Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.06.2012, 10:41   #1
Yonko
 
Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe - Standard

Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe



Liebes Team,

ich hatte gestern eine Systemsperre mit exakt dem Screenshot, der hier zum Thema "Verschlüsselungstrojaner" gezeigt wird:

Anschließend habe ich das System abgebrochen und über den abgesicherten Modus eine Systemwiederherstellung vom Vortag gemacht. Danach waren die Symptome verschwunden. Verschlüsselte Dateien habe ich noch nicht entdeckt. Ein anschließender Scan mit McAfee Internet Security Suite brachte keine Fehler zu Tage. Ich bin nicht sicher, ob nach Ausführen der Hinweise aus eurer Seite noch etwas zu tun ist. Alle geforderten Angaben findet ihr unten.

Vielen Dank für eure freundliche und kompetente Unterstützung!

Liebe Grüße

Yonko

Der Malware-Scan fand drei infizierte Dateien und erstellte folgendes Logfile:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CURRENT USER :: CURRENT USER [Administrator]

Schutz: Aktiviert

23.06.2012 09:03:42
mbam-log-2012-06-23 (09-03-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218529
Laufzeit: 13 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\CURRENT USER\Downloads\Softango_VideoConverter_Multi.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\CURRENT USER\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier der OTL Log:
OTL logfile created on: 23.06.2012 09:46:05 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\CURRENT USER\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,56% Memory free
7,99 Gb Paging File | 6,42 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 110,59 Gb Free Space | 24,36% Space Free | Partition Type: NTFS
Drive D: | 416,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ONKO | User Name: CURRENT USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.23 09:40:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\CURRENT USER\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.01 20:56:28 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.09.02 19:12:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.09 17:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.11.02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 03:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.10.08 19:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009.10.07 13:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009.09.23 19:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009.02.03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.02 19:12:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.13 16:57:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 09:55:43 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.21 23:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE361DE361
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://go.web.de/br/moz_keyurl_search/?su="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010.10.20 21:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.05 10:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.04.29 12:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 11:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 11:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 07:25:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]

[2010.03.15 21:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Extensions
[2012.06.05 22:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions
[2012.05.30 19:38:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.05 21:47:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.05 22:17:57 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010.12.17 00:17:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\engine@conduit.com
[2010.04.09 21:25:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\moveplayer@movenetworks.com
[2012.04.28 11:50:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\toolbar@web.de
[2010.05.01 13:18:04 | 000,001,711 | ---- | M] () -- C:\Users\CURRENT USER\AppData\Roaming\Mozilla\Firefox\Profiles\7q60rrxy.default\searchplugins\linguee-de-en.xml
[2012.04.28 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 21:29:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.28 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.04.28 11:49:34 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.04.29 12:30:44 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.06.03 11:29:27 | 000,000,886 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120429101527.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429101527.dll (McAfee, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFME.EXE /FU "C:\Windows\TEMP\E_SE002.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ffaacbaeccdbgfdgfdgdfg] C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe ()
O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Program Files (x86)\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} https://stream.web.de/v/notify/Download.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9953C9B0-5934-416D-BE2C-9870C8186E77}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9eec3320-3716-11df-a2b6-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{9eec3320-3716-11df-a2b6-00262d74b2c9}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9eec3460-3716-11df-a2b6-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{e94758f1-247a-11e0-8377-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{e94758f1-247a-11e0-8377-00262d74b2c9}\Shell\AutoRun\command - "" = E:\double_click_here.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.23 09:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.23 09:30:41 | 000,000,000 | R--D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.06.23 08:58:55 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Malwarebytes
[2012.06.23 08:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 08:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 08:58:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.23 08:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.23 08:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.06.22 21:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012.06.17 22:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy 3 - Madagascar
[2012.06.12 22:45:26 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Local\Macromedia
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Bustle
[2012.06.03 22:46:44 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\A2 Entertainment
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Farm
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Farm
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV Farm
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle - Ellie's Organics
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle - Ellie's Organics
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Bustle - Ellie's Organics

