| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.04.2013, 11:25
| #3 |
 |  Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) Hallo t´john.
__________________Danke, dass Du Dich dem Problem annimmst. Soll ich noch einen akuellen Scan mit Mwbytes machen? Mein Bitdefender hat nämlich beim erneuten Suchen noch weitere Bedrohungen entdeckt. Ob diese allerdings auf das System gelangt sind, weiß ich nicht. Ansonsten würde ich wie von Dir beschrieben vorgehen, wenn ich aus dem Büro nach Hause komme. 1. Scan Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Lib :: LIB-PC [administrator]
08.04.2013 14:56:50
mbar-log-2013-04-08 (14-56-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31413
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31 (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Lib :: LIB-PC [administrator]
08.04.2013 15:00:28
mbar-log-2013-04-08 (15-00-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31423
Time elapsed: 2 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter OTL logfile created on: 08.04.2013 15:05:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 59,65% Memory free
15,93 Gb Paging File | 12,91 Gb Available in Paging File | 80,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 56,05 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
Drive D: | 770,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 45,88 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive G: | 108,94 Gb Total Space | 26,67 Gb Free Space | 24,48% Space Free | Partition Type: NTFS
Drive K: | 195,31 Gb Total Space | 176,97 Gb Free Space | 90,61% Space Free | Partition Type: NTFS
Drive L: | 345,57 Gb Total Space | 249,29 Gb Free Space | 72,14% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 298,23 Gb Free Space | 76,35% Space Free | Partition Type: NTFS
Drive Z: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: FAT32
Computer Name: LIB-PC | User Name: Lib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lib\Desktop\OTL(1).exe (OldTimer Tools)
PRC - F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - L:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Users\Lib\Desktop\mbar\mbar.exe (Malwarebytes Corporation)
PRC - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - E:\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - L:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - L:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - E:\Tom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Programme\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - F:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._core_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_ssl.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._controls_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._windows_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._gdi_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._misc_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_hashlib.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\unicodedata.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pythoncom27.dll ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32com.shell.shell.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_elementtree.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pyexpat.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._wizard.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32file.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pywintypes27.dll ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32security.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32api.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_ctypes.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._html2.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_socket.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32inet.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32process.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32pdh.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32ts.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32event.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32profile.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32crypt.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\select.pyd ()
MOD - F:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()
MOD - E:\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - E:\Tobit Radio.fx\Client\tobitclt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Programme\ASUS Xonar DG Audio\Customapp\VmixP8.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BdDesktopParental) -- L:\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (VSSERV) -- L:\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Radio.fx) -- E:\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdvancedSystemCareService6) -- L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UPDATESRV) -- L:\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (TomTomHOMEService) -- E:\Tom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HiPatchService) -- g:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- l:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe (SiSoftware)
========== Driver Services (SafeList) ==========
DRV:64bit: - (mbamswissarmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArvoFltr) -- C:\Windows\SysNative\drivers\ArvoFltr.sys (ROCCAT Development, Inc.)
DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (IObit.com)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SANDRA) -- l:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AB 7C DA 87 B0 CD 01 [binary data]
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes,DefaultScope = {EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{E85F8337-7F72-4761-B858-28A0A44CF3BC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AB 7C DA 87 B0 CD 01 [binary data]
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes,DefaultScope = {EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{E85F8337-7F72-4761-B858-28A0A44CF3BC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "google"
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "google.de"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: mozrepl%40hyperstruct.net:1.1
FF - prefs.js..extensions.enabledAddons: passifox%40hanhuy.com:1.1.5
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bb8cbd8e0-e642-11dd-ba2f-0800200c9a66%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BD9808C4D-1CF5-4f67-8DB2-12CF78BBA23F%7D:2.5.8
FF - prefs.js..extensions.enabledAddons: %7BEF522540-89F5-46b9-B6FE-1829E2B572C6%7D:6.1
FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.1.4
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.ftp: "178.33.34.48"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "178.33.34.48"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "178.33.34.48"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "178.33.34.48"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: l:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: E:\Media\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: F:\Program Files (x86)\OpenOffice.org 3\program [2012.12.07 03:33:01 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: L:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lib\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lib\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: f:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 20.0a1\extensions\\Components: L:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.12.20 12:34:55 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 20.0a1\extensions\\Plugins: L:\PROGRAM FILES\NIGHTLY\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: L:\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.07 03:08:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.04.01 21:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2013.04.05 01:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 12:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: L:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 18:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: L:\Bitdefender\Bitdefender 2013\bdtbext [2013.02.07 03:08:09 | 000,000,000 | ---D | M]
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Extensions
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.06 11:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions
[2013.03.26 22:34:15 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2012.02.18 00:34:19 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(183)
[2013.03.14 11:50:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.02.18 00:34:19 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(184)
[2013.04.05 20:14:20 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2013.04.04 02:41:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.18 00:34:21 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.02.23 17:27:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.18 00:34:22 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2012.02.18 00:34:10 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\bettergmail2@ginatrapani.org
[2012.10.14 15:33:49 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.21 11:39:30 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\firefox@ghostery.com
[2012.10.02 21:25:37 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\foxmarks@kei.com
[2013.04.06 11:47:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\ich@maltegoetz.de
[2013.01.26 12:26:27 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson
[2012.03.22 01:52:46 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\video.downloader.plugin@ffpimp.com
[2012.09.20 10:09:56 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\amznUWL2@amazon.com.xpi
[2013.01.05 20:06:41 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\autopager@mozilla.org.xpi
[2012.12.19 20:30:03 | 000,221,503 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\kosa@kallout.com.xpi
[2012.01.07 21:22:08 | 000,027,841 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\mozrepl@hyperstruct.net.xpi
[2012.05.31 03:57:06 | 000,016,791 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\passifox@hanhuy.com.xpi
[2013.04.06 11:47:13 | 000,334,383 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\personas@christopher.beard.xpi
[2013.02.10 11:50:48 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\stealthyextension@gmail.com.xpi
[2011.11.08 04:26:08 | 000,014,949 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
[2011.08.18 02:49:26 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi
[2012.11.24 21:32:53 | 000,317,623 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2011.07.17 20:49:00 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.09.15 03:00:39 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2013.03.04 12:26:13 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.12 19:23:49 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.22 22:39:48 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.02.15 03:40:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.18 18:00:19 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.10.30 14:58:04 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.04.04 20:14:21 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.03.01 12:27:14 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.11.06 11:37:00 | 000,045,219 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2013.01.07 03:52:31 | 000,002,973 | ---- | M] () -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\searchplugins\twitter-.xml
========== Chrome ==========
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_ptnrs=U3&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Media Go Detector (Enabled) = E:\Media\npmediago.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Picasa (Enabled) = g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Savings-Slider = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
O1 HOSTS File: ([2012.09.12 01:41:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [Bdagent] L:\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Arvo] f:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [BoxCryptor] l:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [MusicManager] C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [RfxSrvTray] E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\Run: [MusicManager] C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - F:\icq\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - F:\icq\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A76E21B-2FA4-4F66-A99C-A15C11ADA6BF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79531C24-1D82-4258-92F8-339D52C3B9BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39C8E1B-2B2F-4170-B9C0-BD0829FEB5FB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1DD1B67-326C-4D99-BA94-40F641486EBA}: DhcpNameServer = 192.168.42.129
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator-cbfs4 - {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.15 07:51:42 | 000,000,024 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.08 15:04:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lib\Desktop\OTL(1).exe
