Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.05.2012, 12:49   #1
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Über Mail habe ich mir vor einigen Tagen einen Trojaner eingefangen. Auf diesem Forum habe ich Malwarebytes Anti-Malware gefunden und installiert (im Sicherheits-Modus). Das Programm hat den Trojaner gefunden und ich konnte ihn danach löschen. Da aber alle wichtigen Dateien verschlüsselt waren, habe ich danach den DecryptHelper von Matthias benutzt um die zehntausenden Dateien wieder zu entschlüsseln. Das funktionierte in den meisten Fällen auch ganz gut, bis auf wenige Ausnahmen. Z.B. die Database von KeePass2 wurde zwar entschlüsselt, aber konnte danach durch das Programm nicht mehr geöffnet werden. Doch Gottseidank hatte ich davon noch ein Backup das nur wenige Tage alt war.
Beim Scannen danach (vielleicht doch noch mehr Viren?) bekam ich von Anti-Malware die Meldung, dass der DecryptHelper von Matthias durch den Trojaner Trojan.FakeAlert befallen ist!??????
Jetzt ist mein Glaube in die Menschheit stark erschüttert!
Kann sich jemand vielleicht hierzu äussern?
MfG, Gerd

P.S.: ich habe die ursprüngliche Mail mit meinem Trojaner bewahrt. Interesse?

P.S.: ich kann kein Thema zu diesem Beitrag erstellen weil der folgende Titel nicht akzepiert wird: "Anti-Malware findet Trojan.FakeAlert in DecryptHelper"
Was ist hieran unklar "-| wenig aussagekräftiger Begriff im Titel Deines Beitrages! |-"????????
Leider weiss ich nicht, was ich dann in den Titel setzen muss!

Alt 06.05.2012, 20:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Zitat:
Das Programm hat den Trojaner gefunden und ich konnte ihn danach löschen.
Was sollen solche Beschreibungen, wir brauch die Logs von Malwarebytes!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 06.05.2012, 21:35   #3
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Ich bin leider noch nicht vertraut mit diesem Forum. Ich habe mir einen Wolf gelesen um endlich dahinter zu kommen, das man sich erst auf ein Thema (Kategorie?) abonnieren muss und wie man das machen muss.
Wie ich dann endlich meinen Beitrag verschicken wollte, wurde das geweigert, weil der Titel nicht aussagekräftig genug soll sein! Ich war ziemlich frustiert von diesem Forum (habe 20 Jahre in der Software-Ergonomie gearbeitet).

Könnt Ihr nicht auch einmal Anti-Malware auf die Datei loslassen, die zum Downloaden bereit steht, um selbst zu sehen was los ist? Aber keine Not ich kann Euch auch die Download-Datei von DercryptHelper und das Log zuschicken (wenn ich dahinter komme wie ich das machen muss!).
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.05.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerd :: GERD-HP [administrator]

Realtime bescherming: Ingeschakeld

5-5-2012 21:21:10
mbam-log-2012-05-05 (21-21-10).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 639578
Verstreken tijd: 1 uur/uren, 2 minuut/minuten, 38 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 3
C:\Users\Gerd\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
D:\Install\Internet\Antivirus\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
         
Leider weiss ich jetzt noch nicht wie ich die Dateien uploaden muss.
Aber vielleicht ist das ganz einfach (wenn man weiss wie man's machen muss).
MfG, Gerd
__________________

Alt 07.05.2012, 10:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Zitat:
Könnt Ihr nicht auch einmal Anti-Malware auf die Datei loslassen,
Mit Fehlalarmen muss man nunmal rechnen, mit jedem neuen Signaturupdate kann die Erkennung anders aussehen! Nach dieser Forderung müssten wir bei jedem Signaturupdate von Malwarebytes "unsere" Dateien neu prüfen lassen! Sry aber dass das Ganz völlig unpraktikabel ist versteht sich von selbst!

Hatte Malwarebytes noch andere Funde oder nur den FalsePositive beim decrypter?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2012, 11:23   #5
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Schön zu hören, dass das ein FalsePositive ist! Seit Ihr sicher?