========== Files - Modified Within 30 Days ==========

[2012.06.23 09:39:50 | 000,000,000 | ---- | M] () -- C:\Users\CURRENT USER\defogger_reenable
[2012.06.23 09:37:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 09:37:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 09:35:19 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012.06.23 09:30:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.06.23 09:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.23 09:29:43 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 09:28:14 | 000,000,000 | ---- | M] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe
[2012.06.23 08:54:45 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.22 20:36:04 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.06.20 06:45:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 06:45:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 06:45:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 06:45:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 06:45:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 23:19:28 | 004,902,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.17 22:23:02 | 000,016,134 | ---- | M] () -- C:\Windows\wininit.ini
[2012.06.17 22:23:01 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Play Farm Frenzy 3 - Madagascar.lnk
[2012.06.17 15:29:24 | 000,055,808 | ---- | M] () -- C:\ProgramData\tqfouxrbybriixx
[2012.06.17 15:29:24 | 000,000,098 | ---- | M] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.cfg
[2012.06.17 14:32:22 | 000,040,960 | ---- | M] () -- C:\ProgramData\ioutkdxxqoxgcpe
[2012.06.03 22:50:14 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Play Burger Bustle.lnk
[2012.06.03 22:45:08 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Play TV Farm.lnk
[2012.06.03 11:29:27 | 000,000,886 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.01 23:22:53 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Play Burger Bustle - Ellie's Organics.lnk

========== Files Created - No Company Name ==========

[2012.06.23 09:39:50 | 000,000,000 | ---- | C] () -- C:\Users\CURRENT USER\defogger_reenable
[2012.06.23 08:54:45 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.06.23 08:54:45 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.22 21:25:50 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012.06.22 21:25:50 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012.06.17 22:23:01 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Play Farm Frenzy 3 - Madagascar.lnk
[2012.06.17 15:29:24 | 000,055,808 | ---- | C] () -- C:\ProgramData\tqfouxrbybriixx
[2012.06.17 14:32:22 | 000,040,960 | ---- | C] () -- C:\ProgramData\ioutkdxxqoxgcpe
[2012.06.17 14:32:22 | 000,000,098 | ---- | C] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.cfg
[2012.06.17 14:32:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe
[2012.06.03 22:50:14 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Play Burger Bustle.lnk
[2012.06.03 22:45:08 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Play TV Farm.lnk
[2012.06.01 23:22:53 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Play Burger Bustle - Ellie's Organics.lnk
[2012.01.12 21:22:02 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.08.21 11:45:42 | 000,000,079 | ---- | C] () -- C:\Windows\Nutzen$.ini
[2011.08.16 17:53:50 | 000,006,688 | ---- | C] () -- C:\Windows\movexe.exe
[2011.03.14 10:57:31 | 001,046,678 | ---- | C] () -- C:\Users\CURRENT USER\IMG_6357.JPG
[2010.11.21 09:55:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2010.09.02 09:45:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.19 14:29:45 | 000,003,584 | ---- | C] () -- C:\Users\CURRENT USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 20:20:42 | 000,000,478 | ---- | C] () -- C:\Users\CURRENT USER\AppData\Roaming\wklnhst.dat
[2010.03.15 22:08:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.02 22:43:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2010.01.09 22:37:25 | 000,000,000 | -HSD | M] -- C:\Users\CURRENT USER\AppData\Roaming\.#
[2012.06.03 22:46:44 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\A2 Entertainment
[2010.11.28 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Amazon
[2012.04.07 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Anino Games
[2011.11.30 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Artifex Mundi
[2012.06.14 11:16:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Audacity
[2011.04.26 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\blg
[2012.02.20 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Boolat Games
[2010.08.19 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Canon
[2012.04.15 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.16 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\com.vilango.birkenbihlsprachen.standalone.demo.E3108F3F4D536DE95A0EC7FFD2F3455D3240F2E4.1
[2012.05.10 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoft
[2011.10.10 15:16:33 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.30 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\EleFun Games
[2012.02.27 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\elsterformular
[2012.02.06 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Engelmann Media
[2010.01.17 13:49:02 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Epson
[2011.12.29 13:09:27 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania
[2012.05.24 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania 2
[2011.12.29 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania 2.1
[2011.07.10 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Friday's games
[2011.11.30 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GameInvest
[2010.01.09 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Gamelab
[2010.05.20 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GamesCafe
[2011.12.29 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GoldSunGames
[2012.02.17 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Happy Chef
[2010.06.11 10:47:07 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Hotdog Hotshot
[2010.11.21 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\KIDDINX
[2011.11.18 23:24:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Mean Hamster
[2012.02.20 23:23:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Oberon Games
[2010.10.12 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Packard Bell
[2011.12.29 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\PeaceCraft3
[2011.12.28 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Ph03nixNewMedia
[2012.05.23 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\PlayFirst
[2011.11.18 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\playmink
[2011.12.28 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Playrix Entertainment
[2012.06.01 23:23:43 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\SulusGames
[2010.05.14 15:19:33 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Super-Cow
[2010.06.06 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Template
[2011.07.09 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Thunderbird
[2012.01.04 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Uniblue
[2011.11.30 22:43:11 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\ViquaSoft
[2010.01.19 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WEB.DE
[2011.08.11 17:58:47 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WEBDE
[2011.07.05 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WendigoStudios
[2011.03.14 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\World-Loom
[2010.11.20 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\YoudaGames
[2012.06.22 20:36:04 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.06.23 09:30:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012.03.28 07:17:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:36608448
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:F53B274A
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:11EFE63D
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:BACB6B6C
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:8CCDAB14
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:96646EC1
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:2216A431
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:CFF6B3FF
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:162E02F7
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E5F8E280
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp1713795
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:FBFC061F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8140CB50
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:80B291A7
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:5A8F8A0C
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:490BCC52
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:27C3CD07
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:BFAD7A5D
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:71FA8B7F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5C0940F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:6A37FCC3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TempA18D4E3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EE7AAC75
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4B6543DE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3C6E4889
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:94124B85
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:09A43FB1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0915A718
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:33C6377A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F76441C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp9987109
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A1A1140A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6A94ABF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:7AF9CAEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:15DE523E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B1EEADE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2F8DACDA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:56C17A93

