| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN Foto-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.08.2010, 15:04
| #1 |
| |  MSN Foto-Virus Habe in MSN ein Nachricht bekommen, die mit einem Link versehen war. (Wie findest du das Foto? hxxp://www.facebook.ozodo.com/facebook_gallery.php?image=DSC0014084920.JPG") Als ich auf den Link geklickt habe, hat sich automatisch etwas gedownloaded und nun habe ich ständig Probleme mit meinem PC. Habe bei Malwarebytes' Anti Malware nur den Quick-Scan gemacht. Hier die Ergebnisse: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4451 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.08.2010 15:30:23 mbam-log-2010-08-20 (15-30-23).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 225351 Laufzeit: 22 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 3 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 168 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. C:\Users\Ronja\AppData\Roaming\qdzp.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1059396.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1228039.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\1514625.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\2048267.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\4241864.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\5347746.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\5367418.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7072230.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7120446.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\7299884.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\9495498.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\BbAld6I87I.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\kH71j6c88c.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\mJi8lLE661.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Nj6HM70JD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\V0b.exe (Trojan.FraudPack.Gen) -> Delete on reboot. C:\Users\BCR!!\AppData\Local\Temp\V0c.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vz6.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzq.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzu.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\BCR!!\AppData\Local\Temp\Vzz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\kH71j6c88c.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\M6I77kEicE.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\08110.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\08960.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\0994216.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\1014218.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Nj6HM70JD0.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Nj6Hml0jD0.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\I1edh8N17N.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\5461003.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\58949.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\6363469.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\ree.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\1481783.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\166.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\19775.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\212217.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4045090.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\44852.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4762280.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4796507.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\4800149.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BbAld6I87I.log (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BG11ih8GM8.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\BIHGLKDICD.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\e1bm1d6CH6.log (Extension.Mismatch) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\77887.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\78061.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\96388.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\2311314.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\DNMkcC7mf8.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\B1d1gf71j7.log (Backdoor.Gootkit) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7339744.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7445010.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\7662155.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\841.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\8672958.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V00.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V01.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V03.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V04.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V05.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V06.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V07.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V08.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V09.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0a.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0b.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0c.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0d.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0f.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0g.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0h.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz5.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz7.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz8.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzs.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzt.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzy.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vzz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0j.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0k.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0l.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0m.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0n.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0p.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0q.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0r.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0s.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0t.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0x.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0y.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V0z.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1b.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1c.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1d.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1e.