Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2012, 01:18   #1
anderoo84
 
Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ - Icon22

Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@



Guten Tag,

habe mir den
"Trojan.Dropper.BCMiner" laut Malwarebytes eingefangen.
Leider habe ich ihn voreilig in Malwarebytes schon gelöscht.

Ich hoffe es kann mir jemand weiterhelfen, wie ich weiter vorgehen soll, denn ich benötige den PC auch beruflich.



Hier die OTL.txt und im Anhang die gezippte Extras.txt:



OTL logfile created on: 13.07.2012 01:05:35 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,82% Memory free
7,99 Gb Paging File | 6,63 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,18 Gb Total Space | 2,08 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
Drive F: | 9,76 Gb Total Space | 0,02 Gb Free Space | 0,16% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 65,73 Mb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive H: | 1862,04 Gb Total Space | 1351,75 Gb Free Space | 72,60% Space Free | Partition Type: NTFS
Drive I: | 59,45 Gb Total Space | 56,00 Gb Free Space | 94,20% Space Free | Partition Type: exFAT
Drive J: | 8,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDRE-NOTEBOOK | User Name: André | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.13 01:00:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
PRC - [2012.07.13 01:00:51 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Downloads\Defogger.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.13 01:00:51 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Downloads\Defogger.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.09.16 16:44:36 | 000,036,160 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.07.12 20:52:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.13 21:31:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2012.04.12 16:09:28 | 000,760,320 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.01.12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011.09.16 16:51:20 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.01 06:42:12 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.07 21:22:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Disabled | Stopped] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.10.02 19:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 16:22:38 | 000,221,184 | ---- | M] (Droppix) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Droppix\DxService.exe -- (Droppix Service)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011.07.19 13:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.28 10:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 10:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.03.28 10:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.04 17:59:00 | 000,046,080 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2xxUSB76.sys -- (C2xxUSB)
DRV:64bit: - [2010.09.30 23:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.08.17 01:10:22 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.08.09 12:06:34 | 000,049,920 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2XXCOM76.sys -- (C2XXCOM)
DRV:64bit: - [2010.06.10 16:15:00 | 000,009,216 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2xSTR76.sys -- (C2xxUsbStorage)
DRV:64bit: - [2010.06.10 01:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.10.03 09:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.29 20:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.29 20:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.18 13:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.08.18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.02 13:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.06.30 18:46:22 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.08 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.07.24 13:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012.01.11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/27 02:08:02] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.10.27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.11.29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.09.14 15:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.12.15 12:28:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/10/09 22:50:45] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100611180846045&tb_oid=11-06-2010&tb_mrud=11-06-2010
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360610j7c6l0450z185f44n1u266
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100611180846045&tb_oid=11-06-2010&tb_mrud=11-06-2010
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE382
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE382&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9F8D8A63-A854-472D-8052-FCA2FB816B9E}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.01.24 03:28:52 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.01.24 03:28:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2012.07.07 15:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\extensions\firejump@firejump.net [2012.05.04 22:55:56 | 000,000,000 | ---D | M]

