfile.md5=C4F7CC784A074A1F6E27CAB8AFB994FD Directory.subfile.filedate=1318252445 Directory.subfile.filedatetext=2011-10-10 14:14:04 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif Directory.subfile.size=3208 Directory.subfile.md5=26621CB27BBC94F6BAB3561791AC013B Directory.subfile.filedate=1309852936 Directory.subfile.filedatetext=2011-07-05 09:02:16 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\title1.png Directory.subfile.size=26111 Directory.subfile.md5=12EF76069CC40B8AD478D9091915DED6 Directory.subfile.filedate=1306415658 Directory.subfile.filedatetext=2011-05-26 14:14:18 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\title2.png Directory.subfile.size=45973 Directory.subfile.md5=A9E1F1F2B2628C6EE61C1E11C7288BAF Directory.subfile.filedate=1306415658 Directory.subfile.filedatetext=2011-05-26 14:14:18 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg Directory.subfile.size=19693 Directory.subfile.md5=56DC3CB42B46309E642C15167003685D Directory.subfile.filedate=1304004697 Directory.subfile.filedatetext=2011-04-28 16:31:37 Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png Directory.subfile.size=3052 Directory.subfile.md5=1385093E8869C3DE726A0D5E04D1DA97 Directory.subfile.filedate=1304004697 Directory.subfile.filedatetext=2011-04-28 16:31:37 Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry Value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName EverestPoker: [SBI $34F4B617] Uninstall settings (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker EverestPoker: [SBI $34F4B617] Uninstall settings (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker EverestPoker: [SBI $EB906E36] Program directory (Directory, nothing done) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\ Directory.subfile=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Everest Poker.lnk Directory.subfile.size=1797 Directory.subfile.md5=F507471579B659B206E723C829D0F20C Directory.subfile.filedate=1225298310 Directory.subfile.filedatetext=2008-10-29 17:38:30 Directory.subfile=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Uninstall Everest Poker.lnk Directory.subfile.size=1775 Directory.subfile.md5=60B08413FABC1F50EEBCB9F97B673BD5 Directory.subfile.filedate=1225298310 Directory.subfile.filedatetext=2008-10-29 17:38:30 EverestPoker: [SBI $42D10C04] Program directory (Directory, nothing done) C:\Program Files\Everest Poker\ Directory.subfile=C:\Program Files\Everest Poker\casino.exe Directory.subfile.size=21612 Directory.subfile.md5=D395E4F51AD4BD700EE27006D26A5C8D Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 Directory.subfile=C:\Program Files\Everest Poker\cstart.exe Directory.subfile.size=150016 Directory.subfile.md5=3925AB22CD5DF9AB0ADD52D53AC30FDE Directory.subfile.filedate=1254853077 Directory.subfile.filedatetext=2009-10-06 19:17:56 Directory.subfile=C:\Program Files\Everest Poker\Everest Poker.exe Directory.subfile.size=145920 Directory.subfile.md5=7D278D52FAA148C02F959E618365805B Directory.subfile.filedate=1225298298 Directory.subfile.filedatetext=2008-10-29 17:38:17 Directory.subfile=C:\Program Files\Everest Poker\gvbase.dll Directory.subfile.size=606208 Directory.subfile.md5=EA9F4F958155711E6CB3BC7642050F3E Directory.subfile.filedate=1254853078 Directory.subfile.filedatetext=2009-10-06 19:17:57 Directory.subfile=C:\Program Files\Everest Poker\gvcrt.dll Directory.subfile.size=105984 Directory.subfile.md5=321BF926751CCA4E6364805127410B7C Directory.subfile.filedate=1225298302 Directory.subfile.filedatetext=2008-10-29 17:38:21 Directory.subfile=C:\Program Files\Everest Poker\gvgfx-dib.dll Directory.subfile.size=180224 Directory.subfile.md5=F99F9AD45F139CC8433CC7DD440928BF Directory.subfile.filedate=1254853079 Directory.subfile.filedatetext=2009-10-06 19:17:58 Directory.subfile=C:\Program Files\Everest Poker\gvgfx.dll Directory.subfile.size=1069056 Directory.subfile.md5=9A98107085556B2894EE7078A85ABD45 Directory.subfile.filedate=1254853080 Directory.subfile.filedatetext=2009-10-06 19:18:00 Directory.subfile=C:\Program Files\Everest Poker\gvmain.dll Directory.subfile.size=2711552 Directory.subfile.md5=D0A81EAD946D88D04F5191D64319D3AE Directory.subfile.filedate=1254853084 Directory.subfile.filedatetext=2009-10-06 19:18:04 Directory.subfile=C:\Program Files\Everest Poker\gvmain.exe Directory.subfile.size=21612 Directory.subfile.md5=D395E4F51AD4BD700EE27006D26A5C8D Directory.subfile.filedate=1225298308 Directory.subfile.filedatetext=2008-10-29 17:38:27 Directory.subfile=C:\Program Files\Everest Poker\gvnetwork.dll Directory.subfile.size=192512 Directory.subfile.md5=B7CF960EEEF89399D325219735726B22 Directory.subfile.filedate=1254853085 Directory.subfile.filedatetext=2009-10-06 19:18:05 Directory.subfile=C:\Program Files\Everest Poker\gvsound.dll Directory.subfile.size=217088 Directory.subfile.md5=41DE00D8DA8BC6A632BAA9150273E8FB Directory.subfile.filedate=1254853086 Directory.subfile.filedatetext=2009-10-06 19:18:06 Directory.subfile=C:\Program Files\Everest Poker\init.ini Directory.subfile.size=869 Directory.subfile.md5=7DF585C57B0542D78458636344ACA000 Directory.subfile.filedate=1225298298 Directory.subfile.filedatetext=2008-10-29 17:38:17 Directory.subfile=C:\Program Files\Everest Poker\log.dat Directory.subfile.size=4096 Directory.subfile.md5=B947D47E32C8D485A648AB4150851761 Directory.subfile.filedate=1254853252 Directory.subfile.filedatetext=2009-10-06 19:20:52 Directory.subfile=C:\Program Files\Everest Poker\settings.ini Directory.subfile.size=1300 Directory.subfile.md5=7E4F34CDD6A74ED5464DAF893037D578 Directory.subfile.filedate=1254853252 Directory.subfile.filedatetext=2009-10-06 19:20:52 Directory.subfile=C:\Program Files\Everest Poker\toc_de.ini Directory.subfile.size=3623 Directory.subfile.md5=B39E821F594C25C32A3D6E3CF27DD860 Directory.subfile.filedate=1254853100 Directory.subfile.filedatetext=2009-10-06 19:18:20 Directory.subfile=C:\Program Files\Everest Poker\var\content-de.dat Directory.subfile.size=10138 Directory.subfile.md5=339AFE20A6B8CD629ED26118B38DFBE4 Directory.subfile.filedate=1254853234 Directory.subfile.filedatetext=2009-10-06 19:20:34 Directory.subfile=C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf Directory.subfile.size=72988 Directory.subfile.md5=758A121697F57FE4E943CB330A36DBBD Directory.subfile.filedate=1225298329 Directory.subfile.filedatetext=2008-10-29 17:38:48 Directory.subfile=C:\Program Files\Everest Poker\data\mp-lobby\de.gvt Directory.subfile.size=215040 Directory.subfile.md5=48B94B9DE72AF31152B3B8D8A75E7715 Directory.subfile.filedate=1254853119 Directory.subfile.filedatetext=2009-10-06 19:18:39 Directory.subfile=C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt Directory.subfile.size=808960 Directory.subfile.md5=8D6B463AE211BF07665D3F0F416FD3A3 Directory.subfile.filedate=1254853120 Directory.subfile.filedatetext=2009-10-06 19:18:40 Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\shared.gvt Directory.subfile.size=3358720 Directory.subfile.md5=A99DACDE0699AE5D56D1965079BFEEAE Directory.subfile.filedate=1254853121 Directory.subfile.filedatetext=2009-10-06 19:18:41 Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt Directory.subfile.size=614400 Directory.subfile.md5=22985F760F301E64C2F0A3E01E69ED17 Directory.subfile.filedate=1254853112 Directory.subfile.filedatetext=2009-10-06 19:18:31 Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\bitmaps.gvt Directory.subfile.size=10240 Directory.subfile.md5=17E9D25383A4553C5523EC85B13779CE Directory.subfile.filedate=1254853113 Directory.subfile.filedatetext=2009-10-06 19:18:32 Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\mp-poker_strings.txt Directory.subfile.size=22820 Directory.subfile.md5=E21FDB9B6FF5B1FA74EFA11E1E29380E Directory.subfile.filedate=1254853114 Directory.subfile.filedatetext=2009-10-06 19:18:33 Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\mp-poker_tutorial.txt Directory.subfile.size=22021 Directory.subfile.md5=E98B1BCD1557B070CD5430095484BD40 Directory.subfile.filedate=1225298321 Directory.subfile.filedatetext=2008-10-29 17:38:41 Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\country.txt Directory.subfile.size=6280 Directory.subfile.md5=F996ADE97E9DA5D583B92C04A7EFFBE3 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\language.txt Directory.subfile.size=748 Directory.subfile.md5=6FB842BDCA1976A90BD4AD7979913270 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\ordinal.txt Directory.subfile.size=166 Directory.subfile.md5=DDC093B4775961559798C563AA6C9527 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\startup\de\cstart.txt Directory.subfile.size=612 Directory.subfile.md5=E5F90BC92E2CEB087CE34B7348B6E120 Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 Directory.subfile=C:\Program Files\Everest Poker\data\startup\de\startup_strings.txt Directory.subfile.size=8021 Directory.subfile.md5=D521809E463BE65B442FAE88B9172411 Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 Directory.subfile=C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt Directory.subfile.size=7047 Directory.subfile.md5=2988076710763141097AB3E5F3A38F04 Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt Directory.subfile.size=10240 Directory.subfile.md5=B6F698D58C22B7897E323E6F3F26DCB9 Directory.subfile.filedate=1254853109 Directory.subfile.filedatetext=2009-10-06 19:18:28 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art Directory.subfile.size=460 Directory.subfile.md5=E84F53F544490D26842951BEB21E27F3 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art Directory.subfile.size=4590 Directory.subfile.md5=AFB27703EA6BBC0D560A459187193E0E Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg Directory.subfile.size=6292 Directory.subfile.md5=0B1DD18799788F99097338AA7069187C Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg Directory.subfile.size=8358 Directory.subfile.md5=ACAB5D35647FE451BB3CB75BA6F72440 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg Directory.subfile.size=10180 Directory.subfile.md5=A659FA76BF36682CC44F949CDFDAC103 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg Directory.subfile.size=5224 Directory.subfile.md5=5239EBF845B1D6B547F944363F67BAC7 Directory.subfile.filedate=1225298318 Directory.subfile.filedatetext=2008-10-29 17:38:38 Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art Directory.subfile.size=38819 Directory.subfile.md5=DF474031AD2F3FB67F01EA37E009515F Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico Directory.subfile.size=25214 Directory.subfile.md5=85F38EC724F75DB5A5B9A5A507E50FEA Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:19 Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg Directory.subfile.size=9431 Directory.subfile.md5=CB6254344BDDC1DB0B37EB67928D31AE Directory.subfile.filedate=1225298300 Directory.subfile.filedatetext=2008-10-29 17:38:20 EverestPoker: [SBI $012980E0] Executable (File, nothing done) C:\Program Files\Everest Poker\casino.exe Properties.size=21612 Properties.md5=D395E4F51AD4BD700EE27006D26A5C8D Properties.filedate=1225298300 Properties.filedatetext=2008-10-29 17:38:20 EverestPoker: [SBI $55F744B5] Library (File, nothing done) C:\Program Files\Everest Poker\gvcrt.dll Properties.size=105984 Properties.md5=321BF926751CCA4E6364805127410B7C Properties.filedate=1225298302 Properties.filedatetext=2008-10-29 17:38:21 EverestPoker: [SBI $E1EE1856] Executable (File, nothing done) C:\Program Files\Everest Poker\gvmain.exe Properties.size=21612 Properties.md5=D395E4F51AD4BD700EE27006D26A5C8D Properties.filedate=1225298308 Properties.filedatetext=2008-10-29 17:38:27 EverestPoker: [SBI $6608D1A7] Text file (File, nothing done) C:\Program Files\Everest Poker\data\shared\de\language.txt Properties.size=748 Properties.md5=6FB842BDCA1976A90BD4AD7979913270 Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $7BF77F2C] Text file (File, nothing done) C:\Program Files\Everest Poker\data\shared\de\ordinal.txt Properties.size=166 Properties.md5=DDC093B4775961559798C563AA6C9527 Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $EF3D122C] Picture (File, nothing done) C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art Properties.size=4590 Properties.md5=AFB27703EA6BBC0D560A459187193E0E Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $28C86989] Sound file (File, nothing done) C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg Properties.size=6292 Properties.md5=0B1DD18799788F99097338AA7069187C Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $C3345D6A] Sound file (File, nothing done) C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg Properties.size=8358 Properties.md5=ACAB5D35647FE451BB3CB75BA6F72440 Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $C6CE616E] Sound file (File, nothing done) C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg Properties.size=10180 Properties.md5=A659FA76BF36682CC44F949CDFDAC103 Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $C282539E] Sound file (File, nothing done) C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg Properties.size=5224 Properties.md5=5239EBF845B1D6B547F944363F67BAC7 Properties.filedate=1225298318 Properties.filedatetext=2008-10-29 17:38:38 EverestPoker: [SBI $2CC1875F] Picture (File, nothing done) C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico Properties.size=25214 Properties.md5=85F38EC724F75DB5A5B9A5A507E50FEA Properties.filedate=1225298300 Properties.filedatetext=2008-10-29 17:38:19 EverestPoker: [SBI $381CFDB8] Sound file (File, nothing done) C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg Properties.size=9431 Properties.md5=CB6254344BDDC1DB0B37EB67928D31AE Properties.filedate=1225298300 Properties.filedatetext=2008-10-29 17:38:20 EverestPoker: [SBI $C42AAFB3] User settings (Registry Value, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Grand Virtual\XD3C Facebook.Messenger: [SBI $917BFFAB] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\ Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi Directory.subfile.size=45056 Directory.subfile.md5=579FF5AF5C46242257C56E4D995C4865 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll Directory.subfile.size=686960 Directory.subfile.md5=49D3F53BEA86A4EFEFA53550E0DBFDB1 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll Directory.subfile.size=26480 Directory.subfile.md5=245C905CB32EE583B58E67041817AB3D Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll Directory.subfile.size=29552 Directory.subfile.md5=928B67BC1C6290A7A83C03C1026F11BE Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll Directory.subfile.size=28528 Directory.subfile.md5=250EA8B66EA9A455729466C29180D453 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll Directory.subfile.size=29040 Directory.subfile.md5=5BA1698F71EF08E6BFEBC31DBDE96CE7 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll Directory.subfile.size=28528 Directory.subfile.md5=8FFC4A8F1E181ABD7091404F30307DEC Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll Directory.subfile.size=28528 Directory.subfile.md5=2CBD4F2B68728CFDB002FC847AEF4CEE Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll Directory.subfile.size=30064 Directory.subfile.md5=81EB95166B3C26C4229997100C380A64 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll Directory.subfile.size=30576 Directory.subfile.md5=68538B8FD01085017F6AA9A21B4C0C93 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll Directory.subfile.size=27504 Directory.subfile.md5=9A06D1681F83ACBA866F10B533A29A39 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll Directory.subfile.size=27504 Directory.subfile.md5=E79CAF0620FCA23560EFB8AC7C45E9A4 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll Directory.subfile.size=28528 Directory.subfile.md5=183F0F95486CE4C6FA415B57788D4811 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll Directory.subfile.size=30064 Directory.subfile.md5=118C1DCD37F48B288DDAB6406C61885B Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll Directory.subfile.size=28016 Directory.subfile.md5=7CD0531FCB03A999487F9F686A225C6A Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll Directory.subfile.size=26992 Directory.subfile.md5=DF5344C5FF431016A2E724DE7C5877E5 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll Directory.subfile.size=28528 Directory.subfile.md5=EB259F25CAFDD2C90D1FE88B55633433 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll Directory.subfile.size=29552 Directory.subfile.md5=D7052C201E03A48DD5F5701A90D070EB Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll Directory.subfile.size=30064 Directory.subfile.md5=95189C946904AFDEAD9E86C7558B1E08 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll Directory.subfile.size=28528 Directory.subfile.md5=C53E6E5215A9451ADF9191D993B26218 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll Directory.subfile.size=28016 Directory.subfile.md5=6B6AD952A21EA7E2B8EA4CB0B62845EA Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll Directory.subfile.size=29040 Directory.subfile.md5=79CB4E19373D532F6EF633186764ACD6 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll Directory.subfile.size=29552 Directory.subfile.md5=C80151966BA529CA392800917C616C13 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll Directory.subfile.size=28016 Directory.subfile.md5=9C49FD934BF47C77153BAD231131A16A Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll Directory.subfile.size=28016 Directory.subfile.md5=B3C7E8C9104645FFBB37DEE8FCCB51B0 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll Directory.subfile.size=29552 Directory.subfile.md5=FD00E6E085CB4490C3AA69984866F8FD Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll Directory.subfile.size=25456 Directory.subfile.md5=756C427AC238F793DB221AA2A8E82B28 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll Directory.subfile.size=23920 Directory.subfile.md5=A441431E92D5AE2AEF50234A5E3DA636 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll Directory.subfile.size=28016 Directory.subfile.md5=1121612A178AA31132D0AECCA5AEF5F3 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll Directory.subfile.size=23920 Directory.subfile.md5=9C8A79DA591BE82B25E090B52AA244F5 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll Directory.subfile.size=28016 Directory.subfile.md5=5290DDB098DD7F5B8E262C3B1083C330 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll Directory.subfile.size=29040 Directory.subfile.md5=F807CFB05E71764FE766E67D1A6C778D Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll Directory.subfile.size=31088 Directory.subfile.md5=270AF00622A795A89E77AE9C1F1D20EA Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll Directory.subfile.size=28016 Directory.subfile.md5=81CAD769D1BEB6E87934E3B97E5D9A54 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll Directory.subfile.size=28016 Directory.subfile.md5=C2F52F75C8F480255B6394CD22797A2A Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll Directory.subfile.size=29552 Directory.subfile.md5=B667561D8C6A0A1BAF69D6424C66FC7E Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll Directory.subfile.size=28528 Directory.subfile.md5=EB302E73B57EB99025A678118A8C7930 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll Directory.subfile.size=28528 Directory.subfile.md5=6FD10DE5279A85C9F8CF55EEC4B109B2 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll Directory.subfile.size=29552 Directory.subfile.md5=B09DDAA27BDA52C6E7FBB185BC79A5F4 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll Directory.subfile.size=29040 Directory.subfile.md5=FB50E8BF12C2042D70280D88921E1031 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll Directory.subfile.size=28528 Directory.subfile.md5=20812EBB25389A18CD66D7410FAD459B Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll Directory.subfile.size=29552 Directory.subfile.md5=9DC3F69B7DF214F88E605D94B167CE99 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll Directory.subfile.size=28016 Directory.subfile.md5=B3F59E99F1D368611630C81C7DED2175 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll Directory.subfile.size=28528 Directory.subfile.md5=695A19229311A4C83CE44C62FB4CA6A8 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll Directory.subfile.size=29040 Directory.subfile.md5=E33089260B0D52B567A6E3E80F54F812 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll Directory.subfile.size=28528 Directory.subfile.md5=A151B0B290FDFC8B76BDBC6ABDD39BA2 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll Directory.subfile.size=28016 Directory.subfile.md5=86A09E67219FD5294D30E2BD70F24141 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll Directory.subfile.size=29552 Directory.subfile.md5=2EBC6C11B60DA1E995ED96CEF7B443FA Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll Directory.subfile.size=29040 Directory.subfile.md5=1B4EC82DE451C102C4A3DFF0565A4182 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll Directory.subfile.size=26992 Directory.subfile.md5=DF798E15FEEB265076AA5579596B71C7 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll Directory.subfile.size=28528 Directory.subfile.md5=7DBA96EAAFD9F4DC387EA713C72B22CC Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll Directory.subfile.size=28528 Directory.subfile.md5=E5CFA8BC9BDA6F4FA626D7B3CF292159 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll Directory.subfile.size=28016 Directory.subfile.md5=0B92E9530F35A51302A3ABA913C9B173 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll Directory.subfile.size=27504 Directory.subfile.md5=F5142E69070228FB8D3868BC19108F82 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll Directory.subfile.size=21872 Directory.subfile.md5=2DED5194BB4CA4F4E11C5CEF5B4DDB7D Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll Directory.subfile.size=21872 Directory.subfile.md5=416130658D96FFB77F6253499C11AFB6 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\shared.lck Directory.subfile.size=0 Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E Directory.subfile.filedate=1317505503 Directory.subfile.filedatetext=2011-10-01 22:45:02 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\shared.xml Directory.subfile.size=55463 Directory.subfile.md5=4AD053E1C855661F00D1A173EC3B90ED Directory.subfile.filedate=1346600055 Directory.subfile.filedatetext=2012-09-02 16:34:15 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe Directory.subfile.size=3933584 Directory.subfile.md5=7CDC2CC95CF83B07CA26E46D971115B9 Directory.subfile.filedate=1349995386 Directory.subfile.filedatetext=2012-10-11 23:43:06 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll Directory.subfile.size=1075600 Directory.subfile.md5=0B31B0F8FA99CFD009C8FBEA9E20C9DE Directory.subfile.filedate=1349995384 Directory.subfile.filedatetext=2012-10-11 23:43:04 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt Directory.subfile.size=7368 Directory.subfile.md5=DCE4889F1D3B1B78191C9577D2911701 Directory.subfile.filedate=1349994936 Directory.subfile.filedatetext=2012-10-11 23:35:36 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\config.lck Directory.subfile.size=0 Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E Directory.subfile.filedate=1317505510 Directory.subfile.filedatetext=2011-10-01 22:45:09 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\config.xml Directory.subfile.size=1702 Directory.subfile.md5=89A4465D620DF9C8EB8D598015C93EBD Directory.subfile.filedate=1326128627 Directory.subfile.filedatetext=2012-01-09 18:03:47 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\contactgro