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1h.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1j.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1k.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1l.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\V1m.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\Vz1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Local\Temp\~osB9D6.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~os9E47.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osB931.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Windows\Temp\~osED6D.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Users\BCR!!\winrsncd.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Public\winsvrcn.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Julia.ronpon-PC\downloads\win_protection_update.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Ronja\downloads\hcf.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\Ronja\downloads\DSC001354035604.JPG.scr (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\mscj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\MSA\mscjm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Ronja\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\Users\Ronja\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Ronja\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.08.2010 15:42:34 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BCR!!\Downloads Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224,88 Gb Total Space | 89,34 Gb Free Space | 39,73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1,89 Gb Total Space | 1,87 Gb Free Space | 98,84% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RONPON-PC Current User Name: BCR!! Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.20 15:42:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BCR!!\Downloads\OTL.exe PRC - [2010.08.11 20:55:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010.08.10 14:05:24 | 000,080,896 | RHS- | M] () -- C:\Users\Public\S-2535-6853-2745\winrsvn.exe PRC - [2010.07.31 02:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010.06.01 08:26:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe PRC - [2010.03.24 11:36:16 | 000,797,104 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe PRC - [2009.09.19 13:49:16 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.02.25 18:23:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2008.07.20 14:31:26 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.03.03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.12.10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2007.06.14 19:02:44 | 000,548,864 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe PRC - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2007.05.18 15:21:40 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2007.05.10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.28 20:19:53 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.02.14 21:46:20 | 000,278,608 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe PRC - [2007.02.14 21:45:48 | 000,159,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Powercinema\PCMService.exe PRC - [2007.01.11 12:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2007.01.11 12:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (SafeList) ========== MOD - [2010.08.20 15:42:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BCR!!\Downloads\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge) SRV - [2010.08.11 20:55:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.07.20 14:31:26 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.09.12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007.05.18 15:22:35 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007.05.18 15:03:17 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.02.28 20:19:53 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.14 21:46:24 | 000,110,677 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007.02.14 21:46:20 | 000,278,608 | ---- | M] () [Auto | Running] -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008.09.12 09:33:24 | 000,270,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSvix86.sys -- (IDSvix86) DRV - [2008.09.02 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008.08.20 10:00:00 | 000,873,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081016.004\NAVEX15.SYS -- (NAVEX15) DRV - [2008.08.20 10:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081016.004\NAVENG.SYS -- (NAVENG) DRV - [2008.07.20 14:32:37 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.09.04 19:08:24 | 000,286,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.06.14 19:03:48 | 000,455,032 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2007.05.18 15:32:00 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2007.05.18 15:31:58 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2007.05.18 15:31:54 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2007.05.18 15:31:51 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2007.05.18 15:31:49 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2007.05.18 15:31:47 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2007.05.10 18:25:00 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2007.04.10 16:14:18 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3eobex.sys -- (se3eobex) DRV - [2007.04.10 16:14:16 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emgmt.sys -- (se3emgmt) Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM) DRV - [2007.04.10 16:14:14 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emdm.sys -- (se3emdm) DRV - [2007.04.10 16:14:14 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3emdfl.sys -- (se3emdfl) DRV - [2007.04.10 16:14:02 | 000,083,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se3ebus.sys -- (se3ebus) Sony Ericsson Device 062 (WDM) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2007.01.23 11:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 14:19:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 13:46:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.05 16:06:34 | 000,000,000 | ---D | M] [2010.08.13 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Extensions [2010.08.13 00:18:01 | 000,000,000 | ---D | M] -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\extensions [2010.08.13 00:18:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.03.31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.gif [2008.03.31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.src [2010.08.13 00:18:10 | 000,000,950 | ---- | M] () -- C:\Users\BCR!!