Polizeivirus_österreich - computerkriminalitat des criminal intelligence service Einheit 5.2
Hallo!
Die Österreich-Variante des neuen 'Computer-Sperre durch Polizei - 100€' hat meinen PC gesperrt, ich bräuchte daher nun Hilfe.
Auf > hxxp://blog.teesupport.com/manually-remove-bundespolizei-computerkriminalitat-des-criminal-intelligence-service-einheit-5-2-achtung-polizei-bpd-100-euro-virus-entfernen/< sieht man das 'Sperr-Bild'. (Keine Anweisung von dort ausgeführt)
Nach Trennung vom Modem / Internet ist PC nutzbar, sobald Internetverbindung besteht, kommt der Sperr-Bildschirm. Es werden dann keine Kommandos mehr angenommen (bzw. am Bildschirm angezeigt).
"defogger.exe" wie beschrieben ausgeführt (Disable Button-> Scan -->Finished --> OK --> Neustart.
Habe bereits einen Malware-Scan und einen OTL-Scan durchgeführt, Logs --> :
mbam-log-2012-08-23 (00-25-38):
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.30.10
Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19088
... :: B........... [limitiert]
23.08.2012 00:25:38
mbam-log-2012-08-23 (00-25-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 862503
Laufzeit: 2 Stunde(n), 25 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Daten: C:\Users\biene\AppData\Local\{258C3B07-094F-AAF1-66B7-907A44EE4ECA}\syshost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\biene\LOCALS~1\Temp\msukri.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{811D2E44-ED03-3357-8028-7844F9D81616} (Trojan.ZbotR.Gen) -> Daten: C:\Users\biene\AppData\Roaming\Icyxm\awhu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{811D2E4E-ED09-3357-8028-7844F9D81616} (Trojan.ZbotR.Gen) -> Daten: C:\Users\biene\AppData\Roaming\Icyxm\awhu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Users\...\AppData\Local\{258C3B07-094F-AAF1-66B7-907A44EE4ECA}\syshost.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\...\AppData\Local\Temp\3b5caa0d.tmp (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\...\Downloads\XVIDPlayerSetup.exe (PUP.Adware.RKN) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
OTL: Scan-Log:OTL Logfile: Code:
OTL logfile created on: 23.08.2012 17:01:30 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\biene\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,23 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,53% Memory free
6,68 Gb Paging File | 5,01 Gb Available in Paging File | 74,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 766,96 Gb Total Space | 437,50 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
Drive D: | 590,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 232,88 Gb Total Space | 2,19 Gb Free Space | 0,94% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 2,29 Gb Free Space | 62,65% Space Free | Partition Type: FAT32
Drive O: | 68,52 Gb Total Space | 5,67 Gb Free Space | 8,27% Space Free | Partition Type: NTFS
Drive T: | 16,00 Gb Total Space | 0,12 Gb Free Space | 0,76% Space Free | Partition Type: FAT32
Drive U: | 32,62 Gb Total Space | 1,65 Gb Free Space | 5,05% Space Free | Partition Type: FAT32
Drive V: | 69,12 Gb Total Space | 2,82 Gb Free Space | 4,08% Space Free | Partition Type: FAT32
Drive W: | 16384,00 Gb Total Space | 16384,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\biene\Desktop\OTL2.exe (OldTimer Tools)
PRC - C:\Users\biene\AppData\Local\Temp\qafgmrlwsmjsxefjbmhbf.exe (Smart Modular)
PRC - C:\Programme\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\ClamWin-Virenscanner\bin\ClamTray.exe (alch)
PRC - C:\Users\biene\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\biene\AppData\Roaming\Wuala\Wuala.exe (LaCie)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\Disk Unlocker\ASPFSVS.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
PRC - C:\Programme\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Programme\Bluetooth Suite\BtvStack.exe (Atheros Communications)
PRC - C:\Programme\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Programme\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\WFR\HIDAgent.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
PRC - C:\Programme\MultiScreen\MultiScreen.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\Programme\AGEIA Technologies\TrayIcon.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\proxy_util_w32.dll ()
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\jcbfs3.dll ()
MOD - C:\Users\biene\AppData\Local\Wuala\Program0\lib.411\orangevolt-4n-1.1.2.dll ()
MOD - C:\Users\biene\AppData\Local\Temp\proxy_util_w32.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9e40949744b36534fe62cd64ddccb6a1\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
MOD - C:\Programme\Common Files\Acronis\DriveMonitor\Common\icudt38.dll ()
MOD - C:\Programme\WFR\HIDAgent.exe ()
MOD - C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\MultiScreen\MultiScreen.exe ()
MOD - C:\Programme\MultiScreen\MGResGer.dll ()
MOD - C:\Programme\MultiScreen\MultiMon.dll ()
MOD - C:\Programme\MultiScreen\ServiceHook.dll ()
MOD - C:\Programme\MagicTune Premium\GammaTray.exe ()
MOD - C:\Programme\AGEIA Technologies\TrayIcon.exe ()