[2010.10.13 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.05.30 20:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions
[2012.04.05 02:33:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.02.21 06:13:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.05 18:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.05 02:34:32 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.12.15 02:05:31 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\ffxtlbr@Facemoods.com
[2012.05.04 22:55:56 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\firejump@firejump.net
[2010.11.05 19:35:56 | 000,000,000 | ---D | M] ("Spam Fire") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\814t1a4z.default\extensions\spamfire@robertnyman.com
[2012.01.05 22:02:33 | 000,000,933 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\11-suche.xml
[2011.01.18 03:40:37 | 000,000,570 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\bing.xml
[2012.01.05 22:02:33 | 000,002,419 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\englische-ergebnisse.xml
[2012.01.05 22:02:33 | 000,010,525 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\gmx-suche.xml
[2012.07.12 18:37:57 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-1.xml
[2011.09.09 18:57:01 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-10.xml
[2011.09.16 15:15:16 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-11.xml
[2011.10.19 16:30:52 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-12.xml
[2011.11.09 04:13:15 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-13.xml
[2012.01.19 00:11:06 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-14.xml
[2012.03.14 00:50:28 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-15.xml
[2012.04.05 18:44:29 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-16.xml
[2012.04.29 23:21:33 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-17.xml
[2011.06.25 11:10:21 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-2.xml
[2011.07.12 14:07:53 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-3.xml
[2011.07.13 21:46:26 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-4.xml
[2011.07.18 19:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-5.xml
[2011.08.18 18:49:03 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-6.xml
[2011.08.20 12:51:09 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-7.xml
[2011.09.07 18:32:20 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-8.xml
[2011.09.09 18:46:07 | 000,000,950 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.src
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\icqplugin.xml
[2012.01.05 22:02:33 | 000,002,457 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\lastminute.xml
[2012.01.05 22:02:33 | 000,005,508 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\814t1a4z.default\searchplugins\webde-suche.xml
[2011.12.15 02:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.28 04:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.04 21:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.04 17:04:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.12 02:15:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.14 18:05:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.05.30 20:59:16 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011.10.17 01:55:32 | 000,372,140 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
[2011.09.26 19:23:40 | 000,626,986 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
[2011.04.02 02:26:07 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2011.09.26 19:23:40 | 000,105,020 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2012.05.02 01:53:32 | 000,158,974 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
[2012.03.24 23:25:58 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.04.19 01:45:42 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.08.30 22:59:02 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\814T1A4Z.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2010.06.11 20:08:32 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2011.12.15 02:05:33 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\
CHR - Extension: Facemoods = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\

O1 HOSTS File: ([2011.10.12 00:02:04 | 000,004,469 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 Registration
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 2o7.net
O1 - Hosts: 127.0.0.1 doublecklick.net
O1 - Hosts: 127.0.0.1 google-analytics.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 95 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (TweakMASTER Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files (x86)\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E42C238-B354-41C0-B36C-D26D093B567F}: DhcpNameServer = 10.129.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5920EE1C-C107-4A03-B3FB-1724011F53CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5920EE1C-C107-4A03-B3FB-1724011F53CF}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF544B2A-10C1-4AA5-864D-65D0F66F744B}: NameServer = 156.154.70.25,156.154.71.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.12.22 21:49:22 | 001,073,156 | ---- | M] () - I:\autoexec.bin -- [ exFAT ]