Hier ist noch ein früherer Log.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (-evaluatieversie-) 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.05.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerd :: GERD-HP [administrator]

Realtime bescherming: Ingeschakeld

4-5-2012 22:41:54
mbam-log-2012-05-04 (22-41-54).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 617898
Verstreken tijd: 58 minuut/minuten, 16 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 3
D:\trojaner\Bestellung2012.exe (Trojan.Downloader) -> Geen actie ondernomen.
D:\trojaner\njupngzmvu.pre (Trojan.Downloader) -> Geen actie ondernomen.
D:\ProgramFiles\Setup Generator Pro\SGPro.exe (Backdoor.Bot.H) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
         
Ist der letztgenannte Virus im Log auch ein FalsePositive oder ist das ein echter Virus?
MfG, Gerd


Alt 07.05.2012, 12:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Zitat:
Schön zu hören, dass das ein FalsePositive ist! Seit Ihr sicher?
Nein wir lassen die User hier bewusst verseuchte Programme ausführen, Programme die nur vorgaukeln die verschlüsselten Dateien wieder zu entschlüsseln aber in Wirklichkeit den Rechner infizieren


Zitat:
D:\ProgramFiles\Setup Generator Pro\SGPro.exe
Was soll das sein, wo hast du das her?
__________________
--> Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!

Alt 07.05.2012, 13:39   #7
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Ein Setup-Generator für Programme die ich geschrieben habe. Habe ich vor vielen Jahren offiziell gekauft (via Internet) und oft gebraucht um Setups zu machen.

Alt 07.05.2012, 14:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2012, 19:33   #9
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hier dann endlich das Resultat von ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7b9ca20bfcb2274690a525e99420ce45
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-07 04:08:59
# local_time=2012-05-07 06:08:59 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 28226329 88027941 0 0
# compatibility_mode=8192 67108863 100 0 967 967 0 0
# scanned=512570
# found=5
# cleaned=0
# scan_time=8848
D:\Install\Apps\XOOM\MovieClone\dvdscript.dll	probably a variant of Win32/TrojanDropper.Agent.KXTINUU trojan (unable to clean)	00000000000000000000000000000000	I
D:\Install\Utils\ccleaner_2_33_1184_Nederlands.exe	Win32/Toggle application (unable to clean)	00000000000000000000000000000000	I
D:\Install\Utils\cnet_winmail-reader-setup_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
D:\trojaner\Bestellung2012.exe	Win32/Trustezeb.A trojan (unable to clean)	00000000000000000000000000000000	I
D:\trojaner\njupngzmvu.pre	Win32/Trustezeb.A trojan (unable to clean)	00000000000000000000000000000000	I
         
Es hat etwas gedauert, aber dann hat man auch was!
Die beiden letzten Einträge ist der bekannte Trojaner aus der Mail.
MfG,
Gerd

Alt 07.05.2012, 19:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Zitat:
D:\Install\Apps\XOOM\MovieClone\dvdscript.dll
Aus welcher Quelle stammt dieses Programm?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2012, 19:50   #11
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Weiss ich leider nicht mehr. Habe das Programm schon ganz lange, aber wahrscheinlich noch nie benutzt.
Habe gerade das Programm gelöscht.
MfG,
Gerd

Alt 07.05.2012, 19:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2012, 22:02   #13
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Alles funktioniert wieder prima. Nur ein paar Einstellungen von verschiedenen Programmen sind verloren gegangen. Auch in der Entwikkelungsunmgebung bekam ich verschiedene Fehlermeldungen. Ich denke das wahrscheinlich nicht alle Dateien richtig decrypted sind (siehe vorige Mail: KeePass2). Auch verschiedene Foto's (von ganz vielen) sind kaputt.
An sich funktioniert das System im grossen und ganzen ohne Probleme.
MfG,
Gerd

Alt 08.05.2012, 10:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.05.2012, 13:34   #15
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/8/2012 1:18:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = D:\Install\Internet\Antivirus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
4.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 36.88% Memory free
8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.72% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 315.25 Gb Total Space | 219.25 Gb Free Space | 69.55% Space Free | Partition Type: NTFS
Drive D: | 345.33 Gb Total Space | 150.35 Gb Free Space | 43.54% Space Free | Partition Type: NTFS
Drive X: | 259.15 Gb Total Space | 212.81 Gb Free Space | 82.12% Space Free | Partition Type: NTFS
Drive Y: | 100.00 Mb Total Space | 70.17 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive Z: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
 