MOD - C:\Programme\WinUHA\shellwinuha.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\bin\python23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\shell.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32gui.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32file.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32api.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32security.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32process.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32pipe.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\win32event.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\pythoncom23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\pywintypes23.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_winreg.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\datetime.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_ssl.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_sre.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_socket.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_bsddb.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\_ctypes.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\wxc.pyd ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\wxmsw24h.dll ()
MOD - C:\Programme\ClamWin-Virenscanner\lib\mxDateTime.pyd ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$KSR) -- C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$ACT7) -- C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (ASDiskUnlocker) -- C:\Programme\ASUS\Disk Unlocker\ASPFSVS.exe (ASUSTeK Computer Inc.)
SRV - (asHmComSvc) -- C:\Programme\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
SRV - (asComSvc) -- C:\Programme\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (Intel® PROSet Monitoring Service) -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (msftesql$KSR) -- C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (vtigercrmMysql510) -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe ()
SRV - (vtigercrmApache510) -- C:\Programme\vtigercrm-5.1.0\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld-nt.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Apache2.2) -- c:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (KSR_Date2Contact_Service) -- C:\Programme\KSR\Date2Contact\Date2Contact_Service.exe (KSR EDV Ingenieurbüro GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
SRV - (MSSQL$JTLWAWI) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nvlddmkm) -- system32\DRIVERS\nvlddmkm.sys File not found
DRV - (KNetWchV) -- system32\DRIVERS\KNetWchV.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BjsPort) -- C:\Windows\system32\drivers\BjsPort.SYS File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (vidsflt61) -- C:\Windows\System32\drivers\vsflt61.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (bdsandbox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (AiCharger) -- C:\Windows\System32\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (VDiskBus) -- C:\Windows\System32\drivers\VDiskBus32.sys (ASUSTeK Computer Inc.)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6032.sys (Intel Corporation)
DRV - (ASFLTDrv.sys) -- C:\Programme\ASUS\Disk Unlocker\ASFLTDrv.sys (ASUSTeK Computer Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ICCWDT) -- C:\Windows\System32\drivers\ICCWDT.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (F-Secure Standalone Minifilter) -- C:\Users\Admin\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (BazisVirtualCD) -- C:\Windows\System32\drivers\BazisVirtualCD.sys ()
DRV - (VirtDiskBus) -- C:\Windows\System32\drivers\VirtDiskBus.sys ()
DRV - (Si3132r5) -- C:\Windows\System32\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV - (ATSpy) -- C:\Windows\System32\ATSpy.sys (Kingsoft Corporation)
DRV - (NCPro) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys ()
DRV - (bfastfao) -- C:\Users\Admin\AppData\Local\Temp\bfastfao.sys ()
DRV - (hcw88bda) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\Windows\System32\drivers\SI3132.sys (Silicon Image, Inc)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (TridVid) -- C:\Windows\System32\drivers\tridvid.sys (10moons Technologies Co.,Ltd)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=815f139b0000000000000009dd5084cf
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=815f139b0000000000000009dd5084cf
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{0CB7C0E7-7851-4548-8ADA-421DB08BBB03}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{3583A043-F19E-4770-9008-F3DB3E796BA5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\SearchScopes\{CFCE3D0B-7721-4f38-BEFC-2C140F2B220A}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-519441693-355583875-3268206231-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.04 15:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 19:22:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files\DNA [2008.07.25 12:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{f6bf92e0-b190-11dd-ad8b-0800200c9a67}: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a67} [2010.09.14 23:35:29 | 000,000,000 | ---D | M]
[2008.06.24 03:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.09.14 23:35:29 | 000,000,000 | ---D | M] (Advantage extension) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a67}
[2012.05.14 21:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\09lzp2u1.default\extensions\staged-xpis
[2011.10.05 11:37:48 | 000,000,917 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\searchplugins\conduit.xml
[2011.12.13 12:22:32 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\09lzp2u1.default\searchplugins\sweetim.xml
[2012.05.14 10:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.14 03:30:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.10.28 12:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007.08.29 23:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.16 20:56:40 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Programme\ArchiBar\tbArc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Programme\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\AcronisDriveMonitor\DriveMonitor\adm_tray.exe ()