< End of report >

Alt 26.06.2012, 14:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe - Standard

Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 27.06.2012, 05:29   #3
Yonko
 
Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe - Standard

Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe



Hallo Arne,

vielen lieben Dank für deine Antwort. Ich habe die beiden Logs erstellt.
Hier das Log des vollständigen Malware Scans:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

26.06.2012 16:59:45
mbam-log-2012-06-26 (16-59-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 432970
Laufzeit: 3 Stunde(n), 6 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\Adobe Creative Suite 5.5 Master Collection\adobemasterkeygen55.exe (Trojan.Agent.ck) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und hier das Log des ESET Scans:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e869ad1592f52c40893bd6be661f52b8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-26 10:12:50
# local_time=2012-06-27 12:12:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1411333 5963234 0 0
# compatibility_mode=5893 16776574 100 94 31913933 92367588 0 0
# compatibility_mode=8192 67108863 100 0 146 146 0 0
# scanned=245876
# found=17
# cleaned=0
# scan_time=11032
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\jar_cache7825988361281496955.tmp	a variant of Java/Exploit.CVE-2011-3544.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\Launcher.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbmonitor.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rbnotifier.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_move_serial.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\rb_ubm.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Local\Temp\mia1202.tmp\data\OFFLINE\B0E5A44C\93B9E9B3\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2d0b6a8e-60a97e0e	Java/Exploit.CVE-2012-0507.BO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\22d83725-3e6555d8	a variant of Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Yvonne Omelianenko\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
${Memory}	Win32/RegistryBooster application	00000000000000000000000000000000	I
         