O32 - AutoRun File - [2010.10.28 10:39:04 | 000,000,078 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3aa0ad11-b42e-11df-9280-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{3aa0ad11-b42e-11df-9280-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{41f04fe7-0779-11e0-a230-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{41f04fe7-0779-11e0-a230-00262d854067}\Shell\AutoRun\command - "" = I:\MI.exe
O33 - MountPoints2\{541a47d5-efa1-11e0-8e6a-9598d5abe68e}\Shell - "" = AutoRun
O33 - MountPoints2\{541a47d5-efa1-11e0-8e6a-9598d5abe68e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.html
O33 - MountPoints2\{6a8277ea-9fbb-11df-9a6a-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8277ea-9fbb-11df-9a6a-00262d854067}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6a8277ee-9fbb-11df-9a6a-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8277ee-9fbb-11df-9a6a-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90baaa9e-a23f-11df-b9f9-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{90baaa9e-a23f-11df-b9f9-00262d854067}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{90baaaa1-a23f-11df-b9f9-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{90baaaa1-a23f-11df-b9f9-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b04b1ec2-a9e2-11df-a20a-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{b04b1ec2-a9e2-11df-a20a-00262d854067}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bea2cbca-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{bea2cbca-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{bea2cbcd-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{bea2cbcd-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{bea2cbd1-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{bea2cbd1-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bea2cbd5-4117-11e0-a443-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{bea2cbd5-4117-11e0-a443-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebfa83ac-9fe9-11df-83a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfa83ac-9fe9-11df-83a3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ebfa83c3-9fe9-11df-83a3-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfa83c3-9fe9-11df-83a3-00262d854067}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f2a59657-4751-11e0-950f-00262d854067}\Shell - "" = AutoRun
O33 - MountPoints2\{f2a59657-4751-11e0-950f-00262d854067}\Shell\AutoRun\command - "" = H:\AutoInstaller.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.13 01:03:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\trojaner_files
[2012.07.12 20:37:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.07.12 18:47:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.12 16:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2012.07.12 15:22:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\.thumb
[2012.07.12 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
[2012.07.12 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDStyler
[2012.07.10 20:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\GMap.NET
[2012.07.10 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APM Planner
[2012.07.10 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\APM Planner
[2012.07.10 06:28:52 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\the kooks_web
[2012.07.10 05:52:05 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Kooks Konzert Posthalle 09.07.12-print
[2012.07.10 05:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Kooks Konzert Posthalle 09.07.12
[2012.07.10 03:56:44 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\brauhaus 09.07.12
[2012.07.08 05:15:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zaubi 07.07.12
[2012.07.08 04:57:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weinfest eibelstadt 07.07.12
[2012.07.07 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe
[2012.07.07 19:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.07.07 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe
[2012.07.07 15:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.07 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.07 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.07 15:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.07 15:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.07 03:20:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\kiliani 06.07.12
[2012.07.06 14:03:19 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingut_stein
[2012.07.06 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\haribo 05.07.12
[2012.07.06 01:44:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\moser abi ball
[2012.07.05 04:37:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingutstein 040712web