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Programme\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Programme\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin-Virenscanner\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\Run: [HIDAgent] C:\Programme\WFR\HIDAgent.exe ()
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [] C:\Users\biene\AppData\Local\Temp\qafgmrlwsmjsxefjbmhbf.exe (Smart Modular)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [HIDAgent] C:\Programme\WFR\HIDAgent.exe ()
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [sxkfpdebbkfufif] C:\ProgramData\sxkfpdeb.exe File not found
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\RunOnce: [CanonUPW_000] C:\Programme\Common Files\Canon\UPW\2.0.0.0\UPWClean.exe (CANON INC.)
O4 - HKU\S-1-5-21-519441693-355583875-3268206231-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk = C:\Programme\TeamDrive2.0\bin\TeamDrive2.exe (TeamDrive Systems GmbH)
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbam.exe - Verknüpfung.lnk = C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\biene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = File not found
F3 - HKU\S-1-5-21-519441693-355583875-3268206231-1001 WinNT: Load - (C:\Users\biene\LOCALS~1\Temp\msukri.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-519441693-355583875-3268206231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66250287-D58E-4671-BF0C-04813A818A7D}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B45A792B-BF4B-4A29-80CE-E0EFF7E54426}: DhcpNameServer = 192.168.0.254 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75678A6-ED73-464C-BD44-AF2ABB322FE6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.22 16:14:09 | 000,000,201 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fbe6a23c-3b8e-11dd-8a10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe6a23c-3b8e-11dd-8a10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.23 09:23:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.30 22:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 22:05:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 21:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\rkenxumjbfytmie
[2010.08.31 17:34:14 | 029,029,136 | ---- | C] (Sage Software ) -- C:\Users\Admin\AppData\Roaming\ACT2010Hotfix_DE_SS.exe
[2010.08.11 13:53:20 | 000,126,464 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddIn.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInSV.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInPT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInPL.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInNO.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInNL.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInLV.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInLT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInIT.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInHU.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInFR.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInFI.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInES.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInENU.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInENG.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInDE.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInDA.dll
[2010.08.11 13:53:20 | 000,005,120 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInCS.dll
[2010.08.11 13:53:20 | 000,004,608 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInTR.dll
[2010.08.11 13:53:20 | 000,004,608 | ---- | C] (TomTom B.V.) -- C:\Program Files\PIMAddInET.dll
[2008.08.10 09:19:33 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmmdm.sys
[2008.08.10 09:19:33 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmserd.sys
[2008.08.10 09:19:33 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmbus.sys
[2008.08.10 09:19:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\usbsermptxp.sys
[2008.08.10 09:19:33 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmmdfl.sys
[2008.08.10 09:19:33 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmcmnt.sys
[2008.08.10 09:19:33 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmwhnt.sys
[2008.08.10 09:19:33 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Admin\mqdmcr.sys
[2008.08.10 09:19:32 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\usbsermpt.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.23 17:11:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{066A2B56-8B08-4258-B7AF-2048F8185A5A}.job
[2012.08.23 16:52:51 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.08.23 16:50:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.23 16:50:10 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 16:50:07 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 16:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.23 16:49:19 | 3473,788,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 15:26:21 | 000,002,941 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.23 14:27:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.23 13:02:14 | 000,000,160 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.08.23 09:23:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.09 21:49:12 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012.07.31 23:43:33 | 001,090,414 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.31 23:43:33 | 000,921,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.31 23:43:33 | 000,297,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.31 23:43:33 | 000,249,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 22:07:00 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 21:38:27 | 000,000,051 | ---- | M] () -- C:\ProgramData\ucaeqzkoxwdylfm