und zuletzt nochmal das OTL Log, das ich zuvor nicht in Code-Tags gepostet hatte:
Code:
ATTFilter
OTL logfile created on: 23.06.2012 09:46:05 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Users\CURRENT USER\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,56% Memory free
7,99 Gb Paging File | 6,42 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 110,59 Gb Free Space | 24,36% Space Free | Partition Type: NTFS
Drive D: | 416,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ONKO | User Name: CURRENT USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.23 09:40:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\CURRENT USER\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.01 20:56:28 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.09.02 19:12:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.09 17:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.11.02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 03:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.10.08 19:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009.10.07 13:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009.09.23 19:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009.02.03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.02 19:12:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.13 16:57:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 09:55:43 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.21 23:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE361DE361
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360110i7b6l0310z155f49i1u62p"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://go.web.de/br/moz_keyurl_search/?su="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010.10.20 21:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.05 10:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.04.29 12:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 11:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 11:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 07:25:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.13 08:50:53 | 000,000,000 | ---D | M]
 
[2010.03.15 21:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Extensions
[2012.06.05 22:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions
[2012.05.30 19:38:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.05 21:47:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.05 22:17:57 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010.12.17 00:17:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\engine@conduit.com
[2010.04.09 21:25:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\moveplayer@movenetworks.com
[2012.04.28 11:50:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\CURRENT USER\AppData\Roaming\mozilla\Firefox\Profiles\7q60rrxy.default\extensions\toolbar@web.de
[2010.05.01 13:18:04 | 000,001,711 | ---- | M] () -- C:\Users\CURRENT USER\AppData\Roaming\Mozilla\Firefox\Profiles\7q60rrxy.default\searchplugins\linguee-de-en.xml
[2012.04.28 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 21:29:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.28 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.04.28 11:49:34 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.04.29 12:30:44 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.03 11:29:27 | 000,000,886 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120429101527.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429101527.dll (McAfee, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFME.EXE /FU "C:\Windows\TEMP\E_SE002.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ffaacbaeccdbgfdgfdgdfg] C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe ()
O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Program Files (x86)\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} https://stream.web.de/v/notify/Download.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9953C9B0-5934-416D-BE2C-9870C8186E77}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9eec3320-3716-11df-a2b6-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{9eec3320-3716-11df-a2b6-00262d74b2c9}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9eec3460-3716-11df-a2b6-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{e94758f1-247a-11e0-8377-00262d74b2c9}\Shell - "" = AutoRun
O33 - MountPoints2\{e94758f1-247a-11e0-8377-00262d74b2c9}\Shell\AutoRun\command - "" = E:\double_click_here.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 09:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.23 09:30:41 | 000,000,000 | R--D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.06.23 08:58:55 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Malwarebytes
[2012.06.23 08:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 08:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 08:58:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.23 08:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.23 08:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.06.22 21:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012.06.17 22:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 3 - Madagascar
[2012.06.17 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy 3 - Madagascar
[2012.06.12 22:45:26 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Local\Macromedia
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
[2012.06.03 22:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Bustle
[2012.06.03 22:46:44 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\A2 Entertainment
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Farm
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Farm
[2012.06.03 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV Farm
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\CURRENT USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle - Ellie's Organics
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle - Ellie's Organics
[2012.06.01 23:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Bustle - Ellie's Organics
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 09:39:50 | 000,000,000 | ---- | M] () -- C:\Users\CURRENT USER\defogger_reenable
[2012.06.23 09:37:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 09:37:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 09:35:19 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012.06.23 09:30:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.06.23 09:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.23 09:29:43 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 09:28:14 | 000,000,000 | ---- | M] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe
[2012.06.23 08:54:45 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.22 20:36:04 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.06.20 06:45:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 06:45:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 06:45:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 06:45:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 06:45:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 23:19:28 | 004,902,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.17 22:23:02 | 000,016,134 | ---- | M] () -- C:\Windows\wininit.ini
[2012.06.17 22:23:01 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Play Farm Frenzy 3 - Madagascar.lnk
[2012.06.17 15:29:24 | 000,055,808 | ---- | M] () -- C:\ProgramData\tqfouxrbybriixx
[2012.06.17 15:29:24 | 000,000,098 | ---- | M] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.cfg
[2012.06.17 14:32:22 | 000,040,960 | ---- | M] () -- C:\ProgramData\ioutkdxxqoxgcpe
[2012.06.03 22:50:14 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Play Burger Bustle.lnk
[2012.06.03 22:45:08 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Play TV Farm.lnk
[2012.06.03 11:29:27 | 000,000,886 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.01 23:22:53 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Play Burger Bustle - Ellie's Organics.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.23 09:39:50 | 000,000,000 | ---- | C] () -- C:\Users\CURRENT USER\defogger_reenable