up256.dbb Directory.subfile.size=2925 Directory.subfile.md5=0B6B64C96743CC20957071B9F11828D7 Directory.subfile.filedate=1317505515 Directory.subfile.filedatetext=2011-10-01 22:45:15 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\index2.dat Directory.subfile.size=224 Directory.subfile.md5=31CCAC9AF91242FE0991373A7BC4B282 Directory.subfile.filedate=1317505516 Directory.subfile.filedatetext=2011-10-01 22:45:16 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\main.lock Directory.subfile.size=0 Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E Directory.subfile.filedate=1317505511 Directory.subfile.filedatetext=2011-10-01 22:45:11 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\profile256 .dbb Directory.subfile.size=98 Directory.subfile.md5=954CA3892AEE59290D9A9D821BA23458 Directory.subfile.filedate=1326128624 Directory.subfile.filedatetext=2012-01-09 18:03:43 Facebook.Messenger: [SBI $21F6393C] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\CrashReports\ Facebook.Messenger: [SBI $05D5B32B] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\Update\ Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe Directory.subfile.size=138096 Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi Directory.subfile.size=45056 Directory.subfile.md5=579FF5AF5C46242257C56E4D995C4865 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll Directory.subfile.size=686960 Directory.subfile.md5=49D3F53BEA86A4EFEFA53550E0DBFDB1 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll Directory.subfile.size=26480 Directory.subfile.md5=245C905CB32EE583B58E67041817AB3D Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll Directory.subfile.size=29552 Directory.subfile.md5=928B67BC1C6290A7A83C03C1026F11BE Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll Directory.subfile.size=28528 Directory.subfile.md5=250EA8B66EA9A455729466C29180D453 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll Directory.subfile.size=29040 Directory.subfile.md5=5BA1698F71EF08E6BFEBC31DBDE96CE7 Directory.subfile.filedate=1342043127 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll Directory.subfile.size=28528 Directory.subfile.md5=8FFC4A8F1E181ABD7091404F30307DEC Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll Directory.subfile.size=28528 Directory.subfile.md5=2CBD4F2B68728CFDB002FC847AEF4CEE Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll Directory.subfile.size=30064 Directory.subfile.md5=81EB95166B3C26C4229997100C380A64 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll Directory.subfile.size=30576 Directory.subfile.md5=68538B8FD01085017F6AA9A21B4C0C93 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll Directory.subfile.size=27504 Directory.subfile.md5=9A06D1681F83ACBA866F10B533A29A39 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll Directory.subfile.size=27504 Directory.subfile.md5=E79CAF0620FCA23560EFB8AC7C45E9A4 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll Directory.subfile.size=28528 Directory.subfile.md5=183F0F95486CE4C6FA415B57788D4811 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll Directory.subfile.size=30064 Directory.subfile.md5=118C1DCD37F48B288DDAB6406C61885B Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll Directory.subfile.size=28016 Directory.subfile.md5=7CD0531FCB03A999487F9F686A225C6A Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll Directory.subfile.size=26992 Directory.subfile.md5=DF5344C5FF431016A2E724DE7C5877E5 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll Directory.subfile.size=28528 Directory.subfile.md5=EB259F25CAFDD2C90D1FE88B55633433 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll Directory.subfile.size=29552 Directory.subfile.md5=D7052C201E03A48DD5F5701A90D070EB Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll Directory.subfile.size=30064 Directory.subfile.md5=95189C946904AFDEAD9E86C7558B1E08 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll Directory.subfile.size=28528 Directory.subfile.md5=C53E6E5215A9451ADF9191D993B26218 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll Directory.subfile.size=28016 Directory.subfile.md5=6B6AD952A21EA7E2B8EA4CB0B62845EA Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:27 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll Directory.subfile.size=29040 Directory.subfile.md5=79CB4E19373D532F6EF633186764ACD6 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll Directory.subfile.size=29552 Directory.subfile.md5=C80151966BA529CA392800917C616C13 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll Directory.subfile.size=28016 Directory.subfile.md5=9C49FD934BF47C77153BAD231131A16A Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll Directory.subfile.size=28016 Directory.subfile.md5=B3C7E8C9104645FFBB37DEE8FCCB51B0 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll Directory.subfile.size=29552 Directory.subfile.md5=FD00E6E085CB4490C3AA69984866F8FD Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll Directory.subfile.size=25456 Directory.subfile.md5=756C427AC238F793DB221AA2A8E82B28 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll Directory.subfile.size=23920 Directory.subfile.md5=A441431E92D5AE2AEF50234A5E3DA636 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll Directory.subfile.size=28016 Directory.subfile.md5=1121612A178AA31132D0AECCA5AEF5F3 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll Directory.subfile.size=23920 Directory.subfile.md5=9C8A79DA591BE82B25E090B52AA244F5 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll Directory.subfile.size=28016 Directory.subfile.md5=5290DDB098DD7F5B8E262C3B1083C330 Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll Directory.subfile.size=29040 Directory.subfile.md5=F807CFB05E71764FE766E67D1A6C778D Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll Directory.subfile.size=31088 Directory.subfile.md5=270AF00622A795A89E77AE9C1F1D20EA Directory.subfile.filedate=1342043128 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll Directory.subfile.size=28016 Directory.subfile.md5=81CAD769D1BEB6E87934E3B97E5D9A54 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll Directory.subfile.size=28016 Directory.subfile.md5=C2F52F75C8F480255B6394CD22797A2A Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll Directory.subfile.size=29552 Directory.subfile.md5=B667561D8C6A0A1BAF69D6424C66FC7E Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll Directory.subfile.size=28528 Directory.subfile.md5=EB302E73B57EB99025A678118A8C7930 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll Directory.subfile.size=28528 Directory.subfile.md5=6FD10DE5279A85C9F8CF55EEC4B109B2 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll Directory.subfile.size=29552 Directory.subfile.md5=B09DDAA27BDA52C6E7FBB185BC79A5F4 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll Directory.subfile.size=29040 Directory.subfile.md5=FB50E8BF12C2042D70280D88921E1031 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll Directory.subfile.size=28528 Directory.subfile.md5=20812EBB25389A18CD66D7410FAD459B Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll Directory.subfile.size=29552 Directory.subfile.md5=9DC3F69B7DF214F88E605D94B167CE99 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll Directory.subfile.size=28016 Directory.subfile.md5=B3F59E99F1D368611630C81C7DED2175 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll Directory.subfile.size=28528 Directory.subfile.md5=695A19229311A4C83CE44C62FB4CA6A8 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll Directory.subfile.size=29040 Directory.subfile.md5=E33089260B0D52B567A6E3E80F54F812 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll Directory.subfile.size=28528 Directory.subfile.md5=A151B0B290FDFC8B76BDBC6ABDD39BA2 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll Directory.subfile.size=28016 Directory.subfile.md5=86A09E67219FD5294D30E2BD70F24141 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll Directory.subfile.size=29552 Directory.subfile.md5=2EBC6C11B60DA1E995ED96CEF7B443FA Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll Directory.subfile.size=29040 Directory.subfile.md5=1B4EC82DE451C102C4A3DFF0565A4182 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll Directory.subfile.size=26992 Directory.subfile.md5=DF798E15FEEB265076AA5579596B71C7 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:28 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll Directory.subfile.size=28528 Directory.subfile.md5=7DBA96EAAFD9F4DC387EA713C72B22CC Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll Directory.subfile.size=28528 Directory.subfile.md5=E5CFA8BC9BDA6F4FA626D7B3CF292159 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll Directory.subfile.size=28016 Directory.subfile.md5=0B92E9530F35A51302A3ABA913C9B173 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll Directory.subfile.size=27504 Directory.subfile.md5=F5142E69070228FB8D3868BC19108F82 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll Directory.subfile.size=21872 Directory.subfile.md5=2DED5194BB4CA4F4E11C5CEF5B4DDB7D Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll Directory.subfile.size=21872 Directory.subfile.md5=416130658D96FFB77F6253499C11AFB6 Directory.subfile.filedate=1342043129 Directory.subfile.filedatetext=2012-07-11 22:45:29 Facebook.Messenger: [SBI $CC858234] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\Update\Download\ Facebook.Messenger: [SBI $EA825272] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\Update\Manifest\ Facebook.Messenger: [SBI $EB8149C2] Program directory (Directory, nothing done) C:\Users\Ron\AppData\Local\Facebook\Update\Manifest\Initial\ Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn.yycast.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=66D8DFAF8C5156ACE7F12B1C43FAF551 Properties.filedate=1352002603 Properties.filedatetext=2012-11-04 05:16:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.videobash.com\com.jeroenwijering.sol Properties.size=64 Properties.md5=D36E62FB39F47B79032009854CEBC93C Properties.filedate=1355050638 Properties.filedatetext=2012-12-09 11:57:17 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\files.leton.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=8CA6CAE776AD9A709175EB9AD147C0AB Properties.filedate=1352002729 Properties.filedatetext=2012-11-04 05:18:48 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\fr-himedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol Properties.size=113 Properties.md5=7A524CC0856DC19F3FD4B7AF0397ECFC Properties.filedate=1352045011 Properties.filedatetext=2012-11-04 17:03:31 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\fr-himedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol Properties.size=121 Properties.md5=F2F4C4E80F929CF45177E77EC3262BF1 Properties.filedate=1352110066 Properties.filedatetext=2012-11-05 11:07:46 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\images.allocine.fr\AcV_Config.sol Properties.size=64 Properties.md5=E5160514647482AB287942652CC2D208 Properties.filedate=1356798950 Properties.filedatetext=2012-12-29 17:35:49 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\nimg.joyclub.de\fupvid.sol Properties.size=67 Properties.md5=CF13BB7D91E405E4B3514990057F10FD Properties.filedate=1353428463 Properties.filedatetext=2012-11-20 17:21:02 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\auth.sol Properties.size=70 Properties.md5=F829BA6857428AA959FB60F3A9F93E91 Properties.filedate=1358595469 Properties.filedatetext=2013-01-19 12:37:48 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\auth2.sol Properties.size=132 Properties.md5=3F0D6EE65617CDEF120E3F40A2C9C754 Properties.filedate=1358595529 Properties.filedatetext=2013-01-19 12:38:48 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\perf.sol Properties.size=122 Properties.md5=12B8F6986EED46F4DB3ABB24806388D3 Properties.filedate=1358595505 Properties.filedatetext=2013-01-19 12:38:25 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\polpix.sueddeutsche.de\de.sueddeutsche.videoplayer.sol Properties.size=66 Properties.md5=8FF63BB20EA6274EBE56D08A9C874658 Properties.filedate=1356798263 Properties.filedatetext=2012-12-29 17:24:23 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\pub.widgetbox.com\wbx_cookie.sol Properties.size=42 Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134 Properties.filedate=1352741450 Properties.filedatetext=2012-11-12 18:30:50 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\analytics.sol Properties.size=563 Properties.md5=D52A72E33498A1DA27ED6B860FAB595C Properties.filedate=1352125199 Properties.filedatetext=2012-11-05 15:19:58 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\userItemRanks.sol Properties.size=71 Properties.md5=A780F9FD3EAA0B0DFDE9D04B3818A427 Properties.filedate=1352124979 Properties.filedatetext=2012-11-05 15:16:19 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\vpPrefs.sol Properties.size=40 Properties.md5=0F551541154188563496B48BF16BA8AB Properties.filedate=1352124978 Properties.filedatetext=2012-11-05 15:16:17 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.ytimg.com\soundData.sol Properties.size=49 Properties.md5=BBB5CBBE6D7D2278260C2628F1AA7B23 Properties.filedate=1358463786 Properties.filedatetext=2013-01-18 00:03:06 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.ytimg.com\videostats.sol Properties.size=275 Properties.md5=6D2DF57C69E665FD5A213D571583F221 Properties.filedate=1358463948 Properties.filedatetext=2013-01-18 00:05:48 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggCvar.sol Properties.size=74 Properties.md5=3BBE3FCD5C2D1CB07BDD2AB8B19D737A Properties.filedate=1352129355 Properties.filedatetext=2012-11-05 16:29:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggCvar_temp.sol Properties.size=79 Properties.md5=4F846A46C9CC67B7348F36EAA40A5A5C Properties.filedate=1352129354 Properties.filedatetext=2012-11-05 16:29:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_1.sol Properties.size=248 Properties.md5=2774A15FD6F0B44DFC9574B9016E5D26 Properties.filedate=1358633379 Properties.filedatetext=2013-01-19 23:09:38 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_2.sol Properties.size=248 Properties.md5=D5067DF8508AB70CC007A0702970EFE3 Properties.filedate=1358633380 Properties.filedatetext=2013-01-19 23:09:39 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_3.sol Properties.size=191 Properties.md5=AAD3FB082C99202BE5FD01DE73DFE680 Properties.filedate=1358633395 Properties.filedatetext=2013-01-19 23:09:55 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_4.sol Properties.size=248 Properties.md5=DC2B5B96AE5E7ECFFF9E37AD4ADBB339 Properties.filedate=1358633440 Properties.filedatetext=2013-01-19 23:10:39 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_5.sol Properties.size=248 Properties.md5=D7CD11D6F3C5526CAEEC958EB7040845 Properties.filedate=1358633434 Properties.filedatetext=2013-01-19 23:10:33 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\static.ilive.to\com.jeroenwijering.sol Properties.size=64 Properties.md5=81BED0B00E0660999EA90A9F8FCDD013 Properties.filedate=1354457011 Properties.filedatetext=2012-12-02 15:03:30 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\streamcloud.eu\com.jeroenwijering.sol Properties.size=64 Properties.md5=0A9E67747EC02604B006B689376E7BA3 Properties.filedate=1355254910 Properties.filedatetext=2012-12-11 20:41:49 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.ecostream.tv\com.jeroenwijering.sol Properties.size=71 Properties.md5=41C1BB8E9F17F66ACE6BD7C64FB7CD17 Properties.filedate=1357673331 Properties.filedatetext=2013-01-08 20:28:51 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.extremetube.com\com.conviva.livePass.sol Properties.size=224 Properties.md5=70C6336A0BF6FD357A63EB08CAC68916 Properties.filedate=1354116000 Properties.filedatetext=2012-11-28 16:20:00 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.paypalobjects.com\paypalLSO.sol Properties.size=111 Properties.md5=012F0E04A7BE04AF0741E38D2EE79DA6 Properties.filedate=1354285789 Properties.filedatetext=2012-11-30 15:29:49 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.paypalobjects.com\ppLsoTest.sol Properties.size=48 Properties.md5=74EE4375686A2069414EEF13E7B62789 Properties.filedate=1354285765 Properties.filedatetext=2012-11-30 15:29:25 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.swr.de\com.jeroenwijering.sol Properties.size=70 Properties.md5=1212DF3295515B16DD1CBE6D011FE52E Properties.filedate=1356884819 Properties.filedatetext=2012-12-30 17:26:59 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\yesload.net\com.jeroenwijering.sol Properties.size=64 Properties.md5=50852802483D79919B9A929DF1590147 Properties.filedate=1354032396 Properties.filedatetext=2012-11-27 17:06:35 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\777livecams.com\flc.swf\cid.sol Properties.size=35 Properties.md5=5850DD69D3F277466B8E5B0320C11DA7 Properties.filedate=1353696147 Properties.filedatetext=2012-11-23 19:42:27 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\skype.com\#ui\preferences.sol Properties.size=234 Properties.md5=142BDF3135E1F5A6CAB03CCAA0F8F1A0 Properties.filedate=1358814584 Properties.filedatetext=2013-01-22 01:29:43 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\track.webgains.com\wg.swf\4034.sol Properties.size=319 Properties.md5=AA73C958F3413CF393DC894A1BCBCDD8 Properties.filedate=1352825122 Properties.filedatetext=2012-11-13 17:45:22 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.pornhub.phncdn.com\flash\pornhubSkin.swf\pornhub_opts.sol Properties.size=44 Properties.md5=BC194AB4DE72034026F0CBFACA6E40F6 Properties.filedate=1354213933 Properties.filedatetext=2012-11-29 19:32:13 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.tube8.phncdn.com\swf\player2012.swf\t8_opts.sol Properties.size=46 Properties.md5=85D845C755B3CB46455593F101558886 Properties.filedate=1354116813 Properties.filedatetext=2012-11-28 16:33:33 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol Properties.size=61 Properties.md5=E966FE4A53A0F4A2BED906B8289FC8B4 Properties.filedate=1357439970 Properties.filedatetext=2013-01-06 03:39:30 DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done) Clickbank: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done) Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done) Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done) C:\Windows\setupact.log Properties.size=715 Properties.md5=A928E2838C65A02B7C6A8049C068CDC2 Properties.filedate=1356980202 Properties.filedatetext=2012-12-31 19:56:42 Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done) C:\Windows\System32\wbem\logs\wmiprov.log Properties.size=6301 Properties.md5=0224365A895E78823A1CD5BDCFF41295 Properties.filedate=1355366085 Properties.filedatetext=2012-12-13 03:34:45 Ahead Nero Burning Rom: [SBI $79A66815] Save tracks directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\SaveTrackOptions\Stdflist Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\ahead\Nero - Burning Rom\General\OFDLastISODir Ahead Nero Burning Rom: [SBI $505FB952] Last Audio directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\ahead\Nero - Burning Rom\General\OFDLastAudioDir DVD Shrink 3.1: [SBI $2D9EC007] Last output device type (Registry Value, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\DVD Shrink\DVD Shrink 3.1\Preferences\TargetDevice DVD Shrink 3.1: [SBI $71D1E59A] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\DVD Shrink\DVD Shrink 3.1\Recent File List Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\MediaPlayer\Player\RecentFileList MS Media Player: [SBI $735D57D7] Recent open directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name Windows.OpenWith: [SBI $65740489] Open with list - .3D extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3D\OpenWithList Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\ArcHistory WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\General\LastFolder WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\DialogEditHistory\ExtrPath Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (106) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (17) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (1767) (Browser: Cookie, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) --- 2012-11-13 blindman.exe (2.0.12.151) 2012-11-13 explorer.exe (2.0.12.173) 2012-11-13 SDBootCD.exe (2.0.12.109) 2012-11-13 SDCleaner.exe (2.0.12.110) 2012-11-13 SDDelFile.exe (2.0.12.94) 2012-11-13 SDFiles.exe (2.0.12.135) 2012-11-13 SDFileScanHelper.exe (2.0.12.1) 2012-11-13 SDFSSvc.exe (2.0.12.205) 2012-11-13 SDImmunize.exe (2.0.12.130) 2012-11-13 SDLogReport.exe (2.0.12.107) 2012-11-13 SDPESetup.exe (2.0.12.3) 2012-11-13 SDPEStart.exe (2.0.12.86) 2012-11-13 SDPhoneScan.exe (2.0.12.27) 2012-11-13 SDPRE.exe (2.0.12.13) 2012-11-13 SDPrepPos.exe (2.0.12.10) 2012-11-13 SDQuarantine.exe (2.0.12.103) 2012-11-13 SDRootAlyzer.exe (2.0.12.116) 2012-11-13 SDSBIEdit.exe (2.0.12.39) 2012-11-13 SDScan.exe (2.0.12.173) 2012-11-13 SDScript.exe (2.0.12.53) 2012-11-13 SDSettings.exe (2.0.12.130) 2012-11-13 SDShred.exe (2.0.12.105) 2012-11-13 SDSysRepair.exe (2.0.12.101) 2012-11-13 SDTools.exe (2.0.12.150) 2012-11-13 SDTray.exe (2.0.12.127) 2012-11-13 SDUpdate.exe (2.0.12.89) 2012-11-13 SDUpdSvc.exe (2.0.12.76) 2012-11-13 SDWelcome.exe (2.0.12.126) 2012-11-13 SDWSCSvc.exe (2.0.12.2) 2013-01-22 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98) 2012-11-13 SDECon32.dll (2.0.12.113) 2012-11-13 SDEvents.dll (2.0.12.2) 2012-11-13 SDFileScanLibrary.dll (2.0.12.9) 2012-11-13 SDHelper.dll (2.0.12.88) 2012-11-13 SDImmunizeLibrary.dll (2.0.12.2) 2012-11-13 SDLists.dll (2.0.12.4) 2012-11-13 SDResources.dll (2.0.12.7) 2012-11-13 SDScanLibrary.dll (2.0.12.131) 2012-11-13 SDTasks.dll (2.0.12.15) 2012-11-13 SDWinLogon.dll (2.0.12.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2012-11-13 Tools.dll (2.0.12.36) 2012-11-13 UninsSrv.dll (2.0.12.52) 2012-11-14 Includes\Adware.sbi (*) 2012-11-14 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2012-11-14 Includes\Dialer.sbi (*) 2012-11-14 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2012-11-14 Includes\Hijackers.sbi (*) 2012-11-14 Includes\HijackersC.sbi (*) 2012-11-14 Includes\iPhone.sbi (*) 2012-11-14 Includes\Keyloggers.sbi (*) 2012-11-14 Includes\KeyloggersC.sbi (*) 2012-11-14 Includes\Malware.sbi (*) 2012-11-14 Includes\MalwareC.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2012-11-14 Includes\PUPSC.sbi (*) 2012-11-14 Includes\Security.sbi (*) 2012-11-14 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2012-11-14 Includes\Spyware.sbi (*) 2012-11-14 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2005-02-17 Includes\Tracks.uti (*) 2012-11-14 Includes\Trojans.sbi (*) 2012-11-14 Includes\TrojansC-02.sbi (*) 2012-11-14 Includes\TrojansC-03.sbi (*) 2012-11-14 Includes\TrojansC-04.sbi (*) 2012-11-14 Includes\TrojansC-05.sbi (*) 2012-11-14 Includes\TrojansC.sbi (*) |
|
23.01.2013, 14:53