[2012.07.05 04:13:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\weingut am stein 04.07.12
[2012.07.04 17:48:53 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.07.04 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{29BFADB7-50C6-47BC-B673-8A67A4B1B71C}
[2012.07.04 16:50:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{FDB3CADA-9870-4C68-BE6E-B29C115BF994}
[2012.07.04 01:05:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\abiball stativ
[2012.07.03 22:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 30.06.12
[2012.07.03 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Brauhaus 02.07.12
[2012.07.02 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung2_2
[2012.07.02 01:44:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung2
[2012.07.02 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\hdr_festung
[2012.07.01 06:05:30 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zauberberg 30.06.12
[2012.07.01 05:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\outdoor 30.06.12
[2012.06.29 06:55:31 | 000,000,000 | ---D | C] -- C:\sd
[2012.06.29 03:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\em 28.06.12
[2012.06.28 16:06:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\ursulinen 28.06.12
[2012.06.28 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe-BackupByPhotoshopCS5Portable
[2012.06.27 03:13:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe-BackupByPhotoshopCS5Portable
[2012.06.26 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\red bull racing can 25.06.12
[2012.06.25 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.06.25 21:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2012.06.25 21:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2012.06.25 21:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.06.25 21:10:58 | 002,056,192 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.06.25 21:10:58 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.06.25 21:10:58 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.06.25 21:10:58 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.06.25 21:10:58 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.06.25 21:10:57 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.06.25 21:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2012.06.25 21:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\InstallShield
[2012.06.24 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\phildieb
[2012.06.24 06:13:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 23.06.12
[2012.06.23 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zaubi 22.06.12
[2012.06.23 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\posthalle 22.06.12
[2012.06.22 03:12:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\uud 21.06.12
[2012.06.22 02:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{4E84473D-784D-4424-BEED-54F9C90ADD86}
[2012.06.22 02:20:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{AB430FF1-FED8-461E-8434-69847E59A55C}
[2012.06.20 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{7E1C8FE9-C360-4A46-A630-34234E2C982B}
[2012.06.20 00:05:33 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{05481EBB-D93A-4F8A-8A8A-A0A5B4949725}
[2012.06.19 05:40:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\brauhaus 18.06.12
[2012.06.18 21:23:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Shooting Scarlett
[2012.06.18 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\em 17.04.12
[2012.06.18 15:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\randersacker 17.02.12
[2012.06.17 05:58:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\zauberberg 16.06.12
[2012.06.16 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\einbein 15.06.12
[2012.06.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\odeon 15.06.12
[2012.06.14 03:03:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Posthalle Fankurve 13.06.12
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.13 01:23:24 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job
[2012.07.13 01:03:42 | 000,065,848 | ---- | M] () -- C:\Users\Jan\Desktop\trojaner.htm
[2012.07.13 01:02:18 | 000,000,000 | ---- | M] () -- C:\Users\Jan\defogger_reenable
[2012.07.13 01:00:10 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job
[2012.07.13 01:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job
[2012.07.13 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 00:49:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 00:49:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 00:38:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.13 00:38:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 00:37:07 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 00:34:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 19:29:41 | 000,000,031 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mbam.context.scan
[2012.07.12 19:23:33 | 000,002,728 | ---- | M] () -- C:\Users\Jan\Documents\DVD Architect Studio registrieren.htm
[2012.07.12 19:20:54 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\DVD Architect Studio 5.0.lnk