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.23 16:49:16 | 3473,788,928 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.23 13:02:05 | 000,000,160 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.07.30 22:05:41 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 21:38:23 | 000,000,051 | ---- | C] () -- C:\ProgramData\ucaeqzkoxwdylfm
[2012.05.22 19:12:08 | 000,235,637 | ---- | C] () -- C:\ProgramData\1337698956.bdinstall.bin
[2012.05.12 03:27:08 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2012.05.12 03:26:13 | 000,494,402 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2012.05.12 03:25:32 | 000,324,258 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012.05.12 03:00:58 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012.04.09 22:55:25 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.04.09 22:55:25 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2012.03.14 14:59:18 | 000,032,578 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.08 03:32:09 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.05 20:56:55 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.03.05 20:20:20 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.03.01 02:55:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.03.01 02:36:58 | 000,011,456 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.03.01 02:36:57 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.03.01 02:36:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.25 00:07:14 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2012.01.11 14:26:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.11 14:26:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.25 11:00:31 | 000,001,610 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.05.25 11:00:20 | 000,027,585 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.18 20:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.26 18:04:29 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010.10.20 21:01:40 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2010.09.29 03:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.08.31 17:47:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B80C2F2C12.sys
[2010.08.31 17:47:01 | 000,001,160 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.01 17:03:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.25 03:29:55 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.25 22:37:21 | 000,098,320 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (5)
[2009.01.25 22:37:21 | 000,052,503 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (4)
[2009.01.25 22:37:21 | 000,020,708 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (3)
[2009.01.25 22:37:21 | 000,009,913 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie (2)
[2009.01.25 22:37:21 | 000,008,888 | ---- | C] () -- C:\Users\Admin\1232915840-(null) - Kopie
[2009.01.25 22:37:21 | 000,008,400 | ---- | C] () -- C:\Users\Admin\1232915841-(null) - Kopie
[2009.01.25 22:37:21 | 000,006,989 | ---- | C] () -- C:\Users\Admin\1232915840-(null)
[2009.01.25 22:37:21 | 000,004,477 | ---- | C] () -- C:\Users\Admin\1232915841-(null)
[2008.08.10 09:19:33 | 000,009,913 | ---- | C] () -- C:\Users\Admin\MCCI_MDM.INF
[2008.08.10 09:19:33 | 000,009,232 | ---- | C] () -- C:\Users\Admin\USB_MOT_BRIT.INF
[2008.08.10 09:19:33 | 000,006,989 | ---- | C] () -- C:\Users\Admin\MCCI_BUS.INF
[2008.08.10 09:19:33 | 000,006,141 | ---- | C] () -- C:\Users\Admin\USBMOT2000XP.INF
[2008.08.10 09:19:33 | 000,005,960 | ---- | C] () -- C:\Users\Admin\USB_MOT_A1000.INF
[2008.08.10 09:19:33 | 000,005,880 | ---- | C] () -- C:\Users\Admin\USB_CMCS_2000.INF
[2008.08.10 09:19:33 | 000,004,477 | ---- | C] () -- C:\Users\Admin\MCCI_SDM.INF
[2008.08.10 09:19:32 | 000,007,201 | ---- | C] () -- C:\Users\Admin\USBMOT2000.INF
[2008.07.23 16:46:52 | 000,011,264 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012.03.03 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\4AC1266C-1BFF-4027-B921-ACADD9833BAB
[2012.02.25 15:12:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2010.08.31 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACT
[2012.07.31 01:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\advantage
[2012.04.16 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2012.05.22 18:25:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitdefender
[2008.07.24 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2009.09.23 06:19:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro
[2008.09.30 23:52:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2011.01.07 13:38:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2011.03.18 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media
[2012.05.14 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\f-secure
[2010.09.16 11:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010.10.13 19:36:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2012.05.16 19:40:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gearbox Software
[2009.09.27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Intalev
[2010.08.31 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IsolatedStorage
[2011.12.13 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JAM Software
[2008.10.07 02:19:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kingsoft