Computer Name: GERD-HP | User Name: Gerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/05/08 10:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Install\Internet\Antivirus\OTL.exe
PRC - [2012/05/02 13:28:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/01 09:28:19 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/12 15:53:01 | 000,046,376 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMediaInfoPDVD12.exe
PRC - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/01/12 14:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2011/11/10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/02 13:28:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/01 09:28:19 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/05/01 09:28:19 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/05/01 09:28:19 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/01/29 18:29:07 | 000,985,088 | ---- | M] () -- D:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/01/12 14:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2011/08/24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011/08/24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011/08/24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe
MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/01/26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2012/05/02 13:28:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/29 09:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:06:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/08/03 08:24:47 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 22:36:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 13:50:48 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/03/20 13:43:36 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/03/20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/03/16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/14 19:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/01/08 11:40:54 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/19 21:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/12 09:05:32 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD)
DRV:64bit: - [2009/09/12 09:05:32 | 000,013,184 | ---- | M] (None) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfpcomp.sys -- (AliWGP)
DRV:64bit: - [2009/09/12 09:05:32 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus)
DRV:64bit: - [2009/08/26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress) Stuurprogramma Q voor Intel(R)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/03/04 09:48:50 | 000,213,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012/01/11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/22 13:39:57] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/10/27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}
IE:64bit: - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}
IE - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes,DefaultScope = {3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes\{3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}: "URL" = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/05/07 10:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 13:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 21:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/05 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions
[2012/05/05 18:15:03 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\foxmarks@kei.com
[2011/09/23 21:48:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\maps@ovi.com
[2012/05/05 13:04:11 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\aol-web-search.xml
[2012/05/02 20:12:29 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\locked-aol-web-search.xml.wlrp
[2012/04/12 16:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/12 16:22:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 13:04:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A9UA28FT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/02 13:28:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 00:42:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 14:09:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 14:09:58 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/11 14:09:58 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/11 14:09:58 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MFP Manager] C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe ()
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [Akamai NetSession Interface] C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk =  File not found
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Skype.lnk = D:\ProgramFiles (x86)\Manager for Skype\ManagerForSkype.exe ()
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E54B6F9-0701-4446-A286-C1DA3BBC7DB0}: DhcpNameServer = 192.168.123.254
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - C:\Windows\SysWow64\WDShell.DLL (PC SOFT)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/07 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/07 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/05/04 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes
[2012/05/04 22:40:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/04 03:09:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/02 19:46:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2012/05/02 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/08 12:50:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 12:25:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 11:03:51 | 001,833,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/08 11:03:51 | 000,810,998 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/05/08 11:03:51 | 000,708,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/08 11:03:51 | 000,177,570 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/05/08 11:03:51 | 000,139,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 10:56:41 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 10:56:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 10:55:50 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 10:32:42 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/05/05 22:57:57 | 004,209,334 | ---- | M] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf
[2012/05/05 17:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 16:25:40 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2012/05/05 16:25:30 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
[2012/05/05 16:10:39 | 000,000,334 | ---- | M] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url
[2012/05/05 13:39:22 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/05/05 13:38:58 | 000,000,623 | ---- | M] () -- C:\Users\Gerd\Desktop\WoW.exe.lnk
[2012/05/05 13:04:37 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar
[2012/05/05 13:04:37 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf
[2012/05/05 13:04:37 | 000,215,955 | ---- | M] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf
[2012/05/05 13:04:37 | 000,151,334 | ---- | M] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg
[2012/05/05 13:04:37 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar
[2012/05/05 13:04:37 | 000,002,158 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp
[2012/05/05 13:04:37 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\Default.rdp
[2012/05/05 13:04:37 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf
[2012/05/05 13:04:37 | 000,000,332 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url
[2012/05/05 13:04:37 | 000,000,328 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url
[2012/05/05 12:58:45 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg
[2012/05/05 12:57:19 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\.recently-used.xbel
[2012/05/04 20:57:31 | 007,401,821 | ---- | M] () -- C:\Users\Gerd\AppData\Local\census.cache
[2012/05/04 20:51:40 | 000,113,378 | ---- | M] () -- C:\Users\Gerd\AppData\Local\ars.cache
[2012/05/03 19:24:16 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/05/02 20:14:19 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Dachgeschoss.xar.jdzp
[2012/05/02 20:14:19 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Oberwiesenthal_plattegrond.xar.oyyj
[2012/05/02 20:14:19 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Default.rdp.quhz
[2012/05/02 20:14:19 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\locked-everest_HP_Gerd.rpf.rmqi