[2012.07.12 19:16:08 | 000,030,280 | ---- | M] () -- C:\Users\Jan\Desktop\396660_334528939964014_1687567269_n.jpg
[2012.07.12 18:49:48 | 000,002,728 | ---- | M] () -- C:\Users\Jan\Documents\DVD Architect Pro registrieren.htm
[2012.07.12 17:56:20 | 000,001,974 | ---- | M] () -- C:\Users\Jan\Desktop\DVD Architect Pro 5.0.lnk
[2012.07.12 17:07:11 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 16:04:06 | 000,048,505 | ---- | M] () -- C:\Users\Jan\Desktop\600024_10151028374990769_319057127_n.jpg
[2012.07.12 15:21:38 | 000,001,081 | ---- | M] () -- C:\Users\Jan\Desktop\DVDStyler.lnk
[2012.07.12 14:10:39 | 000,012,856 | ---- | M] () -- C:\Users\Jan\Documents\easyct.ini
[2012.07.12 14:10:23 | 000,034,961 | ---- | M] () -- C:\Users\Jan\Documents\Jahr2012.eca
[2012.07.12 00:10:02 | 001,881,808 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_12072012_000933.png
[2012.07.11 22:53:44 | 005,067,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 21:23:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job
[2012.07.11 21:07:53 | 000,347,669 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_11072012_210652.png
[2012.07.11 20:33:52 | 000,100,562 | ---- | M] () -- C:\Users\Jan\Desktop\live (1).jpg
[2012.07.11 20:30:11 | 000,122,855 | ---- | M] () -- C:\Users\Jan\Desktop\552542_443756838989471_1311366834_n.jpg
[2012.07.11 19:27:56 | 000,048,020 | ---- | M] () -- C:\Users\Jan\Desktop\527873_495330790483655_1778004771_n.jpg
[2012.07.11 19:21:27 | 000,024,163 | ---- | M] () -- C:\Users\Jan\Desktop\TheHobbit_320x480_mobile-wallpaper.jpg
[2012.07.11 17:41:27 | 000,037,377 | ---- | M] () -- C:\Users\Jan\Desktop\8866530486900046_IxgsXGwy_f.jpg
[2012.07.10 20:53:27 | 000,054,908 | ---- | M] () -- C:\Users\Jan\Desktop\293802_441919932505018_607248145_n.jpg
[2012.07.10 16:30:57 | 000,072,181 | ---- | M] () -- C:\Users\Jan\Desktop\391321_441123819261895_1500593594_n.jpg
[2012.07.10 03:39:03 | 000,079,046 | ---- | M] () -- C:\Users\Jan\Desktop\417727_441544632542548_1456269016_n.jpg
[2012.07.09 19:08:59 | 000,051,073 | ---- | M] () -- C:\Users\Jan\Desktop\486177_441511875879157_430364828_n.jpg
[2012.07.09 18:42:36 | 000,716,564 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02042012_201631.png
[2012.07.09 16:02:59 | 000,026,545 | ---- | M] () -- C:\Users\Jan\Desktop\fbd8ad035a4560a1aa5cd6a66aa87a08.jpg
[2012.07.09 14:44:49 | 000,219,527 | ---- | M] () -- C:\Users\Jan\Desktop\avm_fritzbox_wlan_3270-v6.jpg
[2012.07.09 04:59:58 | 000,494,457 | ---- | M] () -- C:\Users\Jan\Desktop\Clipboard01.jpg
[2012.07.09 02:09:39 | 000,427,068 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_09072012_020918.png
[2012.07.08 23:46:25 | 000,092,494 | ---- | M] () -- C:\Users\Jan\Desktop\396944_410403992344833_351460604_n.jpg
[2012.07.07 20:00:30 | 003,576,636 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731_3.jpg
[2012.07.07 19:49:01 | 003,590,230 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731_2.jpg
[2012.07.07 19:41:37 | 003,515,153 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1731.jpg
[2012.07.07 18:41:47 | 000,001,096 | ---- | M] () -- C:\Users\Jan\Desktop\Ashampoo WinOptimizer 6.lnk
[2012.07.07 15:56:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.07 03:39:05 | 001,181,365 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_2808.jpg
[2012.07.07 02:31:44 | 001,201,595 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_07072012_023109.png
[2012.07.07 02:06:33 | 000,039,210 | ---- | M] () -- C:\Users\Jan\Desktop\8084_10150922148443176_1409767915_n.jpg
[2012.07.06 15:24:54 | 000,071,302 | ---- | M] () -- C:\Users\Jan\Desktop\579629_3666562228509_591003334_n.jpg
[2012.07.06 15:21:41 | 000,356,181 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_06072012_152121.png
[2012.07.06 13:59:03 | 000,068,888 | ---- | M] () -- C:\Users\Jan\Desktop\483293_10151071363130664_1460663421_n.jpg
[2012.07.06 12:18:30 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2012.07.05 14:41:28 | 000,060,530 | ---- | M] () -- C:\Users\Jan\Desktop\550513_10150971121317250_624631558_n.jpg
[2012.07.05 11:25:17 | 000,090,150 | ---- | M] () -- C:\Users\Jan\Desktop\309349_10150943442884821_1921945662_n.jpg
[2012.07.05 10:57:00 | 000,414,892 | ---- | M] () -- C:\Users\Jan\Desktop\10.jpg
[2012.07.05 02:29:46 | 000,265,659 | ---- | M] () -- C:\Users\Jan\Desktop\marspic_1024.jpg
[2012.07.05 02:22:33 | 000,804,220 | ---- | M] () -- C:\Users\Jan\Desktop\Cratere_Bonneville_sur_Mars_vu_par_le_rover_Spirit.jpg
[2012.07.04 15:34:48 | 000,555,405 | ---- | M] () -- C:\Users\Jan\Desktop\07.jpg
[2012.07.04 04:57:05 | 000,040,205 | ---- | M] () -- C:\Users\Jan\Desktop\380680_4098551419305_1359789862_n.jpg
[2012.07.04 04:56:18 | 000,024,896 | ---- | M] () -- C:\Users\Jan\Desktop\524247_4216004041902_219905661_n.jpg
[2012.07.04 04:41:06 | 000,050,532 | ---- | M] () -- C:\Users\Jan\Desktop\Gong Rechnung Juni 2012.pdf
[2012.07.04 01:33:42 | 000,037,728 | ---- | M] () -- C:\Users\Jan\Desktop\311531_350126945023774_619333422_n.jpg