[2012.06.23 08:54:45 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.06.23 08:54:45 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.06.22 21:25:50 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012.06.22 21:25:50 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012.06.17 22:23:01 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Play Farm Frenzy 3 - Madagascar.lnk
[2012.06.17 15:29:24 | 000,055,808 | ---- | C] () -- C:\ProgramData\tqfouxrbybriixx
[2012.06.17 14:32:22 | 000,040,960 | ---- | C] () -- C:\ProgramData\ioutkdxxqoxgcpe
[2012.06.17 14:32:22 | 000,000,098 | ---- | C] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.cfg
[2012.06.17 14:32:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\ffaacbaeccdbgfdgfdgdfg.exe
[2012.06.03 22:50:14 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Play Burger Bustle.lnk
[2012.06.03 22:45:08 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Play TV Farm.lnk
[2012.06.01 23:22:53 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Play Burger Bustle - Ellie's Organics.lnk
[2012.01.12 21:22:02 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.08.21 11:45:42 | 000,000,079 | ---- | C] () -- C:\Windows\Nutzen$.ini
[2011.08.16 17:53:50 | 000,006,688 | ---- | C] () -- C:\Windows\movexe.exe
[2011.03.14 10:57:31 | 001,046,678 | ---- | C] () -- C:\Users\CURRENT USER\IMG_6357.JPG
[2010.11.21 09:55:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2010.09.02 09:45:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.19 14:29:45 | 000,003,584 | ---- | C] () -- C:\Users\CURRENT USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 20:20:42 | 000,000,478 | ---- | C] () -- C:\Users\CURRENT USER\AppData\Roaming\wklnhst.dat
[2010.03.15 22:08:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.02 22:43:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010.01.09 22:37:25 | 000,000,000 | -HSD | M] -- C:\Users\CURRENT USER\AppData\Roaming\.#
[2012.06.03 22:46:44 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\A2 Entertainment
[2010.11.28 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Amazon
[2012.04.07 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Anino Games
[2011.11.30 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Artifex Mundi
[2012.06.14 11:16:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Audacity
[2011.04.26 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\blg
[2012.02.20 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Boolat Games
[2010.08.19 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Canon
[2012.04.15 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.16 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\com.vilango.birkenbihlsprachen.standalone.demo.E3108F3F4D536DE95A0EC7FFD2F3455D3240F2E4.1
[2012.05.10 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoft
[2011.10.10 15:16:33 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.30 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\EleFun Games
[2012.02.27 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\elsterformular
[2012.02.06 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Engelmann Media
[2010.01.17 13:49:02 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Epson
[2011.12.29 13:09:27 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania
[2012.05.24 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania 2
[2011.12.29 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Farm Mania 2.1
[2011.07.10 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Friday's games
[2011.11.30 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GameInvest
[2010.01.09 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Gamelab
[2010.05.20 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GamesCafe
[2011.12.29 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\GoldSunGames
[2012.02.17 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Happy Chef
[2010.06.11 10:47:07 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Hotdog Hotshot
[2010.11.21 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\KIDDINX
[2011.11.18 23:24:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Mean Hamster
[2012.02.20 23:23:04 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Oberon Games
[2010.10.12 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Packard Bell
[2011.12.29 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\PeaceCraft3
[2011.12.28 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Ph03nixNewMedia
[2012.05.23 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\PlayFirst
[2011.11.18 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\playmink
[2011.12.28 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Playrix Entertainment
[2012.06.01 23:23:43 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\SulusGames
[2010.05.14 15:19:33 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Super-Cow
[2010.06.06 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Template
[2011.07.09 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Thunderbird
[2012.01.04 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\Uniblue
[2011.11.30 22:43:11 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\ViquaSoft
[2010.01.19 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WEB.DE
[2011.08.11 17:58:47 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WEBDE
[2011.07.05 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\WendigoStudios
[2011.03.14 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\World-Loom
[2010.11.20 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\CURRENT USER\AppData\Roaming\YoudaGames
[2012.06.22 20:36:04 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.06.23 09:30:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012.03.28 07:17:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:36608448
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:F53B274A
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:11EFE63D
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:BACB6B6C
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:8CCDAB14
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:96646EC1
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:2216A431
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:CFF6B3FF
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:162E02F7
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E5F8E280
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:D1713795
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:FBFC061F
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8140CB50
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:80B291A7
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:5A8F8A0C
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:490BCC52
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:27C3CD07
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:16B49C20
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:BFAD7A5D
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:969C0C96
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:71FA8B7F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5C0940F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:6A37FCC3
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DA18D4E3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EE7AAC75
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4B6543DE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3C6E4889
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:94124B85
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:09A43FB1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0915A718
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:33C6377A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F76441C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A1A1140A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6A94ABF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:7AF9CAEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:592D7272
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:15DE523E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B1EEADE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2F8DACDA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:56C17A93