[2012/05/02 20:14:15 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Afzuigkap_koolstoffilter.emf.ybos
[2012/05/02 20:07:12 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg
[2012/05/02 20:06:21 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\locked-.recently-used.xbel.xfpd
[2012/05/01 22:27:16 | 000,000,335 | ---- | M] () -- C:\Windows\HFREP.INI
[2012/04/30 17:29:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321
[2012/04/30 17:29:30 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320
[2012/04/30 17:28:00 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323
[2012/04/30 17:26:42 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322
[2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325
[2012/04/26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324
[2012/04/14 17:55:36 | 000,000,191 | ---- | M] () -- C:\Windows\topmeeting.INI
[2012/04/13 00:58:35 | 002,062,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\WDStatistic_WebServer_Chris.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/05 22:57:56 | 004,209,334 | ---- | C] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf
[2012/05/05 17:09:24 | 000,000,312 | ---- | C] () -- C:\Users\Gerd\Desktop\Curse Client.appref-ms
[2012/05/05 17:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 13:04:37 | 000,832,658 | ---- | C] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar
[2012/05/05 13:04:37 | 000,795,196 | ---- | C] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf
[2012/05/05 13:04:37 | 000,215,955 | ---- | C] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf
[2012/05/05 13:04:37 | 000,151,334 | ---- | C] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg
[2012/05/05 13:04:37 | 000,054,249 | ---- | C] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar
[2012/05/05 13:04:37 | 000,002,158 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp
[2012/05/05 13:04:37 | 000,002,028 | ---- | C] () -- C:\Users\Gerd\Documents\Default.rdp
[2012/05/05 13:04:37 | 000,000,867 | ---- | C] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf
[2012/05/05 13:04:37 | 000,000,334 | ---- | C] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url
[2012/05/05 13:04:37 | 000,000,332 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url
[2012/05/05 13:04:37 | 000,000,328 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url
[2012/05/05 12:57:20 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg
[2012/05/05 12:57:19 | 000,000,738 | ---- | C] () -- C:\Users\Gerd\.recently-used.xbel
[2012/05/03 19:24:16 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012/04/29 09:54:56 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/14 17:55:25 | 000,000,191 | ---- | C] () -- C:\Windows\topmeeting.INI
[2012/04/04 12:21:50 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\MFPBot.dll
[2012/04/04 12:21:49 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\InstallMFPPS.dll
[2012/04/04 12:21:48 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\Install98MFPPS.dll
[2012/04/04 12:21:48 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ddschk.dll
[2012/04/04 12:21:48 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2012/03/06 23:23:24 | 000,008,192 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 23:27:27 | 000,212,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/27 22:18:14 | 000,000,296 | ---- | C] () -- C:\Windows\topbudget.ini
[2011/08/14 12:41:47 | 007,401,821 | ---- | C] () -- C:\Users\Gerd\AppData\Local\census.cache
[2011/08/14 12:40:34 | 000,113,378 | ---- | C] () -- C:\Users\Gerd\AppData\Local\ars.cache
[2011/08/14 12:26:41 | 000,000,036 | ---- | C] () -- C:\Users\Gerd\AppData\Local\housecall.guid.cache
[2011/05/25 12:57:38 | 000,000,335 | ---- | C] () -- C:\Windows\HFREP.INI
[2011/05/19 16:49:34 | 000,030,736 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\mdbu.bin
[2011/04/07 16:13:54 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
[2011/03/20 00:04:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/03/19 16:14:07 | 001,720,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/28 22:32:45 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/28 21:33:04 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/27 18:10:28 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1126.old
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0506.old
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0222.old
[2011/01/08 00:21:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/01/06 01:08:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/05 13:43:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/05 02:19:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/10/19 16:48:51 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/10/19 16:46:52 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/19 16:14:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev
[2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon
[2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER
[2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape
[2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011
[2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass
[2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX
[2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype
[2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special
[2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++
[2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org
[2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT
[2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools
[2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6
[2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3
[2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif
[2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper
[2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird
[2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch
[2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner
[2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs
[2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/03/15 11:12:39 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistic_WebServer_Chris.job
[2011/07/06 15:58:32 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistique_WebServer_Chris.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/05/05 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe
[2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev
[2011/01/05 01:26:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ATI
[2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon
[2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/02/26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\CyberLink
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER
[2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant
[2011/01/08 01:04:00 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hewlett-Packard
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HP Support Assistant
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\hpqLog
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HpUpdate
[2011/01/05 01:22:57 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape
[2012/04/04 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield
[2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011
[2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass
[2011/01/05 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia
[2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX
[2012/05/04 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes
[2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype
[2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs
[2012/02/07 22:44:00 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft
[2011/03/19 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft Web Folders
[2011/01/05 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla
[2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++
[2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org
[2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT
[2011/01/08 00:12:33 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC Tools
[2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools
[2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6
[2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3
[2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif
[2012/05/08 12:44:31 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype
[2012/01/31 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony Corporation
[2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper
[2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird
[2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2012/05/05 13:04:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Winamp
[2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch
[2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner
[2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2012/05/05 12:58:20 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\AutoRunCE.exe
[2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\0\module.exe
[2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\1\module.exe
[2012/05/05 12:58:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\AutoRunCE.exe
[2012/05/05 12:58:29 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\1\module.exe
[2012/05/05 12:58:45 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\AutoRunCE.exe
[2012/05/05 12:58:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\0\module.exe
[2012/05/05 12:58:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\1\module.exe
[2012/05/05 12:59:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\AutoRunCE.exe
[2012/05/05 12:59:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\1\module.exe
[2012/05/05 12:59:16 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\AutoRunCE.exe
[2012/05/05 12:59:16 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\0\module.exe
[2012/05/05 12:59:17 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\1\module.exe
[2012/05/05 12:59:46 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\AutoRunCE.exe
[2012/05/05 12:59:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\0\module.exe
[2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\1\module.exe
[2012/05/05 12:59:47 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\AutoRunCE.exe
[2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\0\module.exe
[2012/05/05 12:59:49 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\1\module.exe
[2012/05/05 12:59:55 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\AutoRunCE.exe
[2012/05/05 12:59:55 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\0\module.exe
[2012/05/05 12:59:56 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\1\module.exe
[2012/05/05 13:00:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\AutoRunCE.exe
[2012/05/05 13:00:02 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\1\module.exe
[2012/05/05 13:00:25 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\AutoRunCE.exe
[2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\0\module.exe
[2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\1\module.exe
[2012/05/05 13:00:28 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\AutoRunCE.exe
[2012/05/05 13:00:28 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\0\module.exe
[2012/05/05 13:00:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\1\module.exe
[2012/05/05 13:00:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\AutoRunCE.exe
[2012/05/05 13:00:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\1\module.exe
[2012/05/05 13:00:42 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\AutoRunCE.exe
[2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\0\module.exe
[2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\1\module.exe
[2012/05/05 13:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\AutoRunCE.exe
[2012/05/05 13:00:44 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\1\module.exe
[2012/05/05 13:01:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\AutoRunCE.exe
[2012/05/05 13:01:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\0\module.exe
[2012/05/05 13:01:24 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\1\module.exe
[2012/05/05 13:01:24 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\AutoRunCE.exe
[2012/05/05 13:01:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\1\module.exe
[2012/05/05 13:01:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\AutoRunCE.exe
[2012/05/05 13:01:26 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\1\module.exe
[2012/05/05 13:01:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\AutoRunCE.exe
[2012/05/05 13:01:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\1\module.exe
[2012/05/05 13:01:35 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\AutoRunCE.exe
[2012/05/05 13:01:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\1\module.exe
[2012/05/05 13:02:00 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\AutoRunCE.exe
[2012/05/05 13:02:00 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\0\module.exe
[2012/05/05 13:02:01 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\1\module.exe
[2012/05/05 13:02:34 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\AutoRunCE.exe
[2012/05/05 13:02:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\1\module.exe
[2012/05/05 13:02:44 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\AutoRunCE.exe
[2012/05/05 13:02:48 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\1\module.exe
[2012/05/05 13:02:52 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\AutoRunCE.exe
[2012/05/05 13:02:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\0\module.exe
[2012/05/05 13:02:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\1\module.exe
[2012/05/05 13:02:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\AutoRunCE.exe
[2012/05/05 13:02:53 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\1\module.exe
[2012/05/05 13:03:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\AutoRunCE.exe
[2012/05/05 13:03:08 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\1\module.exe
[2012/05/05 13:03:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\AutoRunCE.exe
[2012/05/05 13:03:09 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\1\module.exe
[2012/05/05 13:03:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\AutoRunCE.exe
[2012/05/05 13:03:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\1\module.exe
[2012/05/05 13:03:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\AutoRunCE.exe
[2012/05/05 13:03:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\0\module.exe
[2012/05/05 13:03:22 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\1\module.exe
[2012/05/05 13:03:23 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\AutoRunCE.exe
[2012/05/05 13:03:24 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\1\module.exe
[2012/05/05 13:03:25 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\AutoRunCE.exe
[2012/05/05 13:03:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\1\module.exe
[2012/05/05 13:03:26 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\AutoRunCE.exe
[2012/05/05 13:03:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\0\module.exe
[2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\1\module.exe
[2012/05/05 13:03:27 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\AutoRunCE.exe
[2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\0\module.exe
[2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\1\module.exe
[2012/05/05 13:03:29 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\AutoRunCE.exe
[2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\0\module.exe
[2012/05/05 13:03:30 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\1\module.exe
[2012/05/05 13:03:36 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\AutoRunCE.exe
[2012/05/05 13:03:36 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\0\module.exe
[2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\1\module.exe
[2012/05/05 13:03:37 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\AutoRunCE.exe
[2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\0\module.exe
[2012/05/05 13:03:38 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\1\module.exe
[2012/05/05 13:03:51 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\AutoRunCE.exe
[2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\0\module.exe
[2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\1\module.exe
[2012/05/05 13:03:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\AutoRunCE.exe
[2012/05/05 13:03:57 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\1\module.exe
[2011/12/31 19:07:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gerd\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
         