[2012.07.04 01:15:03 | 000,050,047 | ---- | M] () -- C:\Users\Jan\Desktop\baerlauch.jpg
[2012.07.04 00:05:39 | 000,043,690 | ---- | M] () -- C:\Users\Jan\Desktop\Mars_1.jpg
[2012.07.03 16:19:54 | 000,084,349 | ---- | M] () -- C:\Users\Jan\Desktop\581976_455878877764731_66146524_n.jpg
[2012.07.03 16:19:17 | 000,041,272 | ---- | M] () -- C:\Users\Jan\Desktop\zujg.jpg
[2012.07.03 15:47:37 | 000,027,674 | ---- | M] () -- C:\Users\Jan\Desktop\527894_449684868390009_319062588_n.jpg
[2012.07.03 15:46:27 | 000,054,341 | ---- | M] () -- C:\Users\Jan\Desktop\557829_361127947294457_2092409336_n.jpg
[2012.07.03 15:45:06 | 000,063,706 | ---- | M] () -- C:\Users\Jan\Desktop\600102_438665499497128_401874923_n.jpg
[2012.07.03 15:40:48 | 000,070,330 | ---- | M] () -- C:\Users\Jan\Desktop\399174_363860620345926_532984886_n.jpg
[2012.07.03 15:33:23 | 000,025,417 | ---- | M] () -- C:\Users\Jan\Desktop\528442_442013489152401_846630949_n.jpg
[2012.07.03 15:32:32 | 000,030,054 | ---- | M] () -- C:\Users\Jan\Desktop\182540_331679326911910_1776086151_n.jpg
[2012.07.03 15:31:19 | 000,021,962 | ---- | M] () -- C:\Users\Jan\Desktop\293274_467110876635473_1451069661_n.jpg
[2012.07.03 15:28:08 | 000,034,180 | ---- | M] () -- C:\Users\Jan\Desktop\u.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 03:35:32 | 000,058,613 | ---- | M] () -- C:\Users\Jan\Desktop\376875_466463636700198_723921992_n.jpg
[2012.07.02 02:52:09 | 000,588,555 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_025002.png
[2012.07.02 01:20:19 | 000,167,907 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_012000.png
[2012.07.02 00:12:52 | 000,216,525 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_02072012_001225.png
[2012.07.01 19:06:18 | 000,168,910 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_01072012_190555.png
[2012.06.29 01:43:57 | 000,543,885 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_29062012_014333.png
[2012.06.29 01:19:43 | 000,412,016 | ---- | M] () -- C:\Users\Jan\Desktop\MVI_2202.mp3
[2012.06.28 18:25:17 | 000,506,585 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_28062012_182502.png
[2012.06.28 18:20:45 | 000,248,763 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_28062012_182020.png
[2012.06.28 18:11:41 | 000,238,984 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_0306.jpg
[2012.06.28 03:17:27 | 001,633,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.28 03:17:27 | 000,704,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.28 03:17:27 | 000,658,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.28 03:17:27 | 000,151,910 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.28 03:17:27 | 000,124,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.27 23:19:07 | 000,253,241 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_27062012_231354.png
[2012.06.27 22:14:25 | 000,219,689 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_27062012_221335.png
[2012.06.26 16:14:01 | 000,416,382 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_161342.png
[2012.06.26 16:11:46 | 000,415,864 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_161132.png
[2012.06.26 15:36:57 | 000,485,921 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_153622.png
[2012.06.26 01:21:50 | 000,153,019 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_012121.png
[2012.06.26 00:54:57 | 000,225,466 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_005147.png
[2012.06.26 00:54:27 | 000,225,280 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_26062012_005211.png
[2012.06.25 19:27:31 | 000,692,860 | ---- | M] () -- C:\Users\Jan\Desktop\18.jpg
[2012.06.24 23:25:29 | 000,397,968 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_24062012_232328.png
[2012.06.24 16:55:06 | 000,022,874 | ---- | M] () -- C:\Users\Jan\Desktop\600697_286971414734082_1596480150_n.jpg
[2012.06.24 16:53:31 | 000,153,376 | ---- | M] () -- C:\Users\Jan\Desktop\533397_383436081720107_1702884464_n.jpg
[2012.06.24 15:29:00 | 000,043,860 | ---- | M] () -- C:\Users\Jan\Desktop\379104_289961341044811_1350045290_n.jpg
[2012.06.24 15:26:12 | 000,084,051 | ---- | M] () -- C:\Users\Jan\Desktop\309507_291573407550271_426832357_n.jpg
[2012.06.24 15:25:58 | 000,044,185 | ---- | M] () -- C:\Users\Jan\Desktop\374190_295424550498490_575297564_n.jpg
[2012.06.24 15:25:40 | 000,159,980 | ---- | M] () -- C:\Users\Jan\Desktop\373859_300416319999313_1441714320_n.jpg
[2012.06.24 15:25:21 | 000,110,068 | ---- | M] () -- C:\Users\Jan\Desktop\380165_320725134635098_1718565664_n.jpg
[2012.06.24 15:25:04 | 000,027,231 | ---- | M] () -- C:\Users\Jan\Desktop\405513_327211960653082_582236530_n.jpg
[2012.06.24 15:24:06 | 000,040,992 | ---- | M] () -- C:\Users\Jan\Desktop\431001_356492914391653_1886625402_n.jpg
[2012.06.24 15:23:13 | 000,040,317 | ---- | M] () -- C:\Users\Jan\Desktop\485144_367968976577380_619537276_n.jpg
[2012.06.24 15:22:53 | 000,142,854 | ---- | M] () -- C:\Users\Jan\Desktop\538864_372755956098682_422651986_n.jpg
[2012.06.24 15:22:37 | 000,035,348 | ---- | M] () -- C:\Users\Jan\Desktop\319851_384024908305120_41244667_n.jpg
