pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
Mein Rechner verhält sich sehr auffällig - hier einige der auffälligkeiten aufgelistet:
- "Hostprozess musste abgebrochen werden" wird mir bei jeder Sitzung irgendwann angezeigt
- danach sieht das layout sehr "altbacken" aus... andere schrift, farblose tabs, alles in grau gehalten
- Windows Updates können nicht heruntergeladen werden
- Bei Firefox, Windows Media Player ,Java Applikationen friert der Pc oft ein- der media player stockt auch oft beim abspielen von dateien- youtube videos auch
- hohe leistungsanforderung durch pdf dateien- pc arbeitet stark
- Kein Flashplayer bei Firefox (aber bei google chrome)
- Pc Laufwerk gibt komische geräusche von sich- wie als ob das laufwerk rapide hochgefahren und millisekunden später dann abrupt gestoppt wird
- Die oberste leiste von Fenstern (wo zb wordpad, dokument, windows media player oder der ordnername/dateiname steht ) flackert
- vermehrte funde durch avira (allein im monat februar: TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, TR/Dropper.Gen, JAVA/Rowindal.A , Malicious.PDF.Gen )
Hier mal der letzte malware bytes log
(ich muss dazusagen das ich heute schon zweimal gescannt hatte und beide male hatte er funde welche ich in quarantäne verschoben habe... soweit das ging) PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5940
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
03.03.2011 21:28:47
mbam-log-2011-03-03 (21-28-47).txt
Scan type: Quick scan
Objects scanned: 191277
Time elapsed: 7 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CE89FDB4-8FC1-FB4A-C3D4-290F3E8299C2} (Trojan.ZbotR.Gen) -> Value: {CE89FDB4-8FC1-FB4A-C3D4-290F3E8299C2} -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\setiasworld (Malware.Trace) -> Value: setiasworld -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\System32\YCemSCi.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\arp2600 v2 efx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\arp2600 v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\Brass 2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\cs-80v2 (10 voices).dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\CS-80V2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\jupiter-8v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\minimoog v efx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\minimoog v.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\prophet-v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Local\temp\js8jifgjsoi398i8djgdf.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Local\temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Hier der OTL Log:
OTL Logfile: Code:
OTL logfile created on: 03.03.2011 22:02:13 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\ich\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 13,30 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
Computer Name: *****| User Name: ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\ich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\PROGRA~1\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
========== Modules (SafeList) ==========
MOD - C:\Users\ich\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (BroadCamService) -- File not found
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100622.001\IDSvix86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (vcdrom) -- C:\Windows\System32\drivers\VCdRom.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C1 C5 8A E5 D6 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.01 14:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010.07.01 14:41:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.25 00:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.25 00:14:20 | 000,000,000 | ---D | M]
[2010.02.15 01:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Extensions
[2011.03.03 13:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions
[2010.09.04 21:10:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.03 09:33:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.27 11:22:10 | 000,000,000 | ---D | M] (Ad Hacker) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\firefox@adhacker.com
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\7osrb7fj.default\searchplugins\icqplugin.xml
[2010.06.23 13:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.09.01 20:23:25 | 000,000,000 | ---D | M] (Buyertools) -- C:\Program Files\mozilla firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2009.08.07 09:38:10 | 000,044,544 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2006.11.09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010.12.28 02:45:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.28 02:45:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.28 02:45:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.28 02:45:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.28 02:45:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.11.06 19:32:35 | 000,349,941 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12022 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cffb63-b5d2-11de-89c6-00261880042d}\Shell - "" = AutoRun
O33 - MountPoints2\{a5cffb63-b5d2-11de-89c6-00261880042d}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.03 13:24:24 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\Neuer Ordner
[2011.03.03 09:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2
[2011.03.03 09:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2011.02.28 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Meepmu