--- --- ---

Antwort

Themen zu Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!
anti-malware, befallen, beitrag, dateien, dateien verschlüsselt, decrypthelper, erstellen, folge, folgende, forum, helper, installiert, interesse, mail, malwarebytes, meldung, nicht mehr, programm, ransomlock, scan, scannen, setzen, thema, trojan.fakealert, trojaner, trojaner gefunden, viren, viren?, wichtige



Ähnliche Themen: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!


  1. Windows 7: Malwarebytes Anti-Malware findet Trojan.Agent.RC und setzt SkyDriveSetup.exe in Quarantäne
    Log-Analyse und Auswertung - 12.06.2015 (17)
  2. Malwarebytes Anti-Malware findet auf NAS, nicht aber auf interner HDD
    Log-Analyse und Auswertung - 10.06.2015 (14)
  3. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  4. Anti-Malware findet 10 Bedrohungen...
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (9)
  5. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  6. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  7. Malewarebytes Anti Malware findet bei jedem Suchlauf! Win7
    Log-Analyse und Auswertung - 06.12.2013 (10)
  8. Malwarebytes Anti-Malware findet infizierte Objekte
    Log-Analyse und Auswertung - 12.11.2013 (13)
  9. Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)
    Log-Analyse und Auswertung - 23.09.2013 (16)
  10. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  11. Malwarebytes Anti-Malware findet (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (13)
  12. Malwarebytes Anti-Malware findet Trojan.Ransom.ANC
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (37)
  13. Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker
    Log-Analyse und Auswertung - 10.03.2013 (18)
  14. Anti- Malware findet 37 PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (18)
  15. (3x) Malwarebytes Anti-Malware findet den Trojaner bei mir leider nicht!
    Mülltonne - 27.04.2012 (2)
  16. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  17. Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (12)

Zum Thema Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Über Mail habe ich mir vor einigen Tagen einen Trojaner eingefangen. Auf diesem Forum habe ich Malwarebytes Anti-Malware gefunden und installiert (im Sicherheits-Modus). Das Programm hat den Trojaner gefunden und - Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!...
Archiv
Du betrachtest: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.