[2012.06.24 15:21:41 | 000,093,357 | ---- | M] () -- C:\Users\Jan\Desktop\549289_412175318823412_1311443225_n.jpg
[2012.06.24 15:21:22 | 000,145,425 | ---- | M] () -- C:\Users\Jan\Desktop\545514_411113625596248_57626409_n.jpg
[2012.06.24 15:21:00 | 000,052,220 | ---- | M] () -- C:\Users\Jan\Desktop\578180_417952271579050_1176525883_n.jpg
[2012.06.24 15:20:00 | 000,142,037 | ---- | M] () -- C:\Users\Jan\Desktop\292102_416053071768970_1762247089_n.jpg
[2012.06.24 15:17:52 | 000,048,061 | ---- | M] () -- C:\Users\Jan\Desktop\540672_425409314166679_1109603287_n.jpg
[2012.06.24 15:17:20 | 000,116,225 | ---- | M] () -- C:\Users\Jan\Desktop\600130_426293297411614_1054108455_n.jpg
[2012.06.24 15:15:33 | 000,030,400 | ---- | M] () -- C:\Users\Jan\Desktop\479720_429007057140238_1551756514_n.jpg
[2012.06.24 15:15:24 | 000,033,748 | ---- | M] () -- C:\Users\Jan\Desktop\599708_429446447096299_1729669172_n.jpg
[2012.06.24 15:15:04 | 000,067,102 | ---- | M] () -- C:\Users\Jan\Desktop\208968_429513030422974_1871102937_n.jpg
[2012.06.24 15:14:46 | 000,046,913 | ---- | M] () -- C:\Users\Jan\Desktop\480062_430067133700897_1319664948_n.jpg
[2012.06.24 15:13:51 | 000,072,533 | ---- | M] () -- C:\Users\Jan\Desktop\532886_431111920263085_1310207881_n.jpg
[2012.06.24 15:13:09 | 000,044,838 | ---- | M] () -- C:\Users\Jan\Desktop\556447_431616336879310_1628302468_n.jpg
[2012.06.22 02:12:44 | 000,040,973 | ---- | M] () -- C:\Users\Jan\Desktop\250840_343712922365907_2029366532_n.jpg
[2012.06.22 01:52:29 | 000,043,215 | ---- | M] () -- C:\Users\Jan\Desktop\581158_314567728638253_1333646722_n.jpg
[2012.06.22 01:47:09 | 000,043,715 | ---- | M] () -- C:\Users\Jan\Desktop\542315_10151643410468484_351756534_n.jpg
[2012.06.21 17:28:14 | 000,472,967 | ---- | M] () -- C:\Users\Jan\Desktop\A6_antrag_foto.pdf
[2012.06.20 23:42:51 | 002,166,062 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_1612.JPG
[2012.06.20 23:40:51 | 000,770,102 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_234036.png
[2012.06.20 22:24:44 | 000,190,213 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_222417.png
[2012.06.20 20:51:37 | 001,395,524 | ---- | M] () -- C:\Users\Jan\Desktop\dj phil.wav
[2012.06.20 20:47:06 | 000,019,159 | ---- | M] () -- C:\Users\Jan\Desktop\600738_427976630576614_172168825_n.jpg
[2012.06.20 20:46:15 | 000,050,278 | ---- | M] () -- C:\Users\Jan\Desktop\196111_419795351394742_1115079185_n.jpg
[2012.06.20 20:44:59 | 000,046,723 | ---- | M] () -- C:\Users\Jan\Desktop\562443_423728507668093_425654802_n.jpg
[2012.06.20 20:33:06 | 000,070,501 | ---- | M] () -- C:\Users\Jan\Desktop\bob.jpg
[2012.06.20 15:19:57 | 000,098,544 | ---- | M] () -- C:\Users\Jan\Desktop\pizza.jpg
[2012.06.20 14:01:59 | 000,049,778 | ---- | M] () -- C:\Users\Jan\Desktop\601271_10151855169685584_595958766_n.jpg
[2012.06.20 01:00:55 | 000,721,724 | ---- | M] () -- C:\Users\Jan\Desktop\hochzeit_ingo_nadine.mp4
[2012.06.20 00:52:19 | 000,139,060 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_20062012_005206.png
[2012.06.20 00:16:14 | 001,203,391 | ---- | M] () -- C:\Users\Jan\Desktop\bruch.wmv
[2012.06.19 21:34:54 | 000,023,175 | ---- | M] () -- C:\Users\Jan\Desktop\zukunft.jpg
[2012.06.19 19:26:14 | 000,197,824 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_19062012_192525.png
[2012.06.19 19:25:08 | 000,187,196 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_19062012_192458.png
[2012.06.19 15:28:52 | 000,027,176 | ---- | M] () -- C:\Users\Jan\Desktop\538315_377709162290903_1580378685_n.jpg
[2012.06.19 15:28:25 | 000,019,997 | ---- | M] () -- C:\Users\Jan\Desktop\533432_10151638156488484_1677446043_n.jpg
[2012.06.19 15:26:01 | 000,054,568 | ---- | M] () -- C:\Users\Jan\Desktop\fussball.jpg
[2012.06.19 03:19:42 | 000,053,109 | ---- | M] () -- C:\Users\Jan\Desktop\melone.jpg
[2012.06.18 23:41:57 | 000,239,623 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_234128.png
[2012.06.18 23:11:05 | 000,712,060 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_230527.png
[2012.06.18 22:51:01 | 000,205,055 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_225048.png
[2012.06.18 22:38:48 | 001,005,546 | ---- | M] () -- C:\Users\Jan\Desktop\pan3.jpg
[2012.06.18 21:11:53 | 000,039,644 | ---- | M] () -- C:\Users\Jan\Desktop\batcat.jpg
[2012.06.18 21:09:43 | 000,094,677 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_210933.png
[2012.06.18 17:27:06 | 000,178,765 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_18062012_172635.png
[2012.06.18 15:00:02 | 000,105,803 | ---- | M] () -- C:\Users\Jan\Documents\Jahr2011.eca
[2012.06.18 13:46:19 | 000,061,158 | ---- | M] () -- C:\Users\Jan\Desktop\katz.jpg
[2012.06.16 18:01:25 | 001,905,550 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_16062012_175924.png
[2012.06.16 18:01:12 | 001,839,255 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_16062012_175913.png
[2012.06.16 16:38:29 | 000,048,974 | ---- | M] () -- C:\Users\Jan\Desktop\carrot.jpg
[2012.06.15 21:28:35 | 000,013,824 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.15 21:01:31 | 000,026,939 | ---- | M] () -- C:\Users\Jan\Desktop\father.jpg