[2013.04.08 14:58:02 | 000,157,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.04.01 21:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.04.01 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.04.01 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.04.01 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.04.01 21:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.03.29 17:30:08 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013.03.25 22:20:59 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.25 22:20:59 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.25 22:20:59 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.25 22:20:59 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.25 22:20:59 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.25 22:20:58 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.25 22:20:58 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.25 22:20:58 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.25 22:20:58 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.25 22:20:58 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.25 22:20:58 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.25 22:20:58 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.25 22:20:58 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.25 22:20:58 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.25 22:20:58 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.25 22:20:58 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.25 22:20:58 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.25 22:20:58 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.25 22:20:58 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.23 03:09:28 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013.03.22 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Lib\Desktop\mbar
[2013.03.14 23:07:52 | 000,559,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.13 02:15:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 02:15:36 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 02:15:36 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 02:15:36 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 02:15:36 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 02:15:36 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 02:15:36 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 02:15:36 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 02:15:36 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 02:15:36 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 02:15:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 02:15:36 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 02:15:36 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 02:15:36 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 02:15:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 02:15:36 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 02:15:36 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 02:15:36 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 02:15:36 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 02:15:36 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 02:15:36 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 02:15:36 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 02:15:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 02:15:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 02:15:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 02:15:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 02:15:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 02:15:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 02:15:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 02:15:36 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 02:15:36 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 02:15:36 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 02:15:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 02:15:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 02:15:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 02:15:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 02:15:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 02:15:36 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 02:15:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 02:15:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 02:15:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 02:15:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 02:15:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 02:15:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 02:15:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 02:15:36 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 02:15:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 02:15:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 02:15:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 02:15:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 02:15:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 02:15:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 02:15:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 02:15:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 02:15:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 02:15:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 02:15:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 02:15:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 02:13:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013.03.13 02:13:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.12 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.12 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013.03.12 18:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.03.09 17:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[75 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.08 14:58:02 | 000,157,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.04.08 14:58:02 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.04.08 14:55:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lib\Desktop\OTL(1).exe
[2013.04.08 14:52:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 14:50:36 | 000,014,546 | ---- | M] () -- C:\Users\Lib\Desktop\Malwarebytes Anti-Rootkit.htm
[2013.04.08 14:45:56 | 000,069,932 | ---- | M] () -- C:\Users\Lib\Desktop\1365411788_1_03.xml
[2013.04.08 14:39:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000UA.job
[2013.04.08 14:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 11:04:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 11:04:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 11:03:34 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 11:03:34 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 11:03:34 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 11:03:34 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 11:03:34 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 10:57:42 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 10:57:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 23:39:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000Core.job
[2013.04.07 15:03:43 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.07 14:21:56 | 000,160,490 | ---- | M] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2013.04.02 10:35:20 | 000,311,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.01 21:24:57 | 000,001,613 | ---- | M] () -- C:\Users\Lib\Desktop\DivX Movies.lnk
[2013.04.01 21:24:46 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.04.01 21:24:37 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.03.30 18:22:28 | 000,000,220 | ---- | M] () -- C:\Users\Lib\Desktop\BioShock Infinite.url
[2013.03.29 17:30:08 | 000,147,232 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.27 03:51:35 | 000,000,721 | ---- | M] () -- C:\Users\Lib\Desktop\SpeedFan.lnk
[2013.03.27 03:51:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013.03.23 03:09:28 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.03.14 23:07:52 | 000,559,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.14 11:50:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 11:50:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.13 02:15:36 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 02:15:36 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 02:15:36 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 02:15:36 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 02:15:36 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 02:15:36 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 02:15:36 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 02:15:36 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 02:15:36 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 02:15:36 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 02:15:36 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 02:15:36 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 02:15:36 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 02:15:36 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 02:15:36 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 02:15:36 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 02:15:36 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 