\AppData\Roaming\Mozilla\Firefox\Profiles\ewa4j0ks.default\searchplugins\icqplugin.xml [2010.06.30 19:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007.02.28 20:50:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.03.16 15:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.01.13 01:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\packardbell@partners.mozilla.com [2009.01.13 01:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2007.01.12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.04.19 17:17:54 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2010.03.24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Program Files\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PCMService] c:\Program Files\Powercinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [tray"] C:\Program Files\CodedColor\byngo.exe (1STEIN Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Metropolis] C:\Users\BCR!!\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Windows Boot Control] C:\Users\Public\S-2535-6853-2745\winrsvn.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WinSysControlsg] File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\BCR!!\Desktop\1099098114_f.jpg O24 - Desktop BackupWallPaper: C:\Users\BCR!!\Desktop\1099098114_f.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b097162a-9ee4-11de-afbd-001c4af677fc}\Shell\explore\command - "" = zzzzz.exe ;Þ\-€^»ô”ˆ$†®'"a˜fØ›ÍûdÛwYx0-*î߇›ã”Š?;¤Ä%"ݼ[š`¥ÂN\„0æq¬ð!,°µAˆ Êf™w´Šhð×|‹¸Ì±ù@™_¨\lrز/ExŽØ&ÈŽ3Roó¯zç{\ÔX;Åð 'öÇmA:.‡Ý† ǧ>rq|±ïpFäúêí`¢K"¥bí¶”+d‹ ä›õ{¡Ù£zÜ-Q¥Ã ?ÊÅFiáÞû¡Žc³’D·`€‹-åLIê?F$Ø{Ãßc±î7{~,–vM‹», O33 - MountPoints2\{b097162a-9ee4-11de-afbd-001c4af677fc}\Shell\open\command - "" = zzzzz.exe ;ѪFªpôàopo£ŸˆýW,–ÎáfqÇã%ͦ!jsýºË9ÍÌÔ&0iÉÐŒ'Âö®Z•²h¦œe>ÃiCp-OBP*ÚBä'Ž|¾¤â/¡}ˆ8™±ÑûÏ7ÜÁ_,°ƒ†Kt//jšDÁ9N*&8á÷ð;Ä”•`pß*n3¬í'£êýOýØèŽ|›µ O33 - MountPoints2\{e0387f40-163a-11df-843b-001d7d280ec1}\Shell\AutoRun\command - "" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe -- [2010.03.24 12:40:58 | 017,765,808 | ---- | M] (iMesh, Inc) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.20 14:12:28 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Malwarebytes [2010.08.20 14:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.20 14:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.20 14:12:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.20 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.18 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Yahoo! [2010.08.18 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Google [2010.08.17 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\Meine empfangenen Dateien [2010.08.17 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Adobe [2010.08.17 19:43:09 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Canon [2010.08.16 11:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\313 [2010.08.13 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Mozilla [2010.08.13 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Mozilla [2010.08.12 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Apple Computer [2010.08.12 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Apple Computer [2010.08.12 00:35:47 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\DVDVideoSoft [2010.08.11 20:19:53 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\ICQ [2010.08.11 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\AOL [2010.08.11 20:17:42 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Tracing [2010.08.11 20:01:31 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Macromedia [2010.08.11 20:01:31 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Adobe [2010.08.11 19:55:39 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Roxio [2010.08.11 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\Documents\My Google Gadgets [2010.08.11 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\PowerCinema [2010.08.11 19:54:52 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Google [2010.08.11 19:54:45 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Searches [2010.08.11 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Roaming\Identities [2010.08.11 19:54:34 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Contacts [2010.08.11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\VirtualStore [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\Temporary Internet Files [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Templates [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Start Menu [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\SendTo [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Recent [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\PrintHood [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\NetHood [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Videos [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Pictures [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Documents\My Music [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\My Documents [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Local Settings [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\History [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Cookies [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\Application Data [2010.08.11 19:54:25 | 000,000,000 | -HSD | C] -- C:\Users\BCR!!\AppData\Local\Application Data [2010.08.11 19:54:24 | 000,000,000 | --SD | C] -- C:\Users\BCR!!\AppData\Roaming\Microsoft [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Videos [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Saved Games [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Pictures [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Music [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Links [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Favorites [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Downloads [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Documents [2010.08.11 19:54:24 | 000,000,000 | R--D | C] -- C:\Users\BCR!!\Desktop [2010.08.11 19:54:24 | 000,000,000 | -H-D | C] -- C:\Users\BCR!!\AppData [2010.08.11 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Temp [2010.08.11 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\BCR!!\AppData\Local\Microsoft [2010.08.03 09:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Recorder Studio [2010.08.03 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010.06.29 14:25:22 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5688.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010.08.20 15:47:27 | 001,310,720 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT [2010.08.20 15:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A2360BA3-6DD9-4856-B52A-529143D04209}.job [2010.08.20 15:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15EE0406-1995-4E75-B07A-9A910FB4FBB3}.job [2010.08.20 15:40:44 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ffnomfg.sys [2010.08.20 15:37:36 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.20 15:37:31 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.20 15:36:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.20 15:33:50 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.20 15:33:49 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.20 15:33:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.20 15:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.20 15:33:27 | 1878,581,248 | -HS- | M] () -- C:\hiberfil.sys [2010.08.20 15:32:06 | 002,300,786 | -H-- | M] () -- C:\Users\BCR!!