| #8 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Des weiteren habe ich auf dem trojan remover noch folgendes gefunden: ***** THE SYSTEM HAS BEEN RESTARTED ***** 22.01.2013 01:26:02: Trojan Remover has been restarted ======================================================= Removing the following registry keys: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\SDWinLogon - already removed (or did not exist) ======================================================= 22.01.2013 01:26:02: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com [Unregistered version] Scan started at: 01:09:37 22 Jan 2013 Using Database v8032 Operating System: Windows Vista Home Premium (SP1) [Build: 6.0.6001] File System: NTFS User Account Control is Enabled UserData directory: C:\Users\Ron\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Ron\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ 01:09:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- No modified default file associations detected ************************************************************ 01:09:38: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 01:09:46: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: C:\Windows\Explorer.exe C:\Windows\Explorer.exe 2927104 bytes Created: 12.12.2008 02:55 Modified: 29.10.2008 07:29 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 25088 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: [Windows Defender] Value Data: [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] C:\Program Files\Windows Defender\MSASCui.exe 1008184 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:38 Company: Microsoft Corporation -------------------- Value Name: [RtHDVCpl] Value Data: [RtHDVCpl.exe] C:\Windows\RtHDVCpl.exe 4702208 bytes Created: 26.10.2007 13:50 Modified: 17.08.2007 12:27 Company: Realtek Semiconductor -------------------- Value Name: [Adobe Reader Speed Launcher] Value Data: ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe 40048 bytes Created: 11.05.2007 02:06 Modified: 11.05.2007 02:06 Company: Adobe Systems Incorporated -------------------- Value Name: [NeroFilterCheck] Value Data: [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe 155648 bytes Created: 12.01.2006 14:40 Modified: 12.01.2006 14:40 Company: Nero AG -------------------- Value Name: [Google Desktop Search] Value Data: ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 220160 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google -------------------- Value Name: [toolbar_eula_launcher] Value Data: [C:\Program Files\GoogleEULA\EULALauncher.exe] C:\Program Files\GoogleEULA\EULALauncher.exe 16896 bytes Created: 26.10.2007 15:09 Modified: 09.02.2007 14:54 Company: -------------------- Value Name: [GrooveMonitor] Value Data: ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 30040 bytes Created: 26.02.2009 18:36 Modified: 26.02.2009 18:36 Company: Microsoft Corporation -------------------- Value Name: [IgfxTray] Value Data: [C:\Windows\system32\igfxtray.exe] C:\Windows\system32\igfxtray.exe 141848 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- Value Name: [HotKeysCmds] Value Data: [C:\Windows\system32\hkcmd.exe] C:\Windows\system32\hkcmd.exe 166424 bytes Created: 02.01.2008 17:06 Modified: 02.01.2008 17:06 Company: Intel Corporation -------------------- Value Name: [Persistence] Value Data: [C:\Windows\system32\igfxpers.exe] C:\Windows\system32\igfxpers.exe 133656 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- Value Name: [Skytel] Value Data: [Skytel.exe] C:\Windows\Skytel.exe 1826816 bytes Created: 26.10.2007 13:50 Modified: 03.08.2007 12:22 Company: Realtek Semiconductor Corp. -------------------- Value Name: [avgnt] Value Data: ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 266497 bytes Created: 02.09.2008 13:13 Modified: 12.06.2008 13:28 Company: Avira GmbH -------------------- Value Name: [HP Software Update] Value Data: [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 49152 bytes Created: 10.12.2006 20:52 Modified: 10.12.2006 20:52 Company: Hewlett-Packard Co. -------------------- Value Name: [NPSStartup] - blank or invalid data -------------------- Value Name: [VX1000] Value Data: [C:\Windows\vVX1000.exe] C:\Windows\vVX1000.exe 757248 bytes Created: 26.06.2009 16:21 Modified: 26.06.2009 16:21 Company: Microsoft Corporation -------------------- Value Name: [LifeCam] Value Data: ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"] C:\Program Files\Microsoft LifeCam\LifeExp.exe 118640 bytes Created: 24.07.2009 15:05 Modified: 24.07.2009 15:05 Company: Microsoft Corporation -------------------- Value Name: [APSDaemon] Value Data: ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 59280 bytes Created: 28.11.2012 14:13 Modified: 28.11.2012 14:13 Company: Apple Inc. -------------------- Value Name: [QuickTime Task] Value Data: ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] C:\Program Files\QuickTime\QTTask.exe 421888 bytes Created: 25.10.2012 03:12 Modified: 25.10.2012 03:12 Company: Apple Inc. -------------------- Value Name: [iTunesHelper] Value Data: ["C:\Program Files\iTunes\iTunesHelper.exe"] C:\Program Files\iTunes\iTunesHelper.exe 152544 bytes Created: 12.12.2012 13:57 Modified: 12.12.2012 13:57 Company: Apple Inc. -------------------- Value Name: [TrojanScanner] Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot] C:\Program Files\Trojan Remover\Trjscan.exe 1247504 bytes Created: 22.01.2013 01:06 Modified: 14.09.2012 11:58 Company: Simply Super Software -------------------- Value Name: [SDTray] Value Data: ["C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe 3825176 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:08 Company: Safer-Networking Ltd. -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: [Sidebar] Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] C:\Program Files\Windows Sidebar\sidebar.exe 1233920 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] Value Data: ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 143360 bytes Created: 23.12.2006 17:05 Modified: 23.12.2006 17:05 Company: Nero AG -------------------- Value Name: [Google Update] Value Data: ["C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c] C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. -------------------- Value Name: [PC Suite Tray] Value Data: ["C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 1205760 bytes Created: 03.12.2008 12:47 Modified: 03.12.2008 12:47 Company: Nokia -------------------- Value Name: [AutoStartNPSAgent] Value Data: [C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 98304 bytes Created: 13.12.2008 17:51 Modified: 13.12.2008 17:51 Company: Samsung Electronics Co., Ltd. -------------------- Value Name: [ehTray.exe] Value Data: [C:\Windows\ehome\ehTray.exe] C:\Windows\ehome\ehTray.exe 125952 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [Facebook Update] Value Data: ["C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver] C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. -------------------- Value Name: [WMPNSCFG] Value Data: [C:\Program Files\Windows Media Player\WMPNSCFG.exe] C:\Program Files\Windows Media Player\WMPNSCFG.exe 202240 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [Skype] Value Data: ["C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun] C:\Program Files\Skype\Phone\Skype.exe -R- 17418928 bytes Created: 13.07.2012 12:33 Modified: 13.07.2012 12:33 Company: Skype Technologies S.A. -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 01:11:06: Scanning -----SHELLEXECUTEHOOKS----- ************************************************************ 01:11:07: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 01:11:08: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 01:11:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 01:11:11: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 01:11:33: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ACPI ImagePath: system32\drivers\acpi.sys C:\Windows\system32\drivers\acpi.sys 266808 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: AdobeFlashPlayerUpdateSvc ImagePath: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 07.06.2012 23:08 Modified: 17.01.2013 19:30 Company: Adobe Systems Incorporated ---------- Key: adp94xx ImagePath: \SystemRoot\system32\drivers\adp94xx.sys C:\Windows\system32\drivers\adp94xx.sys 420968 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: adpahci ImagePath: \SystemRoot\system32\drivers\adpahci.sys C:\Windows\system32\drivers\adpahci.sys 297576 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: adpu160m ImagePath: \SystemRoot\system32\drivers\adpu160m.sys C:\Windows\system32\drivers\adpu160m.sys 98408 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: adpu320 ImagePath: \SystemRoot\system32\drivers\adpu320.sys C:\Windows\system32\drivers\adpu320.sys 147048 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: AFD ImagePath: \SystemRoot\system32\drivers\afd.sys C:\Windows\system32\drivers\afd.sys 273408 bytes Created: 12.12.2011 14:08 Modified: 21.04.2011 14:16 Company: Microsoft Corporation ---------- Key: agp440 ImagePath: \SystemRoot\system32\drivers\agp440.sys C:\Windows\system32\drivers\agp440.sys 53864 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: aic78xx ImagePath: \SystemRoot\system32\drivers\djsvs.sys C:\Windows\system32\drivers\djsvs.sys 71272 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: ALG ImagePath: %SystemRoot%\System32\alg.exe C:\Windows\System32\alg.exe 59392 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: aliide ImagePath: \SystemRoot\system32\drivers\aliide.sys C:\Windows\system32\drivers\aliide.sys 17592 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Acer Laboratories Inc. ---------- Key: amdagp ImagePath: \SystemRoot\system32\drivers\amdagp.sys C:\Windows\system32\drivers\amdagp.sys 54888 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: amdide ImagePath: \SystemRoot\system32\drivers\amdide.sys C:\Windows\system32\drivers\amdide.sys 18104 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: AmdK7 ImagePath: \SystemRoot\system32\drivers\amdk7.sys C:\Windows\system32\drivers\amdk7.sys 38912 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: AmdK8 ImagePath: \SystemRoot\system32\drivers\amdk8.sys C:\Windows\system32\drivers\amdk8.sys 40960 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: AntiVirScheduler ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 68865 bytes Created: 02.09.2008 13:13 Modified: 24.10.2008 13:15 Company: Avira GmbH ---------- Key: AntiVirService ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 151297 bytes Created: 02.09.2008 13:13 Modified: 24.10.2008 13:15 Company: Avira GmbH ---------- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 55184 bytes Created: 11.08.2012 16:43 Modified: 11.08.2012 16:43 Company: Apple Inc. ---------- Key: arc ImagePath: \SystemRoot\system32\drivers\arc.sys C:\Windows\system32\drivers\arc.sys 67688 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: arcsas ImagePath: \SystemRoot\system32\drivers\arcsas.sys C:\Windows\system32\drivers\arcsas.sys 67688 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: AsyncMac ImagePath: system32\DRIVERS\asyncmac.sys C:\Windows\system32\DRIVERS\asyncmac.sys 17408 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\atapi.sys 21560 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: avgio ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 11608 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: avgntflt ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 52056 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\Windows\system32\DRIVERS\avipbb.sys 75096 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: BBSvc ImagePath: "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" C:\Program Files\Microsoft\BingBar\BBSvc.EXE 196176 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- Key: BBUpdate ImagePath: "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" C:\Program Files\Microsoft\BingBar\SeaPort.EXE 249648 bytes Created: 13.10.2011 17:21 Modified: 13.10.2011 17:21 Company: Microsoft Corporation ---------- Key: blbdrive ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 390504 bytes Created: 30.08.2011 23:05 Modified: 30.08.2011 23:05 Company: Apple Inc. ---------- Key: bowser ImagePath: system32\DRIVERS\bowser.sys C:\Windows\system32\DRIVERS\bowser.sys 69632 bytes Created: 12.12.2011 14:11 Modified: 22.02.2011 13:51 Company: Microsoft Corporation ---------- Key: BrFiltLo ImagePath: \SystemRoot\system32\drivers\brfiltlo.sys C:\Windows\system32\drivers\brfiltlo.sys 13568 bytes Created: 02.11.2006 10:38 Modified: 02.11.2006 09:24 Company: Brother Industries, Ltd. ---------- Key: BrFiltUp ImagePath: \SystemRoot\system32\drivers\brfiltup.sys C:\Windows\system32\drivers\brfiltup.sys 5248 bytes Created: 02.11.2006 10:37 Modified: 02.11.2006 09:24 Company: Brother Industries, Ltd. ---------- Key: Brserid ImagePath: \SystemRoot\system32\drivers\brserid.sys C:\Windows\system32\drivers\brserid.sys 71808 bytes Created: 02.11.2006 10:22 Modified: 02.11.2006 09:25 Company: Brother Industries Ltd. ---------- Key: BrSerWdm ImagePath: \SystemRoot\system32\drivers\brserwdm.sys C:\Windows\system32\drivers\brserwdm.sys 62336 bytes Created: 02.11.2006 10:36 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BrUsbMdm ImagePath: \SystemRoot\system32\drivers\brusbmdm.sys C:\Windows\system32\drivers\brusbmdm.sys 12160 bytes Created: 02.11.2006 10:37 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BrUsbSer ImagePath: \SystemRoot\system32\drivers\brusbser.sys C:\Windows\system32\drivers\brusbser.sys 11904 bytes Created: 02.11.2006 10:38 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BTHMODEM ImagePath: \SystemRoot\system32\drivers\bthmodem.sys C:\Windows\system32\drivers\bthmodem.sys 39936 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: cdfs ImagePath: system32\DRIVERS\cdfs.sys C:\Windows\system32\DRIVERS\cdfs.sys 70144 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: cdrom ImagePath: system32\DRIVERS\cdrom.sys C:\Windows\system32\DRIVERS\cdrom.sys 67072 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: circlass ImagePath: \SystemRoot\system32\drivers\circlass.sys C:\Windows\system32\drivers\circlass.sys 35328 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: CLFS ImagePath: System32\CLFS.sys C:\Windows\System32\CLFS.sys 247352 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: clr_optimization_v2.0.50727_32 ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 69632 bytes Created: 07.08.2009 02:02 Modified: 27.07.2008 19:03 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: cmdide ImagePath: \SystemRoot\system32\drivers\cmdide.sys C:\Windows\system32\drivers\cmdide.sys 19128 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: CMD Technology, Inc. ---------- Key: Compbatt ImagePath: \SystemRoot\system32\drivers\compbatt.sys C:\Windows\system32\drivers\compbatt.sys 18280 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: COMSysApp ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} C:\Windows\system32\dllhost.exe 7168 bytes Created: 02.11.2006 09:50 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: crcdisk ImagePath: system32\drivers\crcdisk.sys C:\Windows\system32\drivers\crcdisk.sys 22632 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: Crusoe ImagePath: \SystemRoot\system32\drivers\crusoe.sys C:\Windows\system32\drivers\crusoe.sys 38912 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: DfsC ImagePath: System32\Drivers\dfsc.sys C:\Windows\System32\Drivers\dfsc.sys 75264 bytes Created: 12.12.2011 14:09 Modified: 14.04.2011 15:24 Company: Microsoft Corporation ---------- Key: DFSR ImagePath: %SystemRoot%\system32\DFSR.exe C:\Windows\system32\DFSR.exe 2091520 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: disk ImagePath: system32\drivers\disk.sys C:\Windows\system32\drivers\disk.sys 55352 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: drmkaud ImagePath: system32\drivers\drmkaud.sys C:\Windows\system32\drivers\drmkaud.sys 5632 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: DXGKrnl ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys C:\Windows\System32\drivers\dxgkrnl.sys 625152 bytes Created: 10.09.2008 00:25 Modified: 02.08.2008 02:01 Company: Microsoft Corporation ---------- Key: e1express ImagePath: system32\DRIVERS\e1e6032.sys C:\Windows\system32\DRIVERS\e1e6032.sys 228224 bytes Created: 26.10.2007 13:15 Modified: 13.04.2007 12:22 Company: Intel Corporation ---------- Key: E1G60 ImagePath: system32\DRIVERS\E1G60I32.sys C:\Windows\system32\DRIVERS\E1G60I32.sys 117760 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 08:30 Company: Intel Corporation ---------- Key: Ecache ImagePath: System32\drivers\ecache.sys C:\Windows\System32\drivers\ecache.sys 143416 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: ehRecvr ImagePath: %systemroot%\ehome\ehRecvr.exe C:\Windows\ehome\ehRecvr.exe 292352 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: ehSched ImagePath: %systemroot%\ehome\ehsched.exe C:\Windows\ehome\ehsched.exe 131072 bytes Created: 02.11.2006 13:35 Modified: 02.11.2006 13:35 Company: Microsoft Corporation ---------- Key: elxstor ImagePath: \SystemRoot\system32\drivers\elxstor.sys C:\Windows\system32\drivers\elxstor.sys 316520 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Emulex ---------- Key: fdc ImagePath: system32\DRIVERS\fdc.sys C:\Windows\system32\DRIVERS\fdc.sys 25088 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: FileInfo ImagePath: system32\drivers\fileinfo.sys C:\Windows\system32\drivers\fileinfo.sys 58936 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: Filetrace ImagePath: system32\drivers\filetrace.sys C:\Windows\system32\drivers\filetrace.sys 27648 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:30 Company: Microsoft Corporation ---------- Key: flpydisk ImagePath: system32\DRIVERS\flpydisk.sys C:\Windows\system32\DRIVERS\flpydisk.sys 20480 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: FltMgr ImagePath: system32\drivers\fltmgr.sys C:\Windows\system32\drivers\fltmgr.sys 192056 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: FontCache3.0.0.0 ImagePath: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 46104 bytes Created: 07.08.2009 02:14 Modified: 20.06.2008 02:14 Company: Microsoft Corporation ---------- Key: FsUsbExDisk ImagePath: \??\C:\Windows\system32\FsUsbExDisk.SYS C:\Windows\system32\FsUsbExDisk.SYS 36608 bytes Created: 10.02.2009 17:11 Modified: 13.12.2008 17:15 Company: [no info] ---------- Key: FsUsbExService ImagePath: C:\Windows\system32\FsUsbExService.Exe C:\Windows\system32\FsUsbExService.Exe 233472 bytes Created: 10.02.2009 17:11 Modified: 13.12.2008 17:15 Company: Teruten ---------- Key: gagp30kx ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys C:\Windows\system32\drivers\gagp30kx.sys 58984 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: GEARAspiWDM ImagePath: system32\DRIVERS\GEARAspiWDM.sys C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 26840 bytes Created: 03.01.2013 20:25 Modified: 21.08.2012 13:01 Company: GEAR Software Inc. ---------- Key: GoogleDesktopManager ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe" C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe 69120 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- Key: gupdate ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. ---------- Key: gupdatem ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 138168 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- Key: HdAudAddService ImagePath: system32\drivers\HdAudio.sys C:\Windows\system32\drivers\HdAudio.sys 235520 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 08:36 Company: Microsoft Corporation ---------- Key: HDAudBus ImagePath: system32\DRIVERS\HDAudBus.sys C:\Windows\system32\DRIVERS\HDAudBus.sys 53760 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 05:30 Company: Microsoft Corporation ---------- Key: HidBth ImagePath: \SystemRoot\system32\drivers\hidbth.sys C:\Windows\system32\drivers\hidbth.sys 29184 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: HidIr ImagePath: \SystemRoot\system32\drivers\hidir.sys C:\Windows\system32\drivers\hidir.sys 21504 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: HidUsb ImagePath: system32\DRIVERS\hidusb.sys C:\Windows\system32\DRIVERS\hidusb.sys 12288 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: HpCISSs ImagePath: \SystemRoot\system32\drivers\hpcisss.sys C:\Windows\system32\drivers\hpcisss.sys 37480 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Hewlett-Packard Company ---------- Key: HTTP ImagePath: system32\drivers\HTTP.sys C:\Windows\system32\drivers\HTTP.sys 411136 bytes Created: 13.12.2011 03:16 Modified: 20.02.2010 22:18 Company: Microsoft Corporation ---------- Key: i2omp ImagePath: \SystemRoot\system32\drivers\i2omp.sys C:\Windows\system32\drivers\i2omp.sys 27752 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: i8042prt ImagePath: system32\DRIVERS\i8042prt.sys C:\Windows\system32\DRIVERS\i8042prt.sys 54784 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iastorv.sys C:\Windows\system32\drivers\iastorv.sys 232040 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Intel Corporation ---------- Key: idsvc ImagePath: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 881664 bytes Created: 07.08.2009 02:14 Modified: 20.06.2008 02:14 Company: Microsoft Corporation ---------- Key: igfx ImagePath: system32\DRIVERS\igdkmd32.sys C:\Windows\system32\DRIVERS\igdkmd32.sys 2016256 bytes Created: 02.01.2008 16:48 Modified: 02.01.2008 16:48 Company: Intel Corporation ---------- Key: iirsp ImagePath: \SystemRoot\system32\drivers\iirsp.sys C:\Windows\system32\drivers\iirsp.sys 41576 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Intel Corp./ICP vortex GmbH ---------- Key: IntcAzAudAddService ImagePath: system32\drivers\RTKVHDA.sys C:\Windows\system32\drivers\RTKVHDA.sys 1950552 bytes Created: 26.10.2007 13:50 Modified: 22.08.2007 17:44 Company: Realtek Semiconductor Corp. ---------- Key: intelide ImagePath: \SystemRoot\system32\drivers\intelide.sys C:\Windows\system32\drivers\intelide.sys 17592 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: intelppm ImagePath: system32\DRIVERS\intelppm.sys C:\Windows\system32\DRIVERS\intelppm.sys 41472 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:27 Company: Microsoft Corporation ---------- Key: IpFilterDriver ImagePath: system32\DRIVERS\ipfltdrv.sys C:\Windows\system32\DRIVERS\ipfltdrv.sys 47616 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: IPMIDRV ImagePath: \SystemRoot\system32\drivers\ipmidrv.sys C:\Windows\system32\drivers\ipmidrv.sys 65536 bytes Created: 02.11.2006 09:42 Modified: 02.11.2006 09:42 Company: Microsoft Corporation ---------- Key: IPNAT ImagePath: system32\DRIVERS\ipnat.sys C:\Windows\system32\DRIVERS\ipnat.sys 100864 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: iPod Service ImagePath: "C:\Program Files\iPod\bin\iPodService.exe" C:\Program Files\iPod\bin\iPodService.exe 553440 bytes Created: 12.12.2012 13:57 Modified: 12.12.2012 13:57 Company: Apple Inc. ---------- Key: IRENUM ImagePath: system32\drivers\irenum.sys C:\Windows\system32\drivers\irenum.sys 13312 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: isapnp ImagePath: \SystemRoot\system32\drivers\isapnp.sys C:\Windows\system32\drivers\isapnp.sys 47208 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: iScsiPrt ImagePath: system32\DRIVERS\msiscsi.sys C:\Windows\system32\DRIVERS\msiscsi.sys 181304 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: iteatapi ImagePath: \SystemRoot\system32\drivers\iteatapi.sys C:\Windows\system32\drivers\iteatapi.