[2011.02.28 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Ewymyc
[2011.02.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments
[2011.02.13 15:34:08 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\samplesfx
[2011.02.13 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\drumloopsfx
[2011.02.10 14:30:11 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\48
[2011.02.09 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\47
[2011.02.07 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\46
[2011.02.05 00:47:29 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\45
[2011.02.05 00:30:23 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\FlAC
[2011.02.04 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applied Acoustics Systems
[2011.02.04 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Applied Acoustics Systems
[2011.02.04 18:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\AAS
[2011.02.04 18:15:40 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\foobar2000
[2011.02.04 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2011.02.04 18:14:56 | 003,255,045 | ---- | C] (foobar2000.org) -- C:\Users\ich\Desktop\foobar2000_v1.1.2.exe
[2009.07.31 11:05:43 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2011.03.03 22:01:59 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB51562E-E818-4E28-995B-06C015D21A84}.job
[2011.03.03 21:39:48 | 000,645,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.03 21:39:48 | 000,601,332 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.03 21:39:48 | 000,132,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.03 21:39:48 | 000,109,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.03 21:36:02 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.03.03 21:33:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011.03.03 21:33:26 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011.03.03 21:33:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.03.03 21:33:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.03.03 21:33:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.03 21:32:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.03 21:32:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.03 21:32:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.03 18:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.03 13:49:53 | 000,000,955 | ---- | M] () -- C:\Users\ich\Documents\TROJANERBOARD.rtf
[2011.02.28 04:45:21 | 000,639,802 | ---- | M] () -- C:\Users\ich\Desktop\Sample01.WAV.reapeaks
[2011.02.28 04:34:45 | 043,944,924 | ---- | M] () -- C:\Users\ich\Desktop\Sample01.WAV
[2011.02.23 21:09:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2011.02.19 16:02:54 | 063,075,512 | ---- | M] () -- C:\Users\ich\Desktop\lostcity.wav
[2011.02.07 13:10:42 | 000,088,936 | ---- | M] () -- C:\Users\ich\Desktop\drum1.wav
[2011.02.07 13:00:22 | 000,371,434 | ---- | M] () -- C:\Users\ich\Desktop\3 Road Runner.flac.reapeaks
[2011.02.07 12:59:24 | 000,184,000 | ---- | M] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac.sfk
[2011.02.04 18:25:44 | 000,000,186 | ---- | M] () -- C:\Users\ich\Documents\Dokument.rtf
[2011.02.04 18:15:31 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2011.02.04 13:22:36 | 003,255,045 | ---- | M] (foobar2000.org) -- C:\Users\ich\Desktop\foobar2000_v1.1.2.exe
========== Files Created - No Company Name ==========
[2011.03.03 13:49:38 | 000,000,955 | ---- | C] () -- C:\Users\ich\Documents\TROJANERBOARD.rtf
[2011.02.28 04:45:20 | 000,639,802 | ---- | C] () -- C:\Users\ich\Desktop\Sample01.WAV.reapeaks
[2011.02.28 04:33:32 | 043,944,924 | ---- | C] () -- C:\Users\ich\Desktop\Sample01.WAV
[2011.02.19 16:02:52 | 063,075,512 | ---- | C] () -- C:\Users\ich\Desktop\lostcity.wav
[2011.02.07 13:10:42 | 000,088,936 | ---- | C] () -- C:\Users\ich\Desktop\drum1.wav
[2011.02.07 13:00:20 | 000,371,434 | ---- | C] () -- C:\Users\ich\Desktop\3 Road Runner.flac.reapeaks
[2011.02.07 12:52:22 | 000,184,000 | ---- | C] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac.sfk
[2011.02.05 00:27:37 | 021,938,302 | ---- | C] () -- C:\Users\ich\Desktop\9 Killer Hill.flac
[2011.02.05 00:27:36 | 008,341,803 | ---- | C] () -- C:\Users\ich\Desktop\8 Blue Panther.flac
[2011.02.05 00:27:34 | 019,190,942 | ---- | C] () -- C:\Users\ich\Desktop\7 Hanged Man.flac
[2011.02.05 00:27:33 | 009,673,412 | ---- | C] () -- C:\Users\ich\Desktop\6 The Spic.flac
[2011.02.05 00:27:33 | 005,106,581 | ---- | C] () -- C:\Users\ich\Desktop\5 Duluth Blues.flac
[2011.02.05 00:27:30 | 026,120,367 | ---- | C] () -- C:\Users\ich\Desktop\4 The Heist.flac
[2011.02.05 00:27:28 | 016,502,457 | ---- | C] () -- C:\Users\ich\Desktop\3 Road Runner.flac
[2011.02.05 00:27:25 | 023,633,138 | ---- | C] () -- C:\Users\ich\Desktop\2 G.B.H..flac
[2011.02.05 00:27:24 | 007,783,995 | ---- | C] () -- C:\Users\ich\Desktop\13 Funky Bear.flac
[2011.02.05 00:27:23 | 012,717,095 | ---- | C] () -- C:\Users\ich\Desktop\12 The Peterman.flac
[2011.02.05 00:27:22 | 026,740,603 | ---- | C] () -- C:\Users\ich\Desktop\11 Gentle In The Night.flac
[2011.02.05 00:27:21 | 011,705,294 | ---- | C] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac
[2011.02.05 00:27:20 | 017,079,081 | ---- | C] () -- C:\Users\ich\Desktop\1 Contract Man.flac
[2011.02.04 18:25:44 | 000,000,186 | ---- | C] () -- C:\Users\ich\Documents\Dokument.rtf
[2011.02.04 18:15:31 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2011.02.04 18:15:31 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010.11.08 02:05:09 | 006,640,274 | ---- | C] () -- C:\Windows\System32\Modalys_for_Arturia.dll