[2012.06.15 18:34:29 | 000,027,362 | ---- | M] () -- C:\Users\Jan\Desktop\2personenliege.jpg
[2012.06.15 18:34:00 | 000,052,338 | ---- | M] () -- C:\Users\Jan\Desktop\kacken.jpg
[2012.06.15 14:26:20 | 000,035,418 | ---- | M] () -- C:\Users\Jan\Desktop\166523_320183311399056_1005710147_n.jpg
[2012.06.15 01:29:35 | 000,024,425 | ---- | M] () -- C:\Users\Jan\Desktop\542412_455731557788398_1977578464_n.jpg
[2012.06.14 23:55:41 | 000,258,845 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_235527.png
[2012.06.14 22:09:58 | 002,698,792 | ---- | M] () -- C:\Users\Jan\Desktop\Ohne Titel.mp4
[2012.06.14 22:08:42 | 000,234,350 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_220737.png
[2012.06.14 19:36:03 | 001,150,158 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_14062012_193543.png
[2012.06.14 16:04:03 | 000,026,344 | ---- | M] () -- C:\Users\Jan\Desktop\s715i.jpg
[2012.06.14 03:01:39 | 000,380,808 | ---- | M] () -- C:\Users\Jan\Desktop\001.jpg
[2012.06.13 15:00:13 | 000,386,404 | ---- | M] () -- C:\Users\Jan\Desktop\1_9_2 (2).jpg
[2012.06.13 14:48:22 | 001,280,574 | ---- | M] () -- C:\Users\Jan\Desktop\IMG_13062012_144713.png
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.13 01:03:38 | 000,065,848 | ---- | C] () -- C:\Users\Jan\Desktop\trojaner.htm
[2012.07.13 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Jan\defogger_reenable
[2012.07.13 00:39:25 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@
[2012.07.12 20:38:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 19:29:41 | 000,000,031 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\mbam.context.scan
[2012.07.12 19:20:54 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\DVD Architect Studio 5.0.lnk
[2012.07.12 19:16:39 | 000,030,280 | ---- | C] () -- C:\Users\Jan\Desktop\396660_334528939964014_1687567269_n.jpg
[2012.07.12 19:02:01 | 000,002,728 | ---- | C] () -- C:\Users\Jan\Documents\DVD Architect Studio registrieren.htm
[2012.07.12 18:15:03 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000032.@
[2012.07.12 18:15:03 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\L\00000004.@
[2012.07.12 18:15:02 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000064.@
[2012.07.12 18:15:02 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\80000000.@
[2012.07.12 18:15:02 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000004.@
[2012.07.12 18:15:02 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\000000cb.@
[2012.07.12 17:56:20 | 000,001,974 | ---- | C] () -- C:\Users\Jan\Desktop\DVD Architect Pro 5.0.lnk
[2012.07.12 17:14:56 | 000,002,728 | ---- | C] () -- C:\Users\Jan\Documents\DVD Architect Pro registrieren.htm
[2012.07.12 16:04:13 | 000,048,505 | ---- | C] () -- C:\Users\Jan\Desktop\600024_10151028374990769_319057127_n.jpg
[2012.07.12 15:21:38 | 000,001,081 | ---- | C] () -- C:\Users\Jan\Desktop\DVDStyler.lnk
[2012.07.12 00:09:45 | 001,881,808 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_12072012_000933.png
[2012.07.11 21:07:14 | 000,347,669 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_11072012_210652.png
[2012.07.11 20:33:54 | 000,100,562 | ---- | C] () -- C:\Users\Jan\Desktop\live (1).jpg
[2012.07.11 20:30:15 | 000,122,855 | ---- | C] () -- C:\Users\Jan\Desktop\552542_443756838989471_1311366834_n.jpg
[2012.07.11 19:28:06 | 000,048,020 | ---- | C] () -- C:\Users\Jan\Desktop\527873_495330790483655_1778004771_n.jpg
[2012.07.11 19:21:25 | 000,024,163 | ---- | C] () -- C:\Users\Jan\Desktop\TheHobbit_320x480_mobile-wallpaper.jpg
[2012.07.11 17:41:36 | 000,037,377 | ---- | C] () -- C:\Users\Jan\Desktop\8866530486900046_IxgsXGwy_f.jpg
[2012.07.10 20:53:30 | 000,054,908 | ---- | C] () -- C:\Users\Jan\Desktop\293802_441919932505018_607248145_n.jpg
[2012.07.10 16:31:03 | 000,072,181 | ---- | C] () -- C:\Users\Jan\Desktop\391321_441123819261895_1500593594_n.jpg
[2012.07.10 03:39:06 | 000,079,046 | ---- | C] () -- C:\Users\Jan\Desktop\417727_441544632542548_1456269016_n.jpg
[2012.07.09 19:09:03 | 000,051,073 | ---- | C] () -- C:\Users\Jan\Desktop\486177_441511875879157_430364828_n.jpg
[2012.07.09 18:42:30 | 000,716,564 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02042012_201631.png
[2012.07.09 16:03:01 | 000,026,545 | ---- | C] () -- C:\Users\Jan\Desktop\fbd8ad035a4560a1aa5cd6a66aa87a08.jpg
[2012.07.09 14:44:51 | 000,219,527 | ---- | C] () -- C:\Users\Jan\Desktop\avm_fritzbox_wlan_3270-v6.jpg
[2012.07.09 02:09:34 | 000,427,068 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_09072012_020918.png
[2012.07.08 23:47:08 | 000,092,494 | ---- | C] () -- C:\Users\Jan\Desktop\396944_410403992344833_351460604_n.jpg
[2012.07.07 20:00:27 | 003,576,636 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731_3.jpg
[2012.07.07 19:48:57 | 003,590,230 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731_2.jpg
[2012.07.07 19:41:33 | 003,515,153 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1731.jpg
[2012.07.07 18:41:47 | 000,001,096 | ---- | C] () -- C:\Users\Jan\Desktop\Ashampoo WinOptimizer 6.