< End of report >
         
Nochmals danke für die Hilfe und liebe Grüße

Yvonne
__________________

Alt 27.06.2012, 13:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe - Standard

Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe



Code:
ATTFilter
C:\Users\***\Adobe Creative Suite 5.5 Master Collection\adobemasterkeygen55.exe
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe
acedrv05.sys, adobe, alternate, autorun, bho, bonjour, conduit, dateisystem, e-mail, error, excel, explorer, fehler, firefox, format, heuristiks/extra, heuristiks/shuriken, home, ibsvc.exe, ibupdaterservice, infizierte, infizierte dateien, internet, launch, logfile, mozilla, mp3, nicht sicher, packard bell, phishing, photoshop, plug-in, pup.bundleinstaller.ib, realtek, scan, searchscopes, security, software, symantec, temp, trojaner, verschlüsselung




Ähnliche Themen: Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe


  1. 44GB ProgramData Treesize 110 GB SSD
    Alles rund um Windows - 18.10.2014 (5)
  2. C:/ProgramData/BitGuard/2.7.1832.68.../loader.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2014 (5)
  3. Win 7.. C:\ProgramData\eSafe eGdpSvc.exe in C:\ProgramData\eSafe
    Log-Analyse und Auswertung - 27.10.2013 (3)
  4. Löschen von Dateien aus ProgramData
    Alles rund um Windows - 15.08.2013 (4)
  5. eGdpSvc.exe in C:\ProgramData\eSafe
    Log-Analyse und Auswertung - 09.08.2013 (8)
  6. IBUpdaterService-->Trojaner? Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (19)
  7. SoftwareUpdater.Ui.exe und ibsvc.exe
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (35)
  8. Trojaner JS/Ransom-ABJ in C:\ProgramData\ro7iw.js
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (9)
  9. IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll
    Log-Analyse und Auswertung - 08.03.2013 (27)
  10. IBUpdaterService\ibsvc.exe (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (9)
  11. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA)
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (1)
  12. IBUpdaterService - möglicherweise ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (1)
  13. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA)
    Log-Analyse und Auswertung - 31.12.2012 (5)
  14. C:\ProgramData\lsass.exe
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (14)
  15. Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA
    Log-Analyse und Auswertung - 14.09.2012 (10)
  16. SystemProc\lsass.ece | ProgramData\ds32gt32.dll |ProgramData\dskquoto32.dll | uvm.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (10)

Zum Thema Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe - Liebes Team, ich hatte gestern eine Systemsperre mit exakt dem Screenshot, der hier zum Thema "Verschlüsselungstrojaner" gezeigt wird: Anschließend habe ich das System abgebrochen und über den abgesicherten Modus eine - Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe...
Archiv
Du betrachtest: Verschlüsselungstrojaner in C:\ProgramData\IBUpdaterService\ibsvc.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.