[2010.11.08 02:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010.11.08 01:49:38 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.11.08 01:48:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.09.24 06:42:03 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.09.13 18:44:02 | 000,000,680 | ---- | C] () -- C:\Users\ich\AppData\Local\d3d9caps.dat
[2010.09.07 21:25:05 | 000,001,028 | ---- | C] () -- C:\Users\ich\AppData\Roaming\WavCodec.wff
[2010.06.18 13:02:57 | 000,017,408 | ---- | C] () -- C:\Users\ich\AppData\Local\WebpageIcons.db
[2010.05.24 02:07:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.11.25 15:53:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.25 15:52:59 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009.11.25 15:52:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.08 14:32:44 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009.10.26 14:08:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.10.26 14:08:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.10 22:26:31 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.10.10 20:24:49 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.27 12:30:42 | 000,071,664 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.09.18 19:24:49 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009.09.09 01:47:35 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009.09.09 01:37:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009.09.09 01:37:46 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009.08.21 18:03:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.08.21 17:39:58 | 000,228,864 | ---- | C] () -- C:\Windows\PEV.exe
[2009.08.21 17:39:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.08.21 17:39:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.08.21 17:39:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.08.20 01:27:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.08.03 22:28:57 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009.08.03 22:28:57 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009.08.01 14:17:16 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2009.08.01 02:11:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.31 13:28:12 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2009.07.31 11:25:27 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.07.31 11:20:44 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009.07.31 11:20:14 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009.07.31 11:14:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009.07.31 11:11:23 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.07.31 11:11:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.07.31 11:04:47 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.31 11:04:47 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.31 11:04:47 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.31 11:04:47 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.07.31 03:41:43 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.12.23 12:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 07:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.07 07:00:46 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2008.01.21 08:15:58 | 000,645,404 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,132,062 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 17:26:10 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.12.08 13:58:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
[2006.12.08 02:52:50 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,174,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,332 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,109,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011.01.02 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\1l2kem2rqgrrqfijdd1vxqusdnjlexl2
[2011.02.04 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Applied Acoustics Systems
[2010.11.12 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Arturia
[2010.11.12 01:53:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Brass 2
[2011.01.27 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Celemony Software GmbH
[2011.02.23 21:33:32 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Dyozm
[2011.03.02 00:39:08 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Ewymyc
[2011.02.19 02:19:54 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\foobar2000
[2011.03.03 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\ICQ
[2011.01.27 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\KORG
[2011.03.03 15:34:36 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Meepmu
[2010.09.07 21:22:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\NCH Swift Sound
[2010.02.15 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\NetMedia Providers
[2010.06.30 23:40:46 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Propellerhead Software
[2010.02.15 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Publish Providers
[2011.01.07 01:54:36 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\REAPER
[2010.02.15 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Sony
[2010.06.24 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Tific
[2011.01.14 00:32:49 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Waos
[2011.03.03 18:42:05 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.31 10:52:40 | 000,000,158 | ---- | M] () -- C:\Windows\Tasks\task62033142.job
[2011.03.03 22:01:59 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB51562E-E818-4E28-995B-06C015D21A84}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
--- --- --- |