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Integrated Technology Express, Inc. ---------- Key: iteraid ImagePath: \SystemRoot\system32\drivers\iteraid.sys C:\Windows\system32\drivers\iteraid.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Integrated Technology Express, Inc. ---------- Key: kbdclass ImagePath: system32\DRIVERS\kbdclass.sys C:\Windows\system32\DRIVERS\kbdclass.sys 35384 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: kbdhid ImagePath: system32\DRIVERS\kbdhid.sys C:\Windows\system32\DRIVERS\kbdhid.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: KeyIso ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: KSecDD ImagePath: System32\Drivers\ksecdd.sys C:\Windows\System32\Drivers\ksecdd.sys 439896 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 19:20 Company: Microsoft Corporation ---------- Key: LightScribeService ImagePath: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" C:\Program Files\Common Files\LightScribe\LSSrvc.exe 61440 bytes Created: 19.10.2006 12:52 Modified: 19.10.2006 12:52 Company: Hewlett-Packard Company ---------- Key: lltdio ImagePath: system32\DRIVERS\lltdio.sys C:\Windows\system32\DRIVERS\lltdio.sys 47104 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: LSI_FC ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys C:\Windows\system32\drivers\lsi_fc.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: LSI_SAS ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys C:\Windows\system32\drivers\lsi_sas.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: LSI_SCSI ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys C:\Windows\system32\drivers\lsi_scsi.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: luafv ImagePath: \SystemRoot\system32\drivers\luafv.sys C:\Windows\system32\drivers\luafv.sys 84480 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:30 Company: Microsoft Corporation ---------- Key: McComponentHostService ImagePath: "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 237008 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. ---------- Key: megasas ImagePath: \SystemRoot\system32\drivers\megasas.sys C:\Windows\system32\drivers\megasas.sys 28776 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic Corporation ---------- Key: Microsoft Office Groove Audit Service ImagePath: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 64856 bytes Created: 26.02.2009 18:36 Modified: 26.02.2009 18:36 Company: Microsoft Corporation ---------- Key: Modem ImagePath: system32\drivers\modem.sys C:\Windows\system32\drivers\modem.sys 31744 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:57 Company: Microsoft Corporation ---------- Key: monitor ImagePath: system32\DRIVERS\monitor.sys C:\Windows\system32\DRIVERS\monitor.sys 41984 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:52 Company: Microsoft Corporation ---------- Key: mouclass ImagePath: system32\DRIVERS\mouclass.sys C:\Windows\system32\DRIVERS\mouclass.sys 34360 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: mouhid ImagePath: system32\DRIVERS\mouhid.sys C:\Windows\system32\DRIVERS\mouhid.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MountMgr ImagePath: System32\drivers\mountmgr.sys C:\Windows\System32\drivers\mountmgr.sys 57400 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: MozillaMaintenance ImagePath: C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 115608 bytes Created: 28.04.2012 22:38 Modified: 19.01.2013 00:53 Company: Mozilla Foundation ---------- Key: mpio ImagePath: \SystemRoot\system32\drivers\mpio.sys C:\Windows\system32\drivers\mpio.sys 78952 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: mpsdrv ImagePath: System32\drivers\mpsdrv.sys C:\Windows\System32\drivers\mpsdrv.sys 64000 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:54 Company: Microsoft Corporation ---------- Key: Mraid35x ImagePath: \SystemRoot\system32\drivers\mraid35x.sys C:\Windows\system32\drivers\mraid35x.sys 33384 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic Corporation ---------- Key: MRxDAV ImagePath: \SystemRoot\system32\drivers\mrxdav.sys C:\Windows\system32\drivers\mrxdav.sys 110080 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: mrxsmb ImagePath: system32\DRIVERS\mrxsmb.sys C:\Windows\system32\DRIVERS\mrxsmb.sys 105984 bytes Created: 12.12.2011 14:09 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: mrxsmb10 ImagePath: system32\DRIVERS\mrxsmb10.sys C:\Windows\system32\DRIVERS\mrxsmb10.sys 213504 bytes Created: 12.12.2011 14:09 Modified: 06.07.2011 15:56 Company: Microsoft Corporation ---------- Key: mrxsmb20 ImagePath: system32\DRIVERS\mrxsmb20.sys C:\Windows\system32\DRIVERS\mrxsmb20.sys 79360 bytes Created: 12.12.2011 14:09 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: msahci ImagePath: \SystemRoot\system32\drivers\msahci.sys C:\Windows\system32\drivers\msahci.sys 25784 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: MSCamSvc ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" C:\Program Files\Microsoft LifeCam\MSCamS32.exe 139120 bytes Created: 24.07.2009 15:05 Modified: 24.07.2009 15:05 Company: Microsoft Corporation ---------- Key: msdsm ImagePath: \SystemRoot\system32\drivers\msdsm.sys C:\Windows\system32\drivers\msdsm.sys 80488 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: MSDTC ImagePath: %SystemRoot%\System32\msdtc.exe C:\Windows\System32\msdtc.exe 105984 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: msisadrv ImagePath: system32\drivers\msisadrv.sys C:\Windows\system32\drivers\msisadrv.sys 16440 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V C:\Windows\system32\msiexec - [file not found to scan] ---------- Key: MSKSSRV ImagePath: system32\drivers\MSKSSRV.sys C:\Windows\system32\drivers\MSKSSRV.sys 8192 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MSPCLOCK ImagePath: system32\drivers\MSPCLOCK.sys C:\Windows\system32\drivers\MSPCLOCK.sys 5888 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MSPQM ImagePath: system32\drivers\MSPQM.sys C:\Windows\system32\drivers\MSPQM.sys 5504 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: mssmbios ImagePath: system32\DRIVERS\mssmbios.sys C:\Windows\system32\DRIVERS\mssmbios.sys 31288 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: MSTEE ImagePath: system32\drivers\MSTEE.sys C:\Windows\system32\drivers\MSTEE.sys 6016 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: Mup ImagePath: System32\Drivers\mup.sys C:\Windows\System32\Drivers\mup.sys 49720 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: NativeWifiP ImagePath: system32\DRIVERS\nwifi.sys C:\Windows\system32\DRIVERS\nwifi.sys 148480 bytes Created: 10.09.2008 00:25 Modified: 20.05.2008 03:07 Company: Microsoft Corporation ---------- Key: NBService ImagePath: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 774144 bytes Created: 05.12.2006 11:44 Modified: 05.12.2006 11:44 Company: Nero AG ---------- Key: NDIS ImagePath: system32\drivers\ndis.sys C:\Windows\system32\drivers\ndis.sys 529464 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: NdisTapi ImagePath: system32\DRIVERS\ndistapi.sys C:\Windows\system32\DRIVERS\ndistapi.sys 20992 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Ndisuio ImagePath: system32\DRIVERS\ndisuio.sys C:\Windows\system32\DRIVERS\ndisuio.sys 16896 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: NdisWan ImagePath: system32\DRIVERS\ndiswan.sys C:\Windows\system32\DRIVERS\ndiswan.sys 121344 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: NetBIOS ImagePath: system32\DRIVERS\netbios.sys C:\Windows\system32\DRIVERS\netbios.sys 35840 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: netbt ImagePath: System32\DRIVERS\netbt.sys C:\Windows\System32\DRIVERS\netbt.sys 184320 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: Netlogon ImagePath: %systemroot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: nfrd960 ImagePath: \SystemRoot\system32\drivers\nfrd960.sys C:\Windows\system32\drivers\nfrd960.sys 45160 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: IBM Corporation ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 262144 bytes Created: 23.12.2006 16:54 Modified: 23.12.2006 16:54 Company: Nero AG ---------- Key: nmwcd ImagePath: system32\drivers\ccdcmb.sys C:\Windows\system32\drivers\ccdcmb.sys 17664 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Nokia ---------- Key: nmwcdc ImagePath: system32\drivers\ccdcmbo.sys C:\Windows\system32\drivers\ccdcmbo.sys 22016 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Nokia ---------- Key: nsiproxy ImagePath: system32\drivers\nsiproxy.sys C:\Windows\system32\drivers\nsiproxy.sys 16384 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: ntrigdigi ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys C:\Windows\system32\drivers\ntrigdigi.sys 20608 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 08:36 Company: N-trig Innovative Technologies ---------- Key: nvraid ImagePath: \SystemRoot\system32\drivers\nvraid.sys C:\Windows\system32\drivers\nvraid.sys 88680 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: NVIDIA Corporation ---------- Key: nvstor ImagePath: \SystemRoot\system32\drivers\nvstor.sys C:\Windows\system32\drivers\nvstor.sys 40040 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: NVIDIA Corporation ---------- Key: nv_agp ImagePath: \SystemRoot\system32\drivers\nv_agp.sys C:\Windows\system32\drivers\nv_agp.sys 106600 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: odserv ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 440696 bytes Created: 20.07.2011 05:18 Modified: 20.07.2011 05:18 Company: Microsoft Corporation ---------- Key: ohci1394 ImagePath: system32\DRIVERS\ohci1394.sys C:\Windows\system32\DRIVERS\ohci1394.sys 61952 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: ose ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 145184 bytes Created: 26.10.2006 14:03 Modified: 26.10.2006 14:03 Company: Microsoft Corporation ---------- Key: Parport ImagePath: \SystemRoot\system32\drivers\parport.sys C:\Windows\system32\drivers\parport.sys 79360 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: partmgr ImagePath: System32\drivers\partmgr.sys C:\Windows\System32\drivers\partmgr.sys 56376 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: Parvdm ImagePath: \SystemRoot\system32\drivers\parvdm.sys C:\Windows\system32\drivers\parvdm.sys 8704 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: pccsmcfd ImagePath: system32\DRIVERS\pccsmcfd.sys C:\Windows\system32\DRIVERS\pccsmcfd.sys 18816 bytes Created: 10.02.2009 16:37 Modified: 26.08.2008 09:26 Company: Nokia ---------- Key: pci ImagePath: system32\drivers\pci.sys C:\Windows\system32\drivers\pci.sys 151096 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: pciide ImagePath: system32\drivers\pciide.sys C:\Windows\system32\drivers\pciide.sys 16440 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: pcmcia ImagePath: \SystemRoot\system32\drivers\pcmcia.sys C:\Windows\system32\drivers\pcmcia.sys 167528 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:51 Company: Microsoft Corporation ---------- Key: PEAUTH ImagePath: system32\drivers\peauth.sys C:\Windows\system32\drivers\peauth.sys 878080 bytes Created: 02.11.2006 10:04 Modified: 02.11.2006 10:04 Company: Microsoft Corporation ---------- Key: pfc ImagePath: system32\drivers\pfc.sys C:\Windows\system32\drivers\pfc.sys 10368 bytes Created: 03.01.2008 14:18 Modified: 03.01.2008 14:18 Company: Padus, Inc. ---------- Key: PptpMiniport ImagePath: system32\DRIVERS\raspptp.sys C:\Windows\system32\DRIVERS\raspptp.sys 62976 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Processor ImagePath: \SystemRoot\system32\drivers\processr.sys C:\Windows\system32\drivers\processr.sys 38400 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: ProtectedStorage ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: PSched ImagePath: system32\DRIVERS\pacer.sys C:\Windows\system32\DRIVERS\pacer.sys 72192 bytes Created: 12.07.2008 14:46 Modified: 05.04.2008 02:21 Company: Microsoft Corporation ---------- Key: ql2300 ImagePath: \SystemRoot\system32\drivers\ql2300.sys C:\Windows\system32\drivers\ql2300.sys 900712 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: QLogic Corporation ---------- Key: ql40xx ImagePath: \SystemRoot\system32\drivers\ql40xx.sys C:\Windows\system32\drivers\ql40xx.sys 106088 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: QLogic Corporation ---------- Key: QWAVEdrv ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys C:\Windows\system32\drivers\qwavedrv.sys 31232 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasAcd ImagePath: System32\DRIVERS\rasacd.sys C:\Windows\System32\DRIVERS\rasacd.sys 11776 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Rasl2tp ImagePath: system32\DRIVERS\rasl2tp.sys C:\Windows\system32\DRIVERS\rasl2tp.sys 76288 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasPppoe ImagePath: system32\DRIVERS\raspppoe.sys C:\Windows\system32\DRIVERS\raspppoe.sys 41472 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasSstp ImagePath: system32\DRIVERS\rassstp.sys C:\Windows\system32\DRIVERS\rassstp.sys 69120 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: rdbss ImagePath: system32\DRIVERS\rdbss.sys C:\Windows\system32\DRIVERS\rdbss.sys 224768 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: RDPCDD ImagePath: System32\DRIVERS\RDPCDD.sys C:\Windows\System32\DRIVERS\RDPCDD.sys 6144 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: rdpdr ImagePath: \SystemRoot\system32\drivers\rdpdr.sys C:\Windows\system32\drivers\rdpdr.sys 242688 bytes Created: 02.11.2006 10:03 Modified: 02.11.2006 10:03 Company: Microsoft Corporation ---------- Key: RDPENCDD ImagePath: system32\drivers\rdpencdd.sys C:\Windows\system32\drivers\rdpencdd.sys 6144 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: RpcLocator ImagePath: %SystemRoot%\system32\locator.exe C:\Windows\system32\locator.exe 7680 bytes Created: 02.11.2006 09:50 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: rspndr ImagePath: system32\DRIVERS\rspndr.sys C:\Windows\system32\DRIVERS\rspndr.sys 60416 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: SamSs ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: sbp2port ImagePath: \SystemRoot\system32\drivers\sbp2port.sys C:\Windows\system32\drivers\sbp2port.sys 76392 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: SDScannerService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 1103392 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: SDUpdateService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 1369624 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: SDWSCService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe 168384 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: Serenum ImagePath: system32\DRIVERS\serenum.sys C:\Windows\system32\DRIVERS\serenum.sys 17920 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: Serial ImagePath: system32\DRIVERS\serial.sys C:\Windows\system32\DRIVERS\serial.sys 83456 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: sermouse ImagePath: \SystemRoot\system32\drivers\sermouse.sys C:\Windows\system32\drivers\sermouse.sys 19968 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: ServiceLayer ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 620544 bytes Created: 11.11.2008 09:38 Modified: 11.11.2008 09:38 Company: Nokia. ---------- Key: sffdisk ImagePath: \SystemRoot\system32\drivers\sffdisk.sys C:\Windows\system32\drivers\sffdisk.sys 13312 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sffp_mmc ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys C:\Windows\system32\drivers\sffp_mmc.sys 12800 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sffp_sd ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys C:\Windows\system32\drivers\sffp_sd.sys 12800 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sfloppy ImagePath: \SystemRoot\system32\drivers\sfloppy.sys C:\Windows\system32\drivers\sfloppy.sys 13312 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: sisagp ImagePath: \SystemRoot\system32\drivers\sisagp.sys C:\Windows\system32\drivers\sisagp.sys 53352 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: SiSRaid2 ImagePath: \SystemRoot\system32\drivers\sisraid2.sys C:\Windows\system32\drivers\sisraid2.sys 38504 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Silicon Integrated Systems Corp. ---------- Key: SiSRaid4 ImagePath: \SystemRoot\system32\drivers\sisraid4.sys C:\Windows\system32\drivers\sisraid4.sys 71784 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Silicon Integrated Systems ---------- Key: SkypeUpdate ImagePath: "C:\Program Files\Skype\Updater\Updater.exe" C:\Program Files\Skype\Updater\Updater.exe -R- 160944 bytes Created: 03.07.2012 12:19 Modified: 03.07.2012 12:19 Company: Skype Technologies ---------- Key: slsvc ImagePath: %SystemRoot%\system32\SLsvc.exe C:\Windows\system32\SLsvc.exe 2623488 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: Smb ImagePath: system32\DRIVERS\smb.sys C:\Windows\system32\DRIVERS\smb.sys 66560 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: SNMPTRAP ImagePath: %SystemRoot%\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe 12800 bytes Created: 02.11.2006 09:58 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: Spooler ImagePath: %SystemRoot%\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe 126464 bytes Created: 12.12.2011 14:08 Modified: 17.08.2010 14:32 Company: Microsoft Corporation ---------- Key: srv ImagePath: System32\DRIVERS\srv.sys C:\Windows\System32\DRIVERS\srv.sys 304640 bytes Created: 12.12.2011 14:09 Modified: 18.02.2011 14:31 Company: Microsoft Corporation ---------- Key: srv2 ImagePath: System32\DRIVERS\srv2.sys C:\Windows\System32\DRIVERS\srv2.sys 146432 bytes Created: 12.12.2011 14:08 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: srvnet ImagePath: System32\DRIVERS\srvnet.sys C:\Windows\System32\DRIVERS\srvnet.sys 102400 bytes Created: 12.12.2011 14:08 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: sscdbus ImagePath: system32\DRIVERS\sscdbus.sys C:\Windows\system32\DRIVERS\sscdbus.sys 87936 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: sscdmdfl ImagePath: system32\DRIVERS\sscdmdfl.sys C:\Windows\system32\DRIVERS\sscdmdfl.sys 14976 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: sscdmdm ImagePath: system32\DRIVERS\sscdmdm.sys C:\Windows\system32\DRIVERS\sscdmdm.sys 114304 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: ssmdrv ImagePath: system32\DRIVERS\ssmdrv.sys C:\Windows\system32\DRIVERS\ssmdrv.sys 21248 bytes Created: 02.09.2008 13:13 Modified: 08.11.2007 18:03 Company: AVIRA GmbH ---------- Key: swenum ImagePath: system32\DRIVERS\swenum.sys C:\Windows\system32\DRIVERS\swenum.sys 15288 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: Symc8xx ImagePath: \SystemRoot\system32\drivers\symc8xx.sys C:\Windows\system32\drivers\symc8xx.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: Sym_hi ImagePath: \SystemRoot\system32\drivers\sym_hi.sys C:\Windows\system32\drivers\sym_hi.sys 31848 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic ---------- Key: Sym_u3 ImagePath: \SystemRoot\system32\drivers\sym_u3.sys C:\Windows\system32\drivers\sym_u3.sys 34920 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: Tcpip ImagePath: System32\drivers\tcpip.sys C:\Windows\System32\drivers\tcpip.sys 898952 bytes Created: 12.12.2011 14:05 Modified: 16.06.2010 16:59 Company: Microsoft Corporation ---------- Key: Tcpip6 ImagePath: system32\DRIVERS\tcpip.sys C:\Windows\system32\DRIVERS\tcpip.sys 898952 bytes Created: 12.12.2011 14:05 Modified: 16.06.2010 16:59 Company: Microsoft Corporation ---------- Key: tcpipreg ImagePath: System32\drivers\tcpipreg.sys C:\Windows\System32\drivers\tcpipreg.sys 30208 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: TDPIPE ImagePath: system32\drivers\tdpipe.sys C:\Windows\system32\drivers\tdpipe.sys 17920 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: TDTCP ImagePath: system32\drivers\tdtcp.sys C:\Windows\system32\drivers\tdtcp.sys 29184 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: tdx ImagePath: system32\DRIVERS\tdx.sys C:\Windows\system32\DRIVERS\tdx.sys 71680 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: TermDD ImagePath: system32\DRIVERS\termdd.sys C:\Windows\system32\DRIVERS\termdd.sys 54328 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: TrustedInstaller ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe 39424 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: tssecsrv ImagePath: System32\DRIVERS\tssecsrv.sys C:\Windows\System32\DRIVERS\tssecsrv.sys 23552 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: tunmp ImagePath: system32\DRIVERS\tunmp.sys C:\Windows\system32\DRIVERS\tunmp.sys 15360 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: tunnel ImagePath: system32\DRIVERS\tunnel.sys C:\Windows\system32\DRIVERS\tunnel.sys 25088 bytes Created: 13.03.2012 08:42 Modified: 18.02.2010 12:52 Company: Microsoft Corporation ---------- Key: uagp35 ImagePath: \SystemRoot\system32\drivers\uagp35.sys C:\Windows\system32\drivers\uagp35.sys 56936 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: udfs ImagePath: system32\DRIVERS\udfs.sys C:\Windows\system32\DRIVERS\udfs.sys 226816 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: UI0Detect ImagePath: %SystemRoot%\system32\UI0Detect.exe C:\Windows\system32\UI0Detect.exe 35840 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: uliagpkx ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys C:\Windows\system32\drivers\uliagpkx.sys 58472 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: uliahci ImagePath: \SystemRoot\system32\drivers\uliahci.sys C:\Windows\system32\drivers\uliahci.sys 235112 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: ULi Electronics Inc. ---------- Key: UlSata ImagePath: \SystemRoot\system32\drivers\ulsata.sys C:\Windows\system32\drivers\ulsata.sys 98408 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Promise Technology, Inc. ---------- Key: ulsata2 ImagePath: \SystemRoot\system32\drivers\ulsata2.sys C:\Windows\system32\drivers\ulsata2.sys 115816 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Promise Technology, Inc. ---------- Key: umbus ImagePath: system32\DRIVERS\umbus.sys C:\Windows\system32\DRIVERS\umbus.sys 34816 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: UnlockerDriver5 ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys C:\Program Files\Unlocker\UnlockerDriver5.sys 12352 bytes Created: 01.07.2010 18:11 Modified: 01.07.2010 18:11 Company: [no info] ---------- Key: upperdev ImagePath: system32\DRIVERS\usbser_lowerflt.sys C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 8064 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\Windows\System32\Drivers\usbaapl.sys 44544 bytes Created: 28.09.2012 10:32 Modified: 28.09.2012 10:32 Company: Apple, Inc. ---------- Key: usbaudio ImagePath: system32\drivers\usbaudio.sys C:\Windows\system32\drivers\usbaudio.sys 73088 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbccgp ImagePath: system32\DRIVERS\usbccgp.sys C:\Windows\system32\DRIVERS\usbccgp.sys 73216 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbcir ImagePath: \SystemRoot\system32\drivers\usbcir.sys C:\Windows\system32\drivers\usbcir.sys 68608 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: usbehci ImagePath: system32\DRIVERS\usbehci.sys C:\Windows\system32\DRIVERS\usbehci.sys 39424 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbhub ImagePath: system32\DRIVERS\usbhub.sys C:\Windows\system32\DRIVERS\usbhub.sys 194560 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbohci ImagePath: \SystemRoot\system32\drivers\usbohci.sys C:\Windows\system32\drivers\usbohci.sys 19456 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: usbprint ImagePath: system32\DRIVERS\usbprint.sys C:\Windows\system32\DRIVERS\usbprint.sys 18944 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:14 Company: Microsoft Corporation ---------- Key: usbscan ImagePath: system32\DRIVERS\usbscan.sys C:\Windows\system32\DRIVERS\usbscan.sys 35328 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:14 Company: Microsoft Corporation ---------- Key: usbser ImagePath: system32\drivers\usbser.sys C:\Windows\system32\drivers\usbser.sys 28160 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: UsbserFilt ImagePath: system32\DRIVERS\usbser_lowerfltj.sys C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 8064 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: USBSTOR ImagePath: system32\DRIVERS\USBSTOR.SYS C:\Windows\system32\DRIVERS\USBSTOR.SYS 55296 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbuhci ImagePath: system32\DRIVERS\usbuhci.sys C:\Windows\system32\DRIVERS\usbuhci.sys 23552 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: vds ImagePath: %SystemRoot%\System32\vds.exe C:\Windows\System32\vds.exe 382976 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: vga ImagePath: system32\DRIVERS\vgapnp.sys C:\Windows\system32\DRIVERS\vgapnp.sys 26112 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 09:53 Company: Microsoft Corporation ---------- Key: VgaSave ImagePath: \SystemRoot\System32\drivers\vga.sys C:\Windows\System32\drivers\vga.sys 25088 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:52 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: \SystemRoot\system32\drivers\viaagp.sys C:\Windows\system32\drivers\viaagp.sys 54376 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: ViaC7 ImagePath: \SystemRoot\system32\drivers\viac7.sys C:\Windows\system32\drivers\viac7.sys 39424 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: viaide ImagePath: \SystemRoot\system32\drivers\viaide.sys C:\Windows\system32\drivers\viaide.sys 20152 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: VIA Technologies, Inc. ---------- Key: volmgr ImagePath: system32\drivers\volmgr.sys C:\Windows\system32\drivers\volmgr.sys 52792 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: volmgrx ImagePath: System32\drivers\volmgrx.sys C:\Windows\System32\drivers\volmgrx.sys 294456 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: volsnap ImagePath: system32\drivers\volsnap.sys C:\Windows\system32\drivers\volsnap.sys 227896 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: vsmraid ImagePath: \SystemRoot\system32\drivers\vsmraid.sys C:\Windows\system32\drivers\vsmraid.sys 112232 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: VIA Technologies Inc.,Ltd ---------- Key: VSS ImagePath: %systemroot%\system32\vssvc.exe C:\Windows\system32\vssvc.exe 1054720 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: VX1000 ImagePath: system32\DRIVERS\VX1000.sys C:\Windows\system32\DRIVERS\VX1000.sys 1956096 bytes Created: 26.06.2009 16:21 Modified: 26.06.2009 16:21 Company: Microsoft Corporation ---------- Key: WacomPen ImagePath: \SystemRoot\system32\drivers\wacompen.sys C:\Windows\system32\drivers\wacompen.sys 20608 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 09:52 Company: Microsoft Corporation ---------- Key: Wanarp ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\system32\DRIVERS\wanarp.sys 62464 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Wanarpv6 ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\system32\DRIVERS\wanarp.sys 62464 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Wd ImagePath: \SystemRoot\system32\drivers\wd.sys C:\Windows\system32\drivers\wd.sys 19560 bytes Created: 02.11.2006 09:54 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: Wdf01000 ImagePath: system32\drivers\Wdf01000.sys C:\Windows\system32\drivers\Wdf01000.sys 503864 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: WmiAcpi ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys C:\Windows\system32\drivers\wmiacpi.sys 11264 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 09:35 Company: Microsoft Corporation ---------- Key: wmiApSrv ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe 137728 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: WMPNetworkSvc ImagePath: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" C:\Program Files\Windows Media Player\wmpnetwk.exe 896512 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\Windows\system32\DRIVERS\wpdusb.sys 39936 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:04 Company: Microsoft Corporation ---------- Key: WPFFontCache_v0400 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 753504 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: ws2ifsl ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys C:\Windows\system32\drivers\ws2ifsl.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: WSearch ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding C:\Windows\system32\SearchIndexer.exe 439808 bytes Created: 22.08.2008 02:01 Modified: 27.05.2008 06:18 Company: Microsoft Corporation ---------- Key: WUDFRd ImagePath: system32\DRIVERS\WUDFRd.sys C:\Windows\system32\DRIVERS\WUDFRd.sys 83328 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- ************************************************************ 01:15:24: Scanning -----VXD ENTRIES----- ************************************************************ 01:15:24: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : SDWinLogon DLLName: SDWinLogon.dll SDWinLogon.dll - this reference has been removed [file not found to scan] ---------- ************************************************************ 01:16:10: Scanning ----- CONTEXTMENUHANDLERS ----- Key: SDECon32 CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC} Path: C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll 129080 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:06 Company: Safer-Networking Ltd. ---------- ************************************************************ 01:16:11: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {0561EC90-CE54-4f0c-9C55-E226110A740C} File: [CLSID does not appear to reference a file] ************************************************************ 01:16:11: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} BHO: mscoree.dll C:\Windows\system32\mscoree.dll 297808 bytes Created: 13.12.2011 03:20 Modified: 08.11.2009 10:55 Company: Microsoft Corporation ---------- Key: {2EECD738-5844-4a99-B4B6-146BF802613B} BHO: C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll 270960 bytes Created: 14.08.2011 13:24 Modified: 14.08.2011 13:24 Company: Babylon BHO ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll 3214392 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:06 Company: Safer-Networking Ltd. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2427968 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google Germany GmbH ---------- Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} BHO: "C:\Program Files\Microsoft\BingBar\BingExt.dll" C:\Program Files\Microsoft\BingBar\BingExt.dll 1219152 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- ************************************************************ 01:16:14: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 01:16:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 01:16:14: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 01:16:14: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL] File: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL 146432 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- ************************************************************ 01:16:15: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 01:16:15: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 02.11.2006 13:50 Modified: 30.05.2008 21:23 Company: [no info] -------------------- McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE 272528 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. -------------------- ************************************************************ 01:16:16: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Ron [C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 29.12.2007 17:55 Modified: 29.12.2007 17:55 Company: [no info] ---------- OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE 97680 bytes Created: 26.02.2009 15:24 Modified: 26.02.2009 15:24 Company: Microsoft Corporation ---------- Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - links to C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE 464896 bytes Created: 24.11.2009 12:04 Modified: 03.07.2009 11:58 Company: telegate MEDIA AG ---------- -------------------- ************************************************************ 01:16:17: Scanning ----- SCHEDULED TASKS ----- Taskname: {291ADD4D-0E9B-4351-B9AD-952063F19422} File: c:\program files\mozilla firefox\firefox.exe c:\program files\mozilla firefox\firefox.exe 917400 bytes Created: 19.01.2013 00:53 Modified: 19.01.2013 00:53 Company: Mozilla Corporation Parameters: Skype for Windows Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetup Comments: ---------- Taskname: {457B8049-2925-4140-93C1-9E2EF7B89B54} ---------- Taskname: {86EC80DD-C1C5-4381-B140-4ACC7D7D8650} ---------- Taskname: {B453A9D9-7772-402D-8F1D-A5EC4F67EC2B} File: C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Phone\Skype.exe -R- 17418928 bytes Created: 13.07.2012 12:33 Modified: 13.07.2012 12:33 Company: Skype Technologies S.A. Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetup Comments: ---------- Taskname: Adobe Flash Player Updater File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 07.06.2012 23:08 Modified: 17.01.2013 19:30 Company: Adobe Systems Incorporated Schedule: At 01:30:00 every day Next Run Time: 22.01.2013 01:30:00 Status: Ready Creator: Adobe Systems Incorporated Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern. ---------- Taskname: Check for updates (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe 3487240 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:08 Company: Safer-Networking Ltd. Parameters: /autoupdate /silent /autoclose Schedule: At logon Next Run Time: Status: Running Creator: Spybot - Search & Destroy 2 Comments: This task will regularly check for software updates, and install any available updates, to ensure you are well-protected. ---------- Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. Parameters: /c /nocrashserver Schedule: At 23:50:00 every day Next Run Time: 22.01.2013 23:50:00 Status: Ready Creator: Ron Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird. ---------- Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. Parameters: /ua /installsource scheduler Schedule: At 23:50:00 every day Next Run Time: 22.01.2013 02:50:00 Status: Ready Creator: Ron Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 22.01.2013 01:35:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 01:35:00 every day Next Run Time: 22.01.2013 01:35:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. Parameters: /c Schedule: At 19:01:00 every day Next Run Time: 22.01.2013 19:01:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 19:01:00 every day Next Run Time: 22.01.2013 02:01:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: Refresh immunization (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe 3653656 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. Parameters: /immunize /silent /autoclose Schedule: At 00:30:00 every Mittwoch of every week, starting 22.01.2013 Next Run Time: 23.01.2013 00:30:00 Status: Ready Creator: Spybot - Search & Destroy 2 Comments: This task will update your immunization, keeping your browsers protected against known malware sites, cookies and more. ---------- Taskname: Scan the system (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe 3906584 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. Parameters: /scan /cleanclose Schedule: At 00:30:00 on day 1 of month 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, starting 22.01.2013 Next Run Time: 01.02.2013 00:30:00 Status: Ready Creator: Spybot - Search & Destroy 2 Comments: A full system scan is recommended once per month. ---------- Taskname: User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089} File: C:\Windows\system32\msfeedssync.exe C:\Windows\system32\msfeedssync.exe 12800 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 08:33 Company: Microsoft Corporation Parameters: sync Schedule: Multiple schedule times Next Run Time: 22.01.2013 01:20:00 Status: Ready Creator: Ron Comments: Updates out-of-date system feeds. ---------- ************************************************************ 01:16:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 01:16:31: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: vidc.VP40 File: vp4vfw.dll vp4vfw.dll - [file not found to scan] ---------- Value: vidc.VP60 File: vp6vfw.dll C:\Windows\system32\vp6vfw.dll -S- 425984 bytes Created: 15.12.2003 16:11 Modified: 15.12.2003 16:11 Company: On2.com ---------- Value: vidc.VP50 File: vp5vfw.dll vp5vfw.dll - [file not found to scan] ---------- Value: vidc.VP61 File: vp6vfw.dll C:\Windows\system32\vp6vfw.dll - file already scanned ---------- Value: VIDC.ACDV File: ACDV.dll C:\Windows\system32\ACDV.dll 462848 bytes Created: 20.06.2005 13:56 Modified: 20.06.2005 13:56 Company: ACD Systems ---------- Value: msacm.divxa32 File: divxa32.acm C:\Windows\system32\divxa32.acm 287744 bytes Created: 08.06.2007 13:39 Modified: 08.06.2007 13:39 Company: Kristal Studio ---------- Value: VIDC.FFDS File: ff_vfw.dll C:\Windows\system32\ff_vfw.dll 7680 bytes Created: 12.06.2008 19:36 Modified: 12.06.2008 19:36 Company: [no info] ---------- Value: vidc.DIVX File: DivX.dll C:\Windows\system32\DivX.dll 684032 bytes Created: 21.11.2008 22:45 Modified: 21.11.2008 22:45 Company: DivX, Inc. ---------- Value: vidc.yv12 File: DivX.dll C:\Windows\system32\DivX.dll - file already scanned ---------- ************************************************************ 01:16:36: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 189897 bytes Created: 05.10.2010 12:23 Modified: 05.10.2010 12:23 Company: [no info] ---------- Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 189897 bytes Created: 05.10.2010 12:23 Modified: 05.10.2010 12:23 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Checks for Backdoor.ZeroAccess completed ---------- Additional checks completed ************************************************************ 01:16:39: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 64000 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe 6144 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\wininit.exe 96768 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\services.exe 279040 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsm.exe 229888 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\winlogon.exe 314880 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe 21504 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\taskeng.exe 171520 bytes Created: 12.12.2011 14:07 Modified: 05.11.2010 01:53 Company: Microsoft Corporation -------------------- C:\Windows\system32\Dwm.exe 81920 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe 272528 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. -------------------- C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE 464896 bytes Created: 24.11.2009 12:04 Modified: 03.07.2009 11:58 Company: telegate MEDIA AG -------------------- C:\Windows\system32\igfxsrvc.exe 256536 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- C:\Windows\ehome\ehmsas.exe 37376 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 905216 bytes Created: 23.12.2006 17:04 Modified: 23.12.2006 17:04 Company: Nero AG -------------------- C:\Windows\system32\SearchIndexer.exe 439808 bytes Created: 22.08.2008 02:01 Modified: 27.05.2008 06:18 Company: Microsoft Corporation -------------------- C:\Windows\system32\WUDFHost.exe 142336 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 13019280 bytes Created: 25.09.2012 16:01 Modified: 25.09.2012 16:01 Company: Microsoft Corporation -------------------- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 130560 bytes Created: 19.09.2008 08:52 Modified: 19.09.2008 08:52 Company: -------------------- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 119808 bytes Created: 03.06.2008 08:02 Modified: 03.06.2008 08:02 Company: -------------------- C:\Windows\system32\wuauclt.exe 53472 bytes Created: 12.12.2011 12:33 Modified: 07.08.2009 03:24 Company: Microsoft Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 4766968 [This is a Trojan Remover component] -------------------- -------------------- C:\Windows\system32\conime.exe 69120 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Mozilla Firefox\plugin-container.exe 17304 bytes Created: 19.01.2013 00:53 Modified: 19.01.2013 00:53 Company: Mozilla Corporation -------------------- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe 1808392 bytes Created: 17.01.2013 19:30 Modified: 17.01.2013 19:30 Company: Adobe Systems, Inc. -------------------- ************************************************************ 01:16:47: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": Bing HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": Bing HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": Babylon Search HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": Sign In HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 01:16:47 22 Jan 2013 Total Scan time: 00:07:09 ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations Scan cancelled by User 22.01.2013 01:22:00: restart commenced ************************************************************ |
|
23.01.2013, 14:54
| #9 |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! das ist nur harmloses zeug, dazu kommen wir später. trojan remover log, gabs da was?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 14:55
| #10 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Des weiteren habe ich auf dem trojan remover noch folgendes gefunden: ***** THE SYSTEM HAS BEEN RESTARTED ***** 22.01.2013 01:26:02: Trojan Remover has been restarted ======================================================= Removing the following registry keys: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\SDWinLogon - already removed (or did not exist) ======================================================= 22.01.2013 01:26:02: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com [Unregistered version] Scan started at: 01:09:37 22 Jan 2013 Using Database v8032 Operating System: Windows Vista Home Premium (SP1) [Build: 6.0.6001] File System: NTFS User Account Control is Enabled UserData directory: C:\Users\Ron\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Ron\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ 01:09:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- No modified default file associations detected ************************************************************ 01:09:38: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 01:09:46: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: C:\Windows\Explorer.exe C:\Windows\Explorer.exe 2927104 bytes Created: 12.12.2008 02:55 Modified: 29.10.2008 07:29 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 25088 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: [Windows Defender] Value Data: [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] C:\Program Files\Windows Defender\MSASCui.exe 1008184 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:38 Company: Microsoft Corporation -------------------- Value Name: [RtHDVCpl] Value Data: [RtHDVCpl.exe] C:\Windows\RtHDVCpl.exe 4702208 bytes Created: 26.10.2007 13:50 Modified: 17.08.2007 12:27 Company: Realtek Semiconductor -------------------- Value Name: [Adobe Reader Speed Launcher] Value Data: ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe 40048 bytes Created: 11.05.2007 02:06 Modified: 11.05.2007 02:06 Company: Adobe Systems Incorporated -------------------- Value Name: [NeroFilterCheck] Value Data: [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe 155648 bytes Created: 12.01.2006 14:40 Modified: 12.01.2006 14:40 Company: Nero AG -------------------- Value Name: [Google Desktop Search] Value Data: ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 220160 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google -------------------- Value Name: [toolbar_eula_launcher] Value Data: [C:\Program Files\GoogleEULA\EULALauncher.exe] C:\Program Files\GoogleEULA\EULALauncher.exe 16896 bytes Created: 26.10.2007 15:09 Modified: 09.02.2007 14:54 Company: -------------------- Value Name: [GrooveMonitor] Value Data: ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 30040 bytes Created: 26.02.2009 18:36 Modified: 26.02.2009 18:36 Company: Microsoft Corporation -------------------- Value Name: [IgfxTray] Value Data: [C:\Windows\system32\igfxtray.exe] C:\Windows\system32\igfxtray.exe 141848 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- Value Name: [HotKeysCmds] Value Data: [C:\Windows\system32\hkcmd.exe] C:\Windows\system32\hkcmd.exe 166424 bytes Created: 02.01.2008 17:06 Modified: 02.01.2008 17:06 Company: Intel Corporation -------------------- Value Name: [Persistence] Value Data: [C:\Windows\system32\igfxpers.exe] C:\Windows\system32\igfxpers.exe 133656 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- Value Name: [Skytel] Value Data: [Skytel.exe] C:\Windows\Skytel.exe 1826816 bytes Created: 26.10.2007 13:50 Modified: 03.08.2007 12:22 Company: Realtek Semiconductor Corp. -------------------- Value Name: [avgnt] Value Data: ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 266497 bytes Created: 02.09.2008 13:13 Modified: 12.06.2008 13:28 Company: Avira GmbH -------------------- Value Name: [HP Software Update] Value Data: [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 49152 bytes Created: 10.12.2006 20:52 Modified: 10.12.2006 20:52 Company: Hewlett-Packard Co. -------------------- Value Name: [NPSStartup] - blank or invalid data -------------------- Value Name: [VX1000] Value Data: [C:\Windows\vVX1000.exe] C:\Windows\vVX1000.exe 757248 bytes Created: 26.06.2009 16:21 Modified: 26.06.2009 16:21 Company: Microsoft Corporation -------------------- Value Name: [LifeCam] Value Data: ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"] C:\Program Files\Microsoft LifeCam\LifeExp.exe 118640 bytes Created: 24.07.2009 15:05 Modified: 24.07.2009 15:05 Company: Microsoft Corporation -------------------- Value Name: [APSDaemon] Value Data: ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 59280 bytes Created: 28.11.2012 14:13 Modified: 28.11.2012 14:13 Company: Apple Inc. -------------------- Value Name: [QuickTime Task] Value Data: ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] C:\Program Files\QuickTime\QTTask.exe 421888 bytes Created: 25.10.2012 03:12 Modified: 25.10.2012 03:12 Company: Apple Inc. -------------------- Value Name: [iTunesHelper] Value Data: ["C:\Program Files\iTunes\iTunesHelper.exe"] C:\Program Files\iTunes\iTunesHelper.exe 152544 bytes Created: 12.12.2012 13:57 Modified: 12.12.2012 13:57 Company: Apple Inc. -------------------- Value Name: [TrojanScanner] Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot] C:\Program Files\Trojan Remover\Trjscan.exe 1247504 bytes Created: 22.01.2013 01:06 Modified: 14.09.2012 11:58 Company: Simply Super Software -------------------- Value Name: [SDTray] Value Data: ["C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe 3825176 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:08 Company: Safer-Networking Ltd. -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: [Sidebar] Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] C:\Program Files\Windows Sidebar\sidebar.exe 1233920 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] Value Data: ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 143360 bytes Created: 23.12.2006 17:05 Modified: 23.12.2006 17:05 Company: Nero AG -------------------- Value Name: [Google Update] Value Data: ["C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c] C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. -------------------- Value Name: [PC Suite Tray] Value Data: ["C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 1205760 bytes Created: 03.12.2008 12:47 Modified: 03.12.2008 12:47 Company: Nokia -------------------- Value Name: [AutoStartNPSAgent] Value Data: [C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 98304 bytes Created: 13.12.2008 17:51 Modified: 13.12.2008 17:51 Company: Samsung Electronics Co., Ltd. -------------------- Value Name: [ehTray.exe] Value Data: [C:\Windows\ehome\ehTray.exe] C:\Windows\ehome\ehTray.exe 125952 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [Facebook Update] Value Data: ["C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver] C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. -------------------- Value Name: [WMPNSCFG] Value Data: [C:\Program Files\Windows Media Player\WMPNSCFG.exe] C:\Program Files\Windows Media Player\WMPNSCFG.exe 202240 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- Value Name: [Skype] Value Data: ["C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun] C:\Program Files\Skype\Phone\Skype.exe -R- 17418928 bytes Created: 13.07.2012 12:33 Modified: 13.07.2012 12:33 Company: Skype Technologies S.A. -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 01:11:06: Scanning -----SHELLEXECUTEHOOKS----- ************************************************************ 01:11:07: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 01:11:08: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 01:11:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 01:11:11: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 01:11:33: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ACPI ImagePath: system32\drivers\acpi.sys C:\Windows\system32\drivers\acpi.sys 266808 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: AdobeFlashPlayerUpdateSvc ImagePath: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 07.06.2012 23:08 Modified: 17.01.2013 19:30 Company: Adobe Systems Incorporated ---------- Key: adp94xx ImagePath: \SystemRoot\system32\drivers\adp94xx.sys C:\Windows\system32\drivers\adp94xx.sys 420968 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: adpahci ImagePath: \SystemRoot\system32\drivers\adpahci.sys C:\Windows\system32\drivers\adpahci.sys 297576 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: adpu160m ImagePath: \SystemRoot\system32\drivers\adpu160m.sys C:\Windows\system32\drivers\adpu160m.sys 98408 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: adpu320 ImagePath: \SystemRoot\system32\drivers\adpu320.sys C:\Windows\system32\drivers\adpu320.sys 147048 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Adaptec, Inc. ---------- Key: AFD ImagePath: \SystemRoot\system32\drivers\afd.sys C:\Windows\system32\drivers\afd.sys 273408 bytes Created: 12.12.2011 14:08 Modified: 21.04.2011 14:16 Company: Microsoft Corporation ---------- Key: agp440 ImagePath: \SystemRoot\system32\drivers\agp440.sys C:\Windows\system32\drivers\agp440.sys 53864 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: aic78xx ImagePath: \SystemRoot\system32\drivers\djsvs.sys C:\Windows\system32\drivers\djsvs.sys 71272 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: ALG ImagePath: %SystemRoot%\System32\alg.exe C:\Windows\System32\alg.exe 59392 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: aliide ImagePath: \SystemRoot\system32\drivers\aliide.sys C:\Windows\system32\drivers\aliide.sys 17592 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Acer Laboratories Inc. ---------- Key: amdagp ImagePath: \SystemRoot\system32\drivers\amdagp.sys C:\Windows\system32\drivers\amdagp.sys 54888 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: amdide ImagePath: \SystemRoot\system32\drivers\amdide.sys C:\Windows\system32\drivers\amdide.sys 18104 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: AmdK7 ImagePath: \SystemRoot\system32\drivers\amdk7.sys C:\Windows\system32\drivers\amdk7.sys 38912 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: AmdK8 ImagePath: \SystemRoot\system32\drivers\amdk8.sys C:\Windows\system32\drivers\amdk8.sys 40960 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: AntiVirScheduler ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 68865 bytes Created: 02.09.2008 13:13 Modified: 24.10.2008 13:15 Company: Avira GmbH ---------- Key: AntiVirService ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 151297 bytes Created: 02.09.2008 13:13 Modified: 24.10.2008 13:15 Company: Avira GmbH ---------- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 55184 bytes Created: 11.08.2012 16:43 Modified: 11.08.2012 16:43 Company: Apple Inc. ---------- Key: arc ImagePath: \SystemRoot\system32\drivers\arc.sys C:\Windows\system32\drivers\arc.sys 67688 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: arcsas ImagePath: \SystemRoot\system32\drivers\arcsas.sys C:\Windows\system32\drivers\arcsas.sys 67688 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Adaptec, Inc. ---------- Key: AsyncMac ImagePath: system32\DRIVERS\asyncmac.sys C:\Windows\system32\DRIVERS\asyncmac.sys 17408 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\atapi.sys 21560 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: avgio ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 11608 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: avgntflt ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 52056 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\Windows\system32\DRIVERS\avipbb.sys 75096 bytes Created: 02.09.2008 13:13 Modified: 27.05.2009 23:41 Company: Avira GmbH ---------- Key: BBSvc ImagePath: "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" C:\Program Files\Microsoft\BingBar\BBSvc.EXE 196176 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- Key: BBUpdate ImagePath: "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" C:\Program Files\Microsoft\BingBar\SeaPort.EXE 249648 bytes Created: 13.10.2011 17:21 Modified: 13.10.2011 17:21 Company: Microsoft Corporation ---------- Key: blbdrive ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 390504 bytes Created: 30.08.2011 23:05 Modified: 30.08.2011 23:05 Company: Apple Inc. ---------- Key: bowser ImagePath: system32\DRIVERS\bowser.sys C:\Windows\system32\DRIVERS\bowser.sys 69632 bytes Created: 12.12.2011 14:11 Modified: 22.02.2011 13:51 Company: Microsoft Corporation ---------- Key: BrFiltLo ImagePath: \SystemRoot\system32\drivers\brfiltlo.sys C:\Windows\system32\drivers\brfiltlo.sys 13568 bytes Created: 02.11.2006 10:38 Modified: 02.11.2006 09:24 Company: Brother Industries, Ltd. ---------- Key: BrFiltUp ImagePath: \SystemRoot\system32\drivers\brfiltup.sys C:\Windows\system32\drivers\brfiltup.sys 5248 bytes Created: 02.11.2006 10:37 Modified: 02.11.2006 09:24 Company: Brother Industries, Ltd. ---------- Key: Brserid ImagePath: \SystemRoot\system32\drivers\brserid.sys C:\Windows\system32\drivers\brserid.sys 71808 bytes Created: 02.11.2006 10:22 Modified: 02.11.2006 09:25 Company: Brother Industries Ltd. ---------- Key: BrSerWdm ImagePath: \SystemRoot\system32\drivers\brserwdm.sys C:\Windows\system32\drivers\brserwdm.sys 62336 bytes Created: 02.11.2006 10:36 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BrUsbMdm ImagePath: \SystemRoot\system32\drivers\brusbmdm.sys C:\Windows\system32\drivers\brusbmdm.sys 12160 bytes Created: 02.11.2006 10:37 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BrUsbSer ImagePath: \SystemRoot\system32\drivers\brusbser.sys C:\Windows\system32\drivers\brusbser.sys 11904 bytes Created: 02.11.2006 10:38 Modified: 02.11.2006 09:24 Company: Brother Industries Ltd. ---------- Key: BTHMODEM ImagePath: \SystemRoot\system32\drivers\bthmodem.sys C:\Windows\system32\drivers\bthmodem.sys 39936 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: cdfs ImagePath: system32\DRIVERS\cdfs.sys C:\Windows\system32\DRIVERS\cdfs.sys 70144 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: cdrom ImagePath: system32\DRIVERS\cdrom.sys C:\Windows\system32\DRIVERS\cdrom.sys 67072 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: circlass ImagePath: \SystemRoot\system32\drivers\circlass.sys C:\Windows\system32\drivers\circlass.sys 35328 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: CLFS ImagePath: System32\CLFS.sys C:\Windows\System32\CLFS.sys 247352 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: clr_optimization_v2.0.50727_32 ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 69632 bytes Created: 07.08.2009 02:02 Modified: 27.07.2008 19:03 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: cmdide ImagePath: \SystemRoot\system32\drivers\cmdide.sys C:\Windows\system32\drivers\cmdide.sys 19128 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: CMD Technology, Inc. ---------- Key: Compbatt ImagePath: \SystemRoot\system32\drivers\compbatt.sys C:\Windows\system32\drivers\compbatt.sys 18280 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: COMSysApp ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} C:\Windows\system32\dllhost.exe 7168 bytes Created: 02.11.2006 09:50 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: crcdisk ImagePath: system32\drivers\crcdisk.sys C:\Windows\system32\drivers\crcdisk.sys 22632 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: Crusoe ImagePath: \SystemRoot\system32\drivers\crusoe.sys C:\Windows\system32\drivers\crusoe.sys 38912 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: DfsC ImagePath: System32\Drivers\dfsc.sys C:\Windows\System32\Drivers\dfsc.sys 75264 bytes Created: 12.12.2011 14:09 Modified: 14.04.2011 15:24 Company: Microsoft Corporation ---------- Key: DFSR ImagePath: %SystemRoot%\system32\DFSR.exe C:\Windows\system32\DFSR.exe 2091520 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: disk ImagePath: system32\drivers\disk.sys C:\Windows\system32\drivers\disk.sys 55352 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: drmkaud ImagePath: system32\drivers\drmkaud.sys C:\Windows\system32\drivers\drmkaud.sys 5632 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: DXGKrnl ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys C:\Windows\System32\drivers\dxgkrnl.sys 625152 bytes Created: 10.09.2008 00:25 Modified: 02.08.2008 02:01 Company: Microsoft Corporation ---------- Key: e1express ImagePath: system32\DRIVERS\e1e6032.sys C:\Windows\system32\DRIVERS\e1e6032.sys 228224 bytes Created: 26.10.2007 13:15 Modified: 13.04.2007 12:22 Company: Intel Corporation ---------- Key: E1G60 ImagePath: system32\DRIVERS\E1G60I32.sys C:\Windows\system32\DRIVERS\E1G60I32.sys 117760 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 08:30 Company: Intel Corporation ---------- Key: Ecache ImagePath: System32\drivers\ecache.sys C:\Windows\System32\drivers\ecache.sys 143416 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: ehRecvr ImagePath: %systemroot%\ehome\ehRecvr.exe C:\Windows\ehome\ehRecvr.exe 292352 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: ehSched ImagePath: %systemroot%\ehome\ehsched.exe C:\Windows\ehome\ehsched.exe 131072 bytes Created: 02.11.2006 13:35 Modified: 02.11.2006 13:35 Company: Microsoft Corporation ---------- Key: elxstor ImagePath: \SystemRoot\system32\drivers\elxstor.sys C:\Windows\system32\drivers\elxstor.sys 316520 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Emulex ---------- Key: fdc ImagePath: system32\DRIVERS\fdc.sys C:\Windows\system32\DRIVERS\fdc.sys 25088 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: FileInfo ImagePath: system32\drivers\fileinfo.sys C:\Windows\system32\drivers\fileinfo.sys 58936 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: Filetrace ImagePath: system32\drivers\filetrace.sys C:\Windows\system32\drivers\filetrace.sys 27648 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:30 Company: Microsoft Corporation ---------- Key: flpydisk ImagePath: system32\DRIVERS\flpydisk.sys C:\Windows\system32\DRIVERS\flpydisk.sys 20480 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: FltMgr ImagePath: system32\drivers\fltmgr.sys C:\Windows\system32\drivers\fltmgr.sys 192056 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: FontCache3.0.0.0 ImagePath: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 46104 bytes Created: 07.08.2009 02:14 Modified: 20.06.2008 02:14 Company: Microsoft Corporation ---------- Key: FsUsbExDisk ImagePath: \??\C:\Windows\system32\FsUsbExDisk.SYS C:\Windows\system32\FsUsbExDisk.SYS 36608 bytes Created: 10.02.2009 17:11 Modified: 13.12.2008 17:15 Company: [no info] ---------- Key: FsUsbExService ImagePath: C:\Windows\system32\FsUsbExService.Exe C:\Windows\system32\FsUsbExService.Exe 233472 bytes Created: 10.02.2009 17:11 Modified: 13.12.2008 17:15 Company: Teruten ---------- Key: gagp30kx ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys C:\Windows\system32\drivers\gagp30kx.sys 58984 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: GEARAspiWDM ImagePath: system32\DRIVERS\GEARAspiWDM.sys C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 26840 bytes Created: 03.01.2013 20:25 Modified: 21.08.2012 13:01 Company: GEAR Software Inc. ---------- Key: GoogleDesktopManager ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe" C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe 69120 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- Key: gupdate ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. ---------- Key: gupdatem ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 138168 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- Key: HdAudAddService ImagePath: system32\drivers\HdAudio.sys C:\Windows\system32\drivers\HdAudio.sys 235520 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 08:36 Company: Microsoft Corporation ---------- Key: HDAudBus ImagePath: system32\DRIVERS\HDAudBus.sys C:\Windows\system32\DRIVERS\HDAudBus.sys 53760 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 05:30 Company: Microsoft Corporation ---------- Key: HidBth ImagePath: \SystemRoot\system32\drivers\hidbth.sys C:\Windows\system32\drivers\hidbth.sys 29184 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: HidIr ImagePath: \SystemRoot\system32\drivers\hidir.sys C:\Windows\system32\drivers\hidir.sys 21504 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: HidUsb ImagePath: system32\DRIVERS\hidusb.sys C:\Windows\system32\DRIVERS\hidusb.sys 12288 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: HpCISSs ImagePath: \SystemRoot\system32\drivers\hpcisss.sys C:\Windows\system32\drivers\hpcisss.sys 37480 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Hewlett-Packard Company ---------- Key: HTTP ImagePath: system32\drivers\HTTP.sys C:\Windows\system32\drivers\HTTP.sys 411136 bytes Created: 13.12.2011 03:16 Modified: 20.02.2010 22:18 Company: Microsoft Corporation ---------- Key: i2omp ImagePath: \SystemRoot\system32\drivers\i2omp.sys C:\Windows\system32\drivers\i2omp.sys 27752 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: i8042prt ImagePath: system32\DRIVERS\i8042prt.sys C:\Windows\system32\DRIVERS\i8042prt.sys 54784 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iastorv.sys C:\Windows\system32\drivers\iastorv.sys 232040 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: Intel Corporation ---------- Key: idsvc ImagePath: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 881664 bytes Created: 07.08.2009 02:14 Modified: 20.06.2008 02:14 Company: Microsoft Corporation ---------- Key: igfx ImagePath: system32\DRIVERS\igdkmd32.sys C:\Windows\system32\DRIVERS\igdkmd32.sys 2016256 bytes Created: 02.01.2008 16:48 Modified: 02.01.2008 16:48 Company: Intel Corporation ---------- Key: iirsp ImagePath: \SystemRoot\system32\drivers\iirsp.sys C:\Windows\system32\drivers\iirsp.sys 41576 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Intel Corp./ICP vortex GmbH ---------- Key: IntcAzAudAddService ImagePath: system32\drivers\RTKVHDA.sys C:\Windows\system32\drivers\RTKVHDA.sys 1950552 bytes Created: 26.10.2007 13:50 Modified: 22.08.2007 17:44 Company: Realtek Semiconductor Corp. ---------- Key: intelide ImagePath: \SystemRoot\system32\drivers\intelide.sys C:\Windows\system32\drivers\intelide.sys 17592 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: intelppm ImagePath: system32\DRIVERS\intelppm.sys C:\Windows\system32\DRIVERS\intelppm.sys 41472 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:27 Company: Microsoft Corporation ---------- Key: IpFilterDriver ImagePath: system32\DRIVERS\ipfltdrv.sys C:\Windows\system32\DRIVERS\ipfltdrv.sys 47616 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: IPMIDRV ImagePath: \SystemRoot\system32\drivers\ipmidrv.sys C:\Windows\system32\drivers\ipmidrv.sys 65536 bytes Created: 02.11.2006 09:42 Modified: 02.11.2006 09:42 Company: Microsoft Corporation ---------- Key: IPNAT ImagePath: system32\DRIVERS\ipnat.sys C:\Windows\system32\DRIVERS\ipnat.sys 100864 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: iPod Service ImagePath: "C:\Program Files\iPod\bin\iPodService.exe" C:\Program Files\iPod\bin\iPodService.exe 553440 bytes Created: 12.12.2012 13:57 Modified: 12.12.2012 13:57 Company: Apple Inc. ---------- Key: IRENUM ImagePath: system32\drivers\irenum.sys C:\Windows\system32\drivers\irenum.sys 13312 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: isapnp ImagePath: \SystemRoot\system32\drivers\isapnp.sys C:\Windows\system32\drivers\isapnp.sys 47208 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: iScsiPrt ImagePath: system32\DRIVERS\msiscsi.sys C:\Windows\system32\DRIVERS\msiscsi.sys 181304 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: iteatapi ImagePath: \SystemRoot\system32\drivers\iteatapi.sys C:\Windows\system32\drivers\iteatapi.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Integrated Technology Express, Inc. ---------- Key: iteraid ImagePath: \SystemRoot\system32\drivers\iteraid.sys C:\Windows\system32\drivers\iteraid.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Integrated Technology Express, Inc. ---------- Key: kbdclass ImagePath: system32\DRIVERS\kbdclass.sys C:\Windows\system32\DRIVERS\kbdclass.sys 35384 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: kbdhid ImagePath: system32\DRIVERS\kbdhid.sys C:\Windows\system32\DRIVERS\kbdhid.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: KeyIso ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: KSecDD ImagePath: System32\Drivers\ksecdd.sys C:\Windows\System32\Drivers\ksecdd.sys 439896 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 19:20 Company: Microsoft Corporation ---------- Key: LightScribeService ImagePath: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" C:\Program Files\Common Files\LightScribe\LSSrvc.exe 61440 bytes Created: 19.10.2006 12:52 Modified: 19.10.2006 12:52 Company: Hewlett-Packard Company ---------- Key: lltdio ImagePath: system32\DRIVERS\lltdio.sys C:\Windows\system32\DRIVERS\lltdio.sys 47104 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: LSI_FC ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys C:\Windows\system32\drivers\lsi_fc.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: LSI_SAS ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys C:\Windows\system32\drivers\lsi_sas.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: LSI_SCSI ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys C:\Windows\system32\drivers\lsi_scsi.sys 65640 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: luafv ImagePath: \SystemRoot\system32\drivers\luafv.sys C:\Windows\system32\drivers\luafv.sys 84480 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:30 Company: Microsoft Corporation ---------- Key: McComponentHostService ImagePath: "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 237008 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. ---------- Key: megasas ImagePath: \SystemRoot\system32\drivers\megasas.sys C:\Windows\system32\drivers\megasas.sys 28776 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic Corporation ---------- Key: Microsoft Office Groove Audit Service ImagePath: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 64856 bytes Created: 26.02.2009 18:36 Modified: 26.02.2009 18:36 Company: Microsoft Corporation ---------- Key: Modem ImagePath: system32\drivers\modem.sys C:\Windows\system32\drivers\modem.sys 31744 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:57 Company: Microsoft Corporation ---------- Key: monitor ImagePath: system32\DRIVERS\monitor.sys C:\Windows\system32\DRIVERS\monitor.sys 41984 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:52 Company: Microsoft Corporation ---------- Key: mouclass ImagePath: system32\DRIVERS\mouclass.sys C:\Windows\system32\DRIVERS\mouclass.sys 34360 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: mouhid ImagePath: system32\DRIVERS\mouhid.sys C:\Windows\system32\DRIVERS\mouhid.