02:15:36 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 02:15:36 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 02:15:36 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 02:15:36 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 02:15:36 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 02:15:36 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 02:15:36 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 02:15:36 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 02:15:36 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 02:15:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 02:15:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 02:15:36 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 02:15:36 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 02:15:36 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 02:15:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 02:15:36 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 02:15:36 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 02:15:36 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 02:15:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 02:15:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 02:15:36 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 02:15:36 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 02:15:36 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 02:15:36 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 02:15:36 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 02:15:36 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 02:15:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 02:15:36 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 02:15:36 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 02:15:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 02:15:36 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 02:15:36 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 02:15:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 02:15:36 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 02:15:36 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 02:15:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 02:15:36 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 02:15:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 02:15:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.13 02:15:36 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 02:15:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 02:15:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 02:15:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.09 17:28:29 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[75 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.08 14:58:02 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.04.08 14:50:35 | 000,014,546 | ---- | C] () -- C:\Users\Lib\Desktop\Malwarebytes Anti-Rootkit.htm
[2013.04.08 14:46:49 | 000,069,932 | ---- | C] () -- C:\Users\Lib\Desktop\1365411788_1_03.xml
[2013.04.07 14:21:56 | 000,160,490 | ---- | C] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2013.04.01 21:24:57 | 000,001,613 | ---- | C] () -- C:\Users\Lib\Desktop\DivX Movies.lnk
[2013.04.01 21:24:46 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.04.01 21:24:37 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.03.30 18:22:28 | 000,000,220 | ---- | C] () -- C:\Users\Lib\Desktop\BioShock Infinite.url
[2013.03.27 03:51:35 | 000,000,721 | ---- | C] () -- C:\Users\Lib\Desktop\SpeedFan.lnk
[2013.03.13 02:15:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 02:15:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 23:53:40 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.02.13 23:53:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.02.13 23:53:11 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.02.13 23:52:59 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013.02.13 23:52:57 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013.02.13 18:43:25 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.02.07 03:46:06 | 000,493,003 | ---- | C] () -- C:\ProgramData\1360199155.bdinstall.bin
[2013.01.26 16:33:57 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.26 16:33:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.26 16:33:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.10.09 23:20:14 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.21 01:30:04 | 011,624,448 | ---- | C] () -- C:\Users\Lib\AppData\Roaming\Sandra.mdb
[2012.09.01 00:10:17 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.09.01 00:10:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.09.01 00:10:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.09.01 00:10:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.09.01 00:10:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.07.11 01:24:24 | 001,012,976 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.07.11 01:18:44 | 000,947,440 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.04.06 14:38:16 | 000,103,316 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.21 23:18:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.02.21 23:18:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.02.19 23:54:01 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.02.18 01:07:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.02.17 19:39:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.17 19:38:55 | 000,026,929 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.08.01 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2012.10.06 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\2K Sports
[2012.08.31 00:10:02 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Acronis
[2012.02.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Amazon
[2012.03.27 01:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\AnvSoft
[2013.02.13 23:51:14 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ASUS
[2013.02.07 03:07:54 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Bitdefender
[2012.03.01 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Canneverbe Limited
[2012.09.18 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\com.amazon.music.uploader
[2012.02.21 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DAEMON Tools Pro
[2012.12.22 03:05:32 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DVDVideoSoft
[2012.12.18 01:59:13 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\elsterformular
[2012.10.05 02:37:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\FileZilla
[2012.10.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\IcoFX
[2013.01.10 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQ
[2013.01.10 01:21:28 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQ-Profile
[2013.01.10 01:20:58 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQM
[2013.01.25 16:50:03 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\IObit
[2013.04.08 11:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\KeePass
[2013.03.22 03:20:56 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Mp3tag
[2012.10.30 02:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\MyPhoneExplorer
[2012.07.11 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Nuance
[2012.02.23 00:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\OpenOffice.org
[2012.06.23 12:01:06 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Opera
[2012.10.24 00:03:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Origin
[2012.02.17 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Panda Security
[2013.02.07 03:07:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\QuickScan
[2012.03.16 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Samsung
[2012.03.14 02:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Sony
[2013.04.03 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Spotify
[2012.04.30 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Temp
[2012.02.23 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Thunderbird
[2012.02.18 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Tobit
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\TomTom
[2012.04.09 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Trillian
[2012.06.03 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8
< End of report >
|
| Themen zu Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) |
| bitdefender, defender, entdeck, freue, fund, malwarebytes, scan, schädlinge, säuberung, troja, trojan.malware.packer.egx1, trojan.sirefef.of, würde |
Baum-Darstellung