[2009.04.21 13:51:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\KSR
[2010.03.28 15:57:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Maytec
[2010.03.28 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Maytec.net
[2008.06.21 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.05.22 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2011.11.11 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpaceMonger
[2012.06.28 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamDrive
[2010.09.29 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.03.22 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010.12.05 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Webocton - Scriptly
[2012.02.25 00:43:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis
[2010.09.28 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACT
[2010.09.28 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010.09.28 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IsolatedStorage
[2010.10.25 20:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\KSR
[2011.05.18 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010.09.29 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2012.02.25 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Acronis
[2010.08.31 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\ACT
[2011.09.15 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\AnvSoft
[2009.01.23 13:36:33 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Ashampoo
[2012.05.22 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Bitdefender
[2012.08.23 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Dropbox
[2011.03.19 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Engelmann Media
[2012.08.11 03:33:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FileZilla
[2012.05.20 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FireShot
[2010.09.19 18:17:15 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FlashGet
[2011.04.27 12:39:37 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\foobar2000
[2010.10.14 10:16:23 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FreeFLVConverter
[2009.03.11 02:51:48 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\FSW2
[2012.05.19 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Gearbox Software
[2012.04.23 12:37:25 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\gizza
[2012.06.17 18:29:41 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\gtk-2.0
[2010.06.23 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Hunspell
[2012.01.01 23:45:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Icyxm
[2009.09.27 19:23:53 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Intalev
[2012.07.31 01:02:00 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Internet Exprorer Add-on
[2010.08.31 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\IsolatedStorage
[2008.10.07 02:19:22 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\kingsoft
[2011.11.17 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\MicroST
[2010.02.11 17:00:19 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\OpenOffice.org
[2012.03.19 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Opera
[2012.05.13 12:39:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\QuickScan
[2012.03.30 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Replay Media Catcher 4
[2010.11.01 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Scopevisio
[2010.02.04 18:32:09 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Shareaza
[2008.07.02 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\streamripper
[2009.06.23 12:50:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Talkative IRC
[2010.09.29 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\TeamViewer
[2011.10.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Tropico 3
[2012.06.10 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Ubisoft
[2009.01.01 10:41:17 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Video DVD Maker FREE
[2010.05.29 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\VitySoft
[2009.04.16 01:57:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Viva
[2010.12.05 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Webocton - Scriptly
[2012.06.28 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Wuala
[2011.11.09 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\Xoib
[2011.04.12 11:32:13 | 000,000,000 | ---D | M] -- C:\Users\biene\AppData\Roaming\YCanPDF
[2010.09.02 09:49:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ACT
[2010.09.18 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\FlashGet
[2010.09.02 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\IsolatedStorage
[2010.09.03 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2012.08.23 15:26:21 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.23 17:11:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{066A2B56-8B08-4258-B7AF-2048F8185A5A}.job
[2012.02.07 02:11:52 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8897869F-78BD-409F-A164-0F27FD38D6AE}.job
[2010.08.02 15:58:50 | 000,000,698 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Email Reminder.job
[2010.08.02 15:58:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Notification Scheduler.job
[2010.08.02 15:58:51 | 000,000,598 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Recurring Invoice.job
[2010.08.02 15:58:51 | 000,000,570 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM WorkFlow.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:1B378270312B4974
< End of report >
--- --- --- |