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MountMgr ImagePath: System32\drivers\mountmgr.sys C:\Windows\System32\drivers\mountmgr.sys 57400 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: MozillaMaintenance ImagePath: C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 115608 bytes Created: 28.04.2012 22:38 Modified: 19.01.2013 00:53 Company: Mozilla Foundation ---------- Key: mpio ImagePath: \SystemRoot\system32\drivers\mpio.sys C:\Windows\system32\drivers\mpio.sys 78952 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: mpsdrv ImagePath: System32\drivers\mpsdrv.sys C:\Windows\System32\drivers\mpsdrv.sys 64000 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:54 Company: Microsoft Corporation ---------- Key: Mraid35x ImagePath: \SystemRoot\system32\drivers\mraid35x.sys C:\Windows\system32\drivers\mraid35x.sys 33384 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic Corporation ---------- Key: MRxDAV ImagePath: \SystemRoot\system32\drivers\mrxdav.sys C:\Windows\system32\drivers\mrxdav.sys 110080 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: mrxsmb ImagePath: system32\DRIVERS\mrxsmb.sys C:\Windows\system32\DRIVERS\mrxsmb.sys 105984 bytes Created: 12.12.2011 14:09 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: mrxsmb10 ImagePath: system32\DRIVERS\mrxsmb10.sys C:\Windows\system32\DRIVERS\mrxsmb10.sys 213504 bytes Created: 12.12.2011 14:09 Modified: 06.07.2011 15:56 Company: Microsoft Corporation ---------- Key: mrxsmb20 ImagePath: system32\DRIVERS\mrxsmb20.sys C:\Windows\system32\DRIVERS\mrxsmb20.sys 79360 bytes Created: 12.12.2011 14:09 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: msahci ImagePath: \SystemRoot\system32\drivers\msahci.sys C:\Windows\system32\drivers\msahci.sys 25784 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: Microsoft Corporation ---------- Key: MSCamSvc ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" C:\Program Files\Microsoft LifeCam\MSCamS32.exe 139120 bytes Created: 24.07.2009 15:05 Modified: 24.07.2009 15:05 Company: Microsoft Corporation ---------- Key: msdsm ImagePath: \SystemRoot\system32\drivers\msdsm.sys C:\Windows\system32\drivers\msdsm.sys 80488 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: MSDTC ImagePath: %SystemRoot%\System32\msdtc.exe C:\Windows\System32\msdtc.exe 105984 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: msisadrv ImagePath: system32\drivers\msisadrv.sys C:\Windows\system32\drivers\msisadrv.sys 16440 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V C:\Windows\system32\msiexec - [file not found to scan] ---------- Key: MSKSSRV ImagePath: system32\drivers\MSKSSRV.sys C:\Windows\system32\drivers\MSKSSRV.sys 8192 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MSPCLOCK ImagePath: system32\drivers\MSPCLOCK.sys C:\Windows\system32\drivers\MSPCLOCK.sys 5888 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: MSPQM ImagePath: system32\drivers\MSPQM.sys C:\Windows\system32\drivers\MSPQM.sys 5504 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: mssmbios ImagePath: system32\DRIVERS\mssmbios.sys C:\Windows\system32\DRIVERS\mssmbios.sys 31288 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: MSTEE ImagePath: system32\drivers\MSTEE.sys C:\Windows\system32\drivers\MSTEE.sys 6016 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: Mup ImagePath: System32\Drivers\mup.sys C:\Windows\System32\Drivers\mup.sys 49720 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: NativeWifiP ImagePath: system32\DRIVERS\nwifi.sys C:\Windows\system32\DRIVERS\nwifi.sys 148480 bytes Created: 10.09.2008 00:25 Modified: 20.05.2008 03:07 Company: Microsoft Corporation ---------- Key: NBService ImagePath: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 774144 bytes Created: 05.12.2006 11:44 Modified: 05.12.2006 11:44 Company: Nero AG ---------- Key: NDIS ImagePath: system32\drivers\ndis.sys C:\Windows\system32\drivers\ndis.sys 529464 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: NdisTapi ImagePath: system32\DRIVERS\ndistapi.sys C:\Windows\system32\DRIVERS\ndistapi.sys 20992 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Ndisuio ImagePath: system32\DRIVERS\ndisuio.sys C:\Windows\system32\DRIVERS\ndisuio.sys 16896 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: NdisWan ImagePath: system32\DRIVERS\ndiswan.sys C:\Windows\system32\DRIVERS\ndiswan.sys 121344 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: NetBIOS ImagePath: system32\DRIVERS\netbios.sys C:\Windows\system32\DRIVERS\netbios.sys 35840 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: netbt ImagePath: System32\DRIVERS\netbt.sys C:\Windows\System32\DRIVERS\netbt.sys 184320 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: Netlogon ImagePath: %systemroot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: nfrd960 ImagePath: \SystemRoot\system32\drivers\nfrd960.sys C:\Windows\system32\drivers\nfrd960.sys 45160 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: IBM Corporation ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 262144 bytes Created: 23.12.2006 16:54 Modified: 23.12.2006 16:54 Company: Nero AG ---------- Key: nmwcd ImagePath: system32\drivers\ccdcmb.sys C:\Windows\system32\drivers\ccdcmb.sys 17664 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Nokia ---------- Key: nmwcdc ImagePath: system32\drivers\ccdcmbo.sys C:\Windows\system32\drivers\ccdcmbo.sys 22016 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Nokia ---------- Key: nsiproxy ImagePath: system32\drivers\nsiproxy.sys C:\Windows\system32\drivers\nsiproxy.sys 16384 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: ntrigdigi ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys C:\Windows\system32\drivers\ntrigdigi.sys 20608 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 08:36 Company: N-trig Innovative Technologies ---------- Key: nvraid ImagePath: \SystemRoot\system32\drivers\nvraid.sys C:\Windows\system32\drivers\nvraid.sys 88680 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: NVIDIA Corporation ---------- Key: nvstor ImagePath: \SystemRoot\system32\drivers\nvstor.sys C:\Windows\system32\drivers\nvstor.sys 40040 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: NVIDIA Corporation ---------- Key: nv_agp ImagePath: \SystemRoot\system32\drivers\nv_agp.sys C:\Windows\system32\drivers\nv_agp.sys 106600 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: odserv ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 440696 bytes Created: 20.07.2011 05:18 Modified: 20.07.2011 05:18 Company: Microsoft Corporation ---------- Key: ohci1394 ImagePath: system32\DRIVERS\ohci1394.sys C:\Windows\system32\DRIVERS\ohci1394.sys 61952 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: ose ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 145184 bytes Created: 26.10.2006 14:03 Modified: 26.10.2006 14:03 Company: Microsoft Corporation ---------- Key: Parport ImagePath: \SystemRoot\system32\drivers\parport.sys C:\Windows\system32\drivers\parport.sys 79360 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: partmgr ImagePath: System32\drivers\partmgr.sys C:\Windows\System32\drivers\partmgr.sys 56376 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: Parvdm ImagePath: \SystemRoot\system32\drivers\parvdm.sys C:\Windows\system32\drivers\parvdm.sys 8704 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: pccsmcfd ImagePath: system32\DRIVERS\pccsmcfd.sys C:\Windows\system32\DRIVERS\pccsmcfd.sys 18816 bytes Created: 10.02.2009 16:37 Modified: 26.08.2008 09:26 Company: Nokia ---------- Key: pci ImagePath: system32\drivers\pci.sys C:\Windows\system32\drivers\pci.sys 151096 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: pciide ImagePath: system32\drivers\pciide.sys C:\Windows\system32\drivers\pciide.sys 16440 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: pcmcia ImagePath: \SystemRoot\system32\drivers\pcmcia.sys C:\Windows\system32\drivers\pcmcia.sys 167528 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:51 Company: Microsoft Corporation ---------- Key: PEAUTH ImagePath: system32\drivers\peauth.sys C:\Windows\system32\drivers\peauth.sys 878080 bytes Created: 02.11.2006 10:04 Modified: 02.11.2006 10:04 Company: Microsoft Corporation ---------- Key: pfc ImagePath: system32\drivers\pfc.sys C:\Windows\system32\drivers\pfc.sys 10368 bytes Created: 03.01.2008 14:18 Modified: 03.01.2008 14:18 Company: Padus, Inc. ---------- Key: PptpMiniport ImagePath: system32\DRIVERS\raspptp.sys C:\Windows\system32\DRIVERS\raspptp.sys 62976 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Processor ImagePath: \SystemRoot\system32\drivers\processr.sys C:\Windows\system32\drivers\processr.sys 38400 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: ProtectedStorage ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: PSched ImagePath: system32\DRIVERS\pacer.sys C:\Windows\system32\DRIVERS\pacer.sys 72192 bytes Created: 12.07.2008 14:46 Modified: 05.04.2008 02:21 Company: Microsoft Corporation ---------- Key: ql2300 ImagePath: \SystemRoot\system32\drivers\ql2300.sys C:\Windows\system32\drivers\ql2300.sys 900712 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: QLogic Corporation ---------- Key: ql40xx ImagePath: \SystemRoot\system32\drivers\ql40xx.sys C:\Windows\system32\drivers\ql40xx.sys 106088 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: QLogic Corporation ---------- Key: QWAVEdrv ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys C:\Windows\system32\drivers\qwavedrv.sys 31232 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasAcd ImagePath: System32\DRIVERS\rasacd.sys C:\Windows\System32\DRIVERS\rasacd.sys 11776 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Rasl2tp ImagePath: system32\DRIVERS\rasl2tp.sys C:\Windows\system32\DRIVERS\rasl2tp.sys 76288 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasPppoe ImagePath: system32\DRIVERS\raspppoe.sys C:\Windows\system32\DRIVERS\raspppoe.sys 41472 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: RasSstp ImagePath: system32\DRIVERS\rassstp.sys C:\Windows\system32\DRIVERS\rassstp.sys 69120 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: rdbss ImagePath: system32\DRIVERS\rdbss.sys C:\Windows\system32\DRIVERS\rdbss.sys 224768 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: RDPCDD ImagePath: System32\DRIVERS\RDPCDD.sys C:\Windows\System32\DRIVERS\RDPCDD.sys 6144 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: rdpdr ImagePath: \SystemRoot\system32\drivers\rdpdr.sys C:\Windows\system32\drivers\rdpdr.sys 242688 bytes Created: 02.11.2006 10:03 Modified: 02.11.2006 10:03 Company: Microsoft Corporation ---------- Key: RDPENCDD ImagePath: system32\drivers\rdpencdd.sys C:\Windows\system32\drivers\rdpencdd.sys 6144 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: RpcLocator ImagePath: %SystemRoot%\system32\locator.exe C:\Windows\system32\locator.exe 7680 bytes Created: 02.11.2006 09:50 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: rspndr ImagePath: system32\DRIVERS\rspndr.sys C:\Windows\system32\DRIVERS\rspndr.sys 60416 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: SamSs ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\system32\lsass.exe 9728 bytes Created: 12.12.2011 14:13 Modified: 15.06.2009 13:57 Company: Microsoft Corporation ---------- Key: sbp2port ImagePath: \SystemRoot\system32\drivers\sbp2port.sys C:\Windows\system32\drivers\sbp2port.sys 76392 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: SDScannerService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 1103392 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: SDUpdateService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 1369624 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: SDWSCService ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe 168384 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. ---------- Key: Serenum ImagePath: system32\DRIVERS\serenum.sys C:\Windows\system32\DRIVERS\serenum.sys 17920 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: Serial ImagePath: system32\DRIVERS\serial.sys C:\Windows\system32\DRIVERS\serial.sys 83456 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: sermouse ImagePath: \SystemRoot\system32\drivers\sermouse.sys C:\Windows\system32\drivers\sermouse.sys 19968 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:49 Company: Microsoft Corporation ---------- Key: ServiceLayer ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 620544 bytes Created: 11.11.2008 09:38 Modified: 11.11.2008 09:38 Company: Nokia. ---------- Key: sffdisk ImagePath: \SystemRoot\system32\drivers\sffdisk.sys C:\Windows\system32\drivers\sffdisk.sys 13312 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sffp_mmc ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys C:\Windows\system32\drivers\sffp_mmc.sys 12800 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sffp_sd ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys C:\Windows\system32\drivers\sffp_sd.sys 12800 bytes Created: 02.11.2006 09:51 Modified: 15.10.2007 21:54 Company: Microsoft Corporation ---------- Key: sfloppy ImagePath: \SystemRoot\system32\drivers\sfloppy.sys C:\Windows\system32\drivers\sfloppy.sys 13312 bytes Created: 02.11.2006 09:51 Modified: 02.11.2006 09:51 Company: Microsoft Corporation ---------- Key: sisagp ImagePath: \SystemRoot\system32\drivers\sisagp.sys C:\Windows\system32\drivers\sisagp.sys 53352 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: SiSRaid2 ImagePath: \SystemRoot\system32\drivers\sisraid2.sys C:\Windows\system32\drivers\sisraid2.sys 38504 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Silicon Integrated Systems Corp. ---------- Key: SiSRaid4 ImagePath: \SystemRoot\system32\drivers\sisraid4.sys C:\Windows\system32\drivers\sisraid4.sys 71784 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Silicon Integrated Systems ---------- Key: SkypeUpdate ImagePath: "C:\Program Files\Skype\Updater\Updater.exe" C:\Program Files\Skype\Updater\Updater.exe -R- 160944 bytes Created: 03.07.2012 12:19 Modified: 03.07.2012 12:19 Company: Skype Technologies ---------- Key: slsvc ImagePath: %SystemRoot%\system32\SLsvc.exe C:\Windows\system32\SLsvc.exe 2623488 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: Smb ImagePath: system32\DRIVERS\smb.sys C:\Windows\system32\DRIVERS\smb.sys 66560 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: SNMPTRAP ImagePath: %SystemRoot%\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe 12800 bytes Created: 02.11.2006 09:58 Modified: 02.11.2006 10:45 Company: Microsoft Corporation ---------- Key: Spooler ImagePath: %SystemRoot%\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe 126464 bytes Created: 12.12.2011 14:08 Modified: 17.08.2010 14:32 Company: Microsoft Corporation ---------- Key: srv ImagePath: System32\DRIVERS\srv.sys C:\Windows\System32\DRIVERS\srv.sys 304640 bytes Created: 12.12.2011 14:09 Modified: 18.02.2011 14:31 Company: Microsoft Corporation ---------- Key: srv2 ImagePath: System32\DRIVERS\srv2.sys C:\Windows\System32\DRIVERS\srv2.sys 146432 bytes Created: 12.12.2011 14:08 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: srvnet ImagePath: System32\DRIVERS\srvnet.sys C:\Windows\System32\DRIVERS\srvnet.sys 102400 bytes Created: 12.12.2011 14:08 Modified: 29.04.2011 13:49 Company: Microsoft Corporation ---------- Key: sscdbus ImagePath: system32\DRIVERS\sscdbus.sys C:\Windows\system32\DRIVERS\sscdbus.sys 87936 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: sscdmdfl ImagePath: system32\DRIVERS\sscdmdfl.sys C:\Windows\system32\DRIVERS\sscdmdfl.sys 14976 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: sscdmdm ImagePath: system32\DRIVERS\sscdmdm.sys C:\Windows\system32\DRIVERS\sscdmdm.sys 114304 bytes Created: 10.02.2009 17:12 Modified: 22.02.2008 15:33 Company: MCCI Corporation ---------- Key: ssmdrv ImagePath: system32\DRIVERS\ssmdrv.sys C:\Windows\system32\DRIVERS\ssmdrv.sys 21248 bytes Created: 02.09.2008 13:13 Modified: 08.11.2007 18:03 Company: AVIRA GmbH ---------- Key: swenum ImagePath: system32\DRIVERS\swenum.sys C:\Windows\system32\DRIVERS\swenum.sys 15288 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:41 Company: Microsoft Corporation ---------- Key: Symc8xx ImagePath: \SystemRoot\system32\drivers\symc8xx.sys C:\Windows\system32\drivers\symc8xx.sys 35944 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: Sym_hi ImagePath: \SystemRoot\system32\drivers\sym_hi.sys C:\Windows\system32\drivers\sym_hi.sys 31848 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:49 Company: LSI Logic ---------- Key: Sym_u3 ImagePath: \SystemRoot\system32\drivers\sym_u3.sys C:\Windows\system32\drivers\sym_u3.sys 34920 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: LSI Logic ---------- Key: Tcpip ImagePath: System32\drivers\tcpip.sys C:\Windows\System32\drivers\tcpip.sys 898952 bytes Created: 12.12.2011 14:05 Modified: 16.06.2010 16:59 Company: Microsoft Corporation ---------- Key: Tcpip6 ImagePath: system32\DRIVERS\tcpip.sys C:\Windows\system32\DRIVERS\tcpip.sys 898952 bytes Created: 12.12.2011 14:05 Modified: 16.06.2010 16:59 Company: Microsoft Corporation ---------- Key: tcpipreg ImagePath: System32\drivers\tcpipreg.sys C:\Windows\System32\drivers\tcpipreg.sys 30208 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: TDPIPE ImagePath: system32\drivers\tdpipe.sys C:\Windows\system32\drivers\tdpipe.sys 17920 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: TDTCP ImagePath: system32\drivers\tdtcp.sys C:\Windows\system32\drivers\tdtcp.sys 29184 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: tdx ImagePath: system32\DRIVERS\tdx.sys C:\Windows\system32\DRIVERS\tdx.sys 71680 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: TermDD ImagePath: system32\DRIVERS\termdd.sys C:\Windows\system32\DRIVERS\termdd.sys 54328 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: TrustedInstaller ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe 39424 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: tssecsrv ImagePath: System32\DRIVERS\tssecsrv.sys C:\Windows\System32\DRIVERS\tssecsrv.sys 23552 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:01 Company: Microsoft Corporation ---------- Key: tunmp ImagePath: system32\DRIVERS\tunmp.sys C:\Windows\system32\DRIVERS\tunmp.sys 15360 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:55 Company: Microsoft Corporation ---------- Key: tunnel ImagePath: system32\DRIVERS\tunnel.sys C:\Windows\system32\DRIVERS\tunnel.sys 25088 bytes Created: 13.03.2012 08:42 Modified: 18.02.2010 12:52 Company: Microsoft Corporation ---------- Key: uagp35 ImagePath: \SystemRoot\system32\drivers\uagp35.sys C:\Windows\system32\drivers\uagp35.sys 56936 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: udfs ImagePath: system32\DRIVERS\udfs.sys C:\Windows\system32\DRIVERS\udfs.sys 226816 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 06:28 Company: Microsoft Corporation ---------- Key: UI0Detect ImagePath: %SystemRoot%\system32\UI0Detect.exe C:\Windows\system32\UI0Detect.exe 35840 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: uliagpkx ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys C:\Windows\system32\drivers\uliagpkx.sys 58472 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:50 Company: Microsoft Corporation ---------- Key: uliahci ImagePath: \SystemRoot\system32\drivers\uliahci.sys C:\Windows\system32\drivers\uliahci.sys 235112 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:51 Company: ULi Electronics Inc. ---------- Key: UlSata ImagePath: \SystemRoot\system32\drivers\ulsata.sys C:\Windows\system32\drivers\ulsata.sys 98408 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Promise Technology, Inc. ---------- Key: ulsata2 ImagePath: \SystemRoot\system32\drivers\ulsata2.sys C:\Windows\system32\drivers\ulsata2.sys 115816 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: Promise Technology, Inc. ---------- Key: umbus ImagePath: system32\DRIVERS\umbus.sys C:\Windows\system32\DRIVERS\umbus.sys 34816 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: UnlockerDriver5 ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys C:\Program Files\Unlocker\UnlockerDriver5.sys 12352 bytes Created: 01.07.2010 18:11 Modified: 01.07.2010 18:11 Company: [no info] ---------- Key: upperdev ImagePath: system32\DRIVERS\usbser_lowerflt.sys C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 8064 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\Windows\System32\Drivers\usbaapl.sys 44544 bytes Created: 28.09.2012 10:32 Modified: 28.09.2012 10:32 Company: Apple, Inc. ---------- Key: usbaudio ImagePath: system32\drivers\usbaudio.sys C:\Windows\system32\drivers\usbaudio.sys 73088 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbccgp ImagePath: system32\DRIVERS\usbccgp.sys C:\Windows\system32\DRIVERS\usbccgp.sys 73216 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbcir ImagePath: \SystemRoot\system32\drivers\usbcir.sys C:\Windows\system32\drivers\usbcir.sys 68608 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: usbehci ImagePath: system32\DRIVERS\usbehci.sys C:\Windows\system32\DRIVERS\usbehci.sys 39424 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbhub ImagePath: system32\DRIVERS\usbhub.sys C:\Windows\system32\DRIVERS\usbhub.sys 194560 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbohci ImagePath: \SystemRoot\system32\drivers\usbohci.sys C:\Windows\system32\drivers\usbohci.sys 19456 bytes Created: 02.11.2006 09:55 Modified: 02.11.2006 09:55 Company: Microsoft Corporation ---------- Key: usbprint ImagePath: system32\DRIVERS\usbprint.sys C:\Windows\system32\DRIVERS\usbprint.sys 18944 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:14 Company: Microsoft Corporation ---------- Key: usbscan ImagePath: system32\DRIVERS\usbscan.sys C:\Windows\system32\DRIVERS\usbscan.sys 35328 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 07:14 Company: Microsoft Corporation ---------- Key: usbser ImagePath: system32\drivers\usbser.sys C:\Windows\system32\drivers\usbser.sys 28160 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: UsbserFilt ImagePath: system32\DRIVERS\usbser_lowerfltj.sys C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 8064 bytes Created: 15.09.2008 07:56 Modified: 15.09.2008 07:56 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: USBSTOR ImagePath: system32\DRIVERS\USBSTOR.SYS C:\Windows\system32\DRIVERS\USBSTOR.SYS 55296 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: usbuhci ImagePath: system32\DRIVERS\usbuhci.sys C:\Windows\system32\DRIVERS\usbuhci.sys 23552 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- Key: vds ImagePath: %SystemRoot%\System32\vds.exe C:\Windows\System32\vds.exe 382976 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: vga ImagePath: system32\DRIVERS\vgapnp.sys C:\Windows\system32\DRIVERS\vgapnp.sys 26112 bytes Created: 02.11.2006 11:25 Modified: 02.11.2006 09:53 Company: Microsoft Corporation ---------- Key: VgaSave ImagePath: \SystemRoot\System32\drivers\vga.sys C:\Windows\System32\drivers\vga.sys 25088 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:52 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: \SystemRoot\system32\drivers\viaagp.sys C:\Windows\system32\drivers\viaagp.sys 54376 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: ViaC7 ImagePath: \SystemRoot\system32\drivers\viac7.sys C:\Windows\system32\drivers\viac7.sys 39424 bytes Created: 02.11.2006 09:30 Modified: 02.11.2006 09:30 Company: Microsoft Corporation ---------- Key: viaide ImagePath: \SystemRoot\system32\drivers\viaide.sys C:\Windows\system32\drivers\viaide.sys 20152 bytes Created: 02.11.2006 09:51 Modified: 10.09.2007 12:13 Company: VIA Technologies, Inc. ---------- Key: volmgr ImagePath: system32\drivers\volmgr.sys C:\Windows\system32\drivers\volmgr.sys 52792 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: volmgrx ImagePath: System32\drivers\volmgrx.sys C:\Windows\System32\drivers\volmgrx.sys 294456 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: volsnap ImagePath: system32\drivers\volsnap.sys C:\Windows\system32\drivers\volsnap.sys 227896 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:42 Company: Microsoft Corporation ---------- Key: vsmraid ImagePath: \SystemRoot\system32\drivers\vsmraid.sys C:\Windows\system32\drivers\vsmraid.sys 112232 bytes Created: 02.11.2006 08:36 Modified: 02.11.2006 10:50 Company: VIA Technologies Inc.,Ltd ---------- Key: VSS ImagePath: %systemroot%\system32\vssvc.exe C:\Windows\system32\vssvc.exe 1054720 bytes Created: 