\AppData\Local\IconCache.db [2010.08.20 15:31:32 | 000,022,028 | ---- | M] () -- C:\Users\BCR!!\Documents\trojaner-board.rtf [2010.08.20 15:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.20 15:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2010.08.20 14:52:46 | 004,286,592 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - Josie.mp3 [2010.08.20 14:41:49 | 003,047,552 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - M+M's.mp3 [2010.08.19 22:56:16 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.19 22:56:16 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.19 22:56:16 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.19 22:48:32 | 002,723,968 | ---- | M] () -- C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3 [2010.08.19 20:15:18 | 000,008,704 | ---- | M] () -- C:\Users\BCR!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.19 19:58:38 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F220ABB0-BFC7-4042-8944-4D1854FA58F5}.job [2010.08.18 22:15:05 | 660,194,108 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0004.avi [2010.08.18 21:53:17 | 148,105,542 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0003.avi [2010.08.18 21:49:42 | 3067,879,186 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0002.avi [2010.08.18 20:37:11 | 383,715,700 | ---- | M] () -- C:\Users\BCR!!\Documents\clip0001.avi [2010.08.18 20:03:59 | 000,409,920 | ---- | M] () -- C:\Users\BCR!!\Desktop\PriceGong.exe [2010.08.18 20:03:41 | 000,770,536 | ---- | M] () -- C:\Users\BCR!!\Desktop\HC2SetDE_2.23.02.exe [2010.08.18 19:56:47 | 000,000,946 | ---- | M] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.08.14 12:59:20 | 221,673,544 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.12 13:48:53 | 000,000,941 | ---- | M] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010.08.12 01:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2010.08.12 01:41:58 | 000,524,288 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010.08.12 01:41:58 | 000,065,536 | -HS- | M] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.08.12 00:50:19 | 000,000,255 | ---- | M] () -- C:\Users\BCR!!\Documents\gesine.rtf [2010.08.11 19:54:49 | 000,100,624 | ---- | M] () -- C:\Users\BCR!!\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.11 19:54:25 | 000,000,020 | -HS- | M] () -- C:\Users\BCR!!\ntuser.ini [2010.08.02 21:44:24 | 000,347,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.08.20 15:40:44 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ffnomfg.sys [2010.08.20 15:37:22 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.20 15:37:16 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.20 15:31:32 | 000,022,028 | ---- | C] () -- C:\Users\BCR!!\Documents\trojaner-board.rtf [2010.08.20 14:52:02 | 004,286,592 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - Josie.mp3 [2010.08.20 14:40:52 | 003,047,552 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - M+M's.mp3 [2010.08.19 22:47:40 | 002,723,968 | ---- | C] () -- C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3 [2010.08.19 22:35:48 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\kj6hC.txt [2010.08.18 21:57:18 | 660,194,108 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0004.avi [2010.08.18 21:49:49 | 148,105,542 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0003.avi [2010.08.18 21:26:39 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\EDIb7.txt [2010.08.18 20:37:20 | 3067,879,186 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0002.avi [2010.08.18 20:27:18 | 383,715,700 | ---- | C] () -- C:\Users\BCR!!\Documents\clip0001.avi [2010.08.18 20:03:33 | 000,770,536 | ---- | C] () -- C:\Users\BCR!!\Desktop\HC2SetDE_2.23.02.exe [2010.08.18 20:03:33 | 000,409,920 | ---- | C] () -- C:\Users\BCR!!\Desktop\PriceGong.exe [2010.08.18 19:56:47 | 000,000,946 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010.08.17 19:37:53 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\Bb7M1.txt [2010.08.17 19:37:50 | 000,000,000 | R--- | C] () -- C:\Users\BCR!!\AppData\Roaming\I77kE.txt [2010.08.16 13:05:21 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F220ABB0-BFC7-4042-8944-4D1854FA58F5}.job [2010.08.12 13:48:53 | 000,000,941 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010.08.12 00:50:19 | 000,000,255 | ---- | C] () -- C:\Users\BCR!!\Documents\gesine.rtf [2010.08.11 21:02:36 | 000,008,704 | ---- | C] () -- C:\Users\BCR!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.11 19:54:25 | 000,000,020 | -HS- | C] () -- C:\Users\BCR!!\ntuser.ini [2010.08.11 19:54:24 | 001,310,720 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT [2010.08.11 19:54:24 | 000,524,288 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2010.08.11 19:54:24 | 000,524,288 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010.08.11 19:54:24 | 000,262,144 | -H-- | C] () -- C:\Users\BCR!!\ntuser.dat.LOG1 [2010.08.11 19:54:24 | 000,065,536 | -HS- | C] () -- C:\Users\BCR!!\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.08.11 19:54:24 | 000,001,958 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010.08.11 19:54:24 | 000,000,258 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010.08.11 19:54:24 | 000,000,240 | ---- | C] () -- C:\Users\BCR!!\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010.08.11 19:54:24 | 000,000,000 | -H-- | C] () -- C:\Users\BCR!!\ntuser.dat.LOG2 [2010.05.01 15:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\ump.INI [2010.03.04 21:03:08 | 000,000,072 | ---- | C] () -- C:\Windows\ABC_mru.ini [2009.03.30 21:38:34 | 000,000,305 | ---- | C] () -- C:\Windows\Ulead32.ini [2009.01.02 16:31:41 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2009.01.02 16:31:38 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini [2008.12.20 21:05:08 | 000,000,085 | ---- | C] () -- C:\Windows\MGX.INI [2008.09.11 21:54:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.09.11 21:53:32 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.02.28 20:55:29 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000011.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0004.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0003.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0002.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Documents\clip0001.avi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\BCR!!\Desktop\Blink 182 - Wasting Time lyrics.mp3:Roxio EMC Stream < End of report > |
Baum-Darstellung