30.05.2008 14:27 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: VX1000 ImagePath: system32\DRIVERS\VX1000.sys C:\Windows\system32\DRIVERS\VX1000.sys 1956096 bytes Created: 26.06.2009 16:21 Modified: 26.06.2009 16:21 Company: Microsoft Corporation ---------- Key: WacomPen ImagePath: \SystemRoot\system32\drivers\wacompen.sys C:\Windows\system32\drivers\wacompen.sys 20608 bytes Created: 02.11.2006 09:52 Modified: 02.11.2006 09:52 Company: Microsoft Corporation ---------- Key: Wanarp ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\system32\DRIVERS\wanarp.sys 62464 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Wanarpv6 ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\system32\DRIVERS\wanarp.sys 62464 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: Wd ImagePath: \SystemRoot\system32\drivers\wd.sys C:\Windows\system32\drivers\wd.sys 19560 bytes Created: 02.11.2006 09:54 Modified: 02.11.2006 10:49 Company: Microsoft Corporation ---------- Key: Wdf01000 ImagePath: system32\drivers\Wdf01000.sys C:\Windows\system32\drivers\Wdf01000.sys 503864 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:43 Company: Microsoft Corporation ---------- Key: WmiAcpi ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys C:\Windows\system32\drivers\wmiacpi.sys 11264 bytes Created: 02.11.2006 09:35 Modified: 02.11.2006 09:35 Company: Microsoft Corporation ---------- Key: wmiApSrv ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe 137728 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: WMPNetworkSvc ImagePath: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" C:\Program Files\Windows Media Player\wmpnetwk.exe 896512 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\Windows\system32\DRIVERS\wpdusb.sys 39936 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 07:04 Company: Microsoft Corporation ---------- Key: WPFFontCache_v0400 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 753504 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: ws2ifsl ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys C:\Windows\system32\drivers\ws2ifsl.sys 15872 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 06:56 Company: Microsoft Corporation ---------- Key: WSearch ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding C:\Windows\system32\SearchIndexer.exe 439808 bytes Created: 22.08.2008 02:01 Modified: 27.05.2008 06:18 Company: Microsoft Corporation ---------- Key: WUDFRd ImagePath: system32\DRIVERS\WUDFRd.sys C:\Windows\system32\DRIVERS\WUDFRd.sys 83328 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 06:53 Company: Microsoft Corporation ---------- ************************************************************ 01:15:24: Scanning -----VXD ENTRIES----- ************************************************************ 01:15:24: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : SDWinLogon DLLName: SDWinLogon.dll SDWinLogon.dll - this reference has been removed [file not found to scan] ---------- ************************************************************ 01:16:10: Scanning ----- CONTEXTMENUHANDLERS ----- Key: SDECon32 CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC} Path: C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll 129080 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:06 Company: Safer-Networking Ltd. ---------- ************************************************************ 01:16:11: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {0561EC90-CE54-4f0c-9C55-E226110A740C} File: [CLSID does not appear to reference a file] ************************************************************ 01:16:11: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} BHO: mscoree.dll C:\Windows\system32\mscoree.dll 297808 bytes Created: 13.12.2011 03:20 Modified: 08.11.2009 10:55 Company: Microsoft Corporation ---------- Key: {2EECD738-5844-4a99-B4B6-146BF802613B} BHO: C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll 270960 bytes Created: 14.08.2011 13:24 Modified: 14.08.2011 13:24 Company: Babylon BHO ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll 3214392 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:06 Company: Safer-Networking Ltd. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2427968 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google Germany GmbH ---------- Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} BHO: "C:\Program Files\Microsoft\BingBar\BingExt.dll" C:\Program Files\Microsoft\BingBar\BingExt.dll 1219152 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- ************************************************************ 01:16:14: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 01:16:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 01:16:14: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 01:16:14: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL] File: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL 146432 bytes Created: 26.10.2007 15:09 Modified: 26.10.2007 15:09 Company: Google ---------- ************************************************************ 01:16:15: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 01:16:15: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 02.11.2006 13:50 Modified: 30.05.2008 21:23 Company: [no info] -------------------- McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE 272528 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. -------------------- ************************************************************ 01:16:16: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Ron [C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 29.12.2007 17:55 Modified: 29.12.2007 17:55 Company: [no info] ---------- OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE 97680 bytes Created: 26.02.2009 15:24 Modified: 26.02.2009 15:24 Company: Microsoft Corporation ---------- Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - links to C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE 464896 bytes Created: 24.11.2009 12:04 Modified: 03.07.2009 11:58 Company: telegate MEDIA AG ---------- -------------------- ************************************************************ 01:16:17: Scanning ----- SCHEDULED TASKS ----- Taskname: {291ADD4D-0E9B-4351-B9AD-952063F19422} File: c:\program files\mozilla firefox\firefox.exe c:\program files\mozilla firefox\firefox.exe 917400 bytes Created: 19.01.2013 00:53 Modified: 19.01.2013 00:53 Company: Mozilla Corporation Parameters: Skype for Windows Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetup Comments: ---------- Taskname: {457B8049-2925-4140-93C1-9E2EF7B89B54} ---------- Taskname: {86EC80DD-C1C5-4381-B140-4ACC7D7D8650} ---------- Taskname: {B453A9D9-7772-402D-8F1D-A5EC4F67EC2B} File: C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Phone\Skype.exe -R- 17418928 bytes Created: 13.07.2012 12:33 Modified: 13.07.2012 12:33 Company: Skype Technologies S.A. Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetup Comments: ---------- Taskname: Adobe Flash Player Updater File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 07.06.2012 23:08 Modified: 17.01.2013 19:30 Company: Adobe Systems Incorporated Schedule: At 01:30:00 every day Next Run Time: 22.01.2013 01:30:00 Status: Ready Creator: Adobe Systems Incorporated Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern. ---------- Taskname: Check for updates (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe 3487240 bytes Created: 22.01.2013 01:09 Modified: 13.11.2012 14:08 Company: Safer-Networking Ltd. Parameters: /autoupdate /silent /autoclose Schedule: At logon Next Run Time: Status: Running Creator: Spybot - Search & Destroy 2 Comments: This task will regularly check for software updates, and install any available updates, to ensure you are well-protected. ---------- Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. Parameters: /c /nocrashserver Schedule: At 23:50:00 every day Next Run Time: 22.01.2013 23:50:00 Status: Ready Creator: Ron Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird. ---------- Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe 138096 bytes Created: 01.10.2011 22:40 Modified: 11.07.2012 22:45 Company: Facebook Inc. Parameters: /ua /installsource scheduler Schedule: At 23:50:00 every day Next Run Time: 22.01.2013 02:50:00 Status: Ready Creator: Ron Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 22.01.2013 01:35:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 27.05.2010 21:34 Modified: 27.05.2010 21:34 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 01:35:00 every day Next Run Time: 22.01.2013 01:35:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. Parameters: /c Schedule: At 19:01:00 every day Next Run Time: 22.01.2013 19:01:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe 133104 bytes Created: 16.09.2008 12:32 Modified: 16.09.2008 12:32 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 19:01:00 every day Next Run Time: 22.01.2013 02:01:00 Status: Ready Creator: Ron Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: Refresh immunization (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe 3653656 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. Parameters: /immunize /silent /autoclose Schedule: At 00:30:00 every Mittwoch of every week, starting 22.01.2013 Next Run Time: 23.01.2013 00:30:00 Status: Ready Creator: Spybot - Search & Destroy 2 Comments: This task will update your immunization, keeping your browsers protected against known malware sites, cookies and more. ---------- Taskname: Scan the system (Spybot - Search & Destroy) File: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe 3906584 bytes Created: 22.01.2013 01:08 Modified: 13.11.2012 14:07 Company: Safer-Networking Ltd. Parameters: /scan /cleanclose Schedule: At 00:30:00 on day 1 of month 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, starting 22.01.2013 Next Run Time: 01.02.2013 00:30:00 Status: Ready Creator: Spybot - Search & Destroy 2 Comments: A full system scan is recommended once per month. ---------- Taskname: User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089} File: C:\Windows\system32\msfeedssync.exe C:\Windows\system32\msfeedssync.exe 12800 bytes Created: 30.05.2008 14:22 Modified: 19.01.2008 08:33 Company: Microsoft Corporation Parameters: sync Schedule: Multiple schedule times Next Run Time: 22.01.2013 01:20:00 Status: Ready Creator: Ron Comments: Updates out-of-date system feeds. ---------- ************************************************************ 01:16:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 01:16:31: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: vidc.VP40 File: vp4vfw.dll vp4vfw.dll - [file not found to scan] ---------- Value: vidc.VP60 File: vp6vfw.dll C:\Windows\system32\vp6vfw.dll -S- 425984 bytes Created: 15.12.2003 16:11 Modified: 15.12.2003 16:11 Company: On2.com ---------- Value: vidc.VP50 File: vp5vfw.dll vp5vfw.dll - [file not found to scan] ---------- Value: vidc.VP61 File: vp6vfw.dll C:\Windows\system32\vp6vfw.dll - file already scanned ---------- Value: VIDC.ACDV File: ACDV.dll C:\Windows\system32\ACDV.dll 462848 bytes Created: 20.06.2005 13:56 Modified: 20.06.2005 13:56 Company: ACD Systems ---------- Value: msacm.divxa32 File: divxa32.acm C:\Windows\system32\divxa32.acm 287744 bytes Created: 08.06.2007 13:39 Modified: 08.06.2007 13:39 Company: Kristal Studio ---------- Value: VIDC.FFDS File: ff_vfw.dll C:\Windows\system32\ff_vfw.dll 7680 bytes Created: 12.06.2008 19:36 Modified: 12.06.2008 19:36 Company: [no info] ---------- Value: vidc.DIVX File: DivX.dll C:\Windows\system32\DivX.dll 684032 bytes Created: 21.11.2008 22:45 Modified: 21.11.2008 22:45 Company: DivX, Inc. ---------- Value: vidc.yv12 File: DivX.dll C:\Windows\system32\DivX.dll - file already scanned ---------- ************************************************************ 01:16:36: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 189897 bytes Created: 05.10.2010 12:23 Modified: 05.10.2010 12:23 Company: [no info] ---------- Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg 189897 bytes Created: 05.10.2010 12:23 Modified: 05.10.2010 12:23 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Checks for Backdoor.ZeroAccess completed ---------- Additional checks completed ************************************************************ 01:16:39: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 64000 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe 6144 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\wininit.exe 96768 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\services.exe 279040 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsm.exe 229888 bytes Created: 30.05.2008 14:26 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\winlogon.exe 314880 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe 21504 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Windows\system32\taskeng.exe 171520 bytes Created: 12.12.2011 14:07 Modified: 05.11.2010 01:53 Company: Microsoft Corporation -------------------- C:\Windows\system32\Dwm.exe 81920 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe 272528 bytes Created: 17.06.2011 18:33 Modified: 17.06.2011 18:33 Company: McAfee, Inc. -------------------- C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE 464896 bytes Created: 24.11.2009 12:04 Modified: 03.07.2009 11:58 Company: telegate MEDIA AG -------------------- C:\Windows\system32\igfxsrvc.exe 256536 bytes Created: 02.01.2008 17:07 Modified: 02.01.2008 17:07 Company: Intel Corporation -------------------- C:\Windows\ehome\ehmsas.exe 37376 bytes Created: 30.05.2008 14:23 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 905216 bytes Created: 23.12.2006 17:04 Modified: 23.12.2006 17:04 Company: Nero AG -------------------- C:\Windows\system32\SearchIndexer.exe 439808 bytes Created: 22.08.2008 02:01 Modified: 27.05.2008 06:18 Company: Microsoft Corporation -------------------- C:\Windows\system32\WUDFHost.exe 142336 bytes Created: 30.05.2008 14:25 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 13019280 bytes Created: 25.09.2012 16:01 Modified: 25.09.2012 16:01 Company: Microsoft Corporation -------------------- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 130560 bytes Created: 19.09.2008 08:52 Modified: 19.09.2008 08:52 Company: -------------------- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 119808 bytes Created: 03.06.2008 08:02 Modified: 03.06.2008 08:02 Company: -------------------- C:\Windows\system32\wuauclt.exe 53472 bytes Created: 12.12.2011 12:33 Modified: 07.08.2009 03:24 Company: Microsoft Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 4766968 [This is a Trojan Remover component] -------------------- -------------------- C:\Windows\system32\conime.exe 69120 bytes Created: 30.05.2008 14:24 Modified: 19.01.2008 08:33 Company: Microsoft Corporation -------------------- C:\Program Files\Mozilla Firefox\plugin-container.exe 17304 bytes Created: 19.01.2013 00:53 Modified: 19.01.2013 00:53 Company: Mozilla Corporation -------------------- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe 1808392 bytes Created: 17.01.2013 19:30 Modified: 17.01.2013 19:30 Company: Adobe Systems, Inc. -------------------- ************************************************************ 01:16:47: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": Bing HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": Bing HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": Babylon Search HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": Sign In HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 01:16:47 22 Jan 2013 Total Scan time: 00:07:09 ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations Scan cancelled by User 22.01.2013 01:22:00: restart commenced ************************************************************ |
|
23.01.2013, 15:25
| #11 | |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! hi, ok combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 20:05
| #12 |
| | Unerklärlicher Übergriff, Fachleute gesucht! Combofix Logfile: Code:
ATTFilter ComboFix 13-01-23.01 - Ron 23.01.2013 15:49:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1012.131 [GMT 1:00]
ausgeführt von:: c:\users\Ron\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\SET52F2.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-23 bis 2013-01-23 ))))))))))))))))))))))))))))))
.
.
2013-01-23 15:01 . 2013-01-23 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 01:32 . 2013-01-23 01:32 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52037BC2-EB62-4BD4-B457-542F582907BD}\offreg.dll
2013-01-22 23:01 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52037BC2-EB62-4BD4-B457-542F582907BD}\mpengine.dll
2013-01-22 14:42 . 2013-01-22 14:42 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2013-01-22 14:41 . 2013-01-22 14:41 -------- d-----w- c:\programdata\Malwarebytes
2013-01-22 14:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 14:41 . 2013-01-22 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-22 00:09 . 2013-01-23 10:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-22 00:08 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-22 00:08 . 2013-01-22 00:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-22 00:07 . 2013-01-22 00:07 -------- d-----w- c:\users\Ron\AppData\Roaming\Simply Super Software
2013-01-22 00:06 . 2012-06-15 15:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-01-22 00:06 . 2012-06-15 15:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2013-01-22 00:06 . 2012-06-15 15:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2013-01-22 00:06 . 2012-06-15 15:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-01-22 00:06 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-01-22 00:06 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2013-01-22 00:06 . 2013-01-22 00:07 -------- d-----w- c:\program files\Trojan Remover
2013-01-22 00:06 . 2013-01-22 00:06 -------- d-----w- c:\programdata\Simply Super Software
2013-01-06 02:42 . 2013-01-06 02:42 -------- d-----w- c:\programdata\eMule
2013-01-05 02:09 . 2013-01-05 02:09 -------- d-----w- c:\users\Ron\AppData\Local\eMule
2013-01-05 02:09 . 2013-01-05 02:09 -------- d-----w- c:\program files\eMule
2013-01-03 19:25 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-03 19:23 . 2013-01-03 19:23 -------- d-----w- c:\program files\iPod
2013-01-03 19:21 . 2013-01-03 19:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-03 19:21 . 2013-01-03 19:25 -------- d-----w- c:\program files\iTunes
2013-01-03 19:05 . 2013-01-03 19:05 -------- d-----w- c:\program files\Bonjour
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 19:03 . 2013-01-03 19:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 18:56 . 2013-01-03 18:56 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 18:30 . 2012-06-07 22:08 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 18:30 . 2011-07-19 09:13 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-18 23:53 . 2013-01-18 23:53 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2008-12-13 98304]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-26 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - c:\program files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE [2009-11-24 464896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SDSCANNERSERVICE
*NewlyCreated* - SDUPDATESERVICE
*NewlyCreated* - SDWSCSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 18:30]
.
2013-01-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-22 13:08]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 20:34]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 20:34]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 11:32]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 11:32]
.
2013-01-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-22 13:07]
.
2013-01-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-22 13:07]
.
2013-01-23 c:\windows\Tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job
- c:\windows\system32\msfeedssync.exe [2008-05-30 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.mybiz.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=111863&tt=290312_bexdll&babsrc=adbartrp&mntrId=7618d20d000000000000001d9222e750&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111863
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7618d20d000000000000001d9222e750
FF - user.js: extensions.BabylonToolbar_i.hardId - 7618d20d000000000000001d9222e750
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Facebook Update - c:\users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Everest Poker - c:\program files\Everest Poker\cstart.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-23 16:01
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-01-23 16:05:45
ComboFix-quarantined-files.txt 2013-01-23 15:05
.
Vor Suchlauf: 10 Verzeichnis(se), 144.140.161.024 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 144.083.165.184 Bytes frei
.
- - End Of File - - EE0C71D13EFF486559770918F7696499
|
|
23.01.2013, 20:23
| #13 |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! hi HitmanPro - Download - Filepony lade hitmanpro doppelklicken, lizenz, testlizenz. scannen, nichts löschen, klicke weiter, log als xml exportieren und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 20:52
| #14 |
| | Unerklärlicher Übergriff, Fachleute gesucht!Code:
ATTFilter HitmanPro 3.7.0.185
www.hitmanpro.com
Computer name . . . . : HOME
Windows . . . . . . . : 6.0.1.6001.X86/2
User name . . . . . . : HOME\Ron
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-01-23 20:31:30
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 54s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 59
Objects scanned . . . : 2.028.322
Files scanned . . . . : 60.741
Remnants scanned . . : 638.394 files / 1.329.187 keys
Malware _____________________________________________________________________
C:\Users\Ron\Software\Winrar Patch.exe -> Quarantined
Size . . . . . . . : 91.136 bytes
Age . . . . . . . : 1847.3 days (2008-01-03 13:53:21)
Entropy . . . . . : 7.5
SHA-256 . . . . . : FB349BA4E1E791F212AAFA5EA80A330915B1D0662B42164A3D1E32453DE4C934
> Ikarus . . . . . . : Backdoor.Pigeon!IK
Fuzzy . . . . . . : 114.0
Potential Unwanted Programs _________________________________________________
C:\Program Files\BabylonToolbar\ (Babylon)
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
HKLM\SOFTWARE\Babylon\ (Babylon)
HKLM\SOFTWARE\BabylonToolbar\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\b\ (Babylon)
HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon)
HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\BabylonToolbar\ (Babylon)
HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)
Cookies _____________________________________________________________________
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\cookies.sqlite:www.youporn.com
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\cookies.sqlite:youporn.com
|
|
23.01.2013, 20:58
| #15 |
| /// Malware-holic | Unerklärlicher Übergriff, Fachleute gesucht! woher stammt: C:\Users\Ron\Software\Winrar Patch.exe
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Unerklärlicher Übergriff, Fachleute gesucht! |
| adresse, daten, email, facebook, folge, folgendes, freundin, gesuch, gesucht, handy, messenger, person, problem, übers |
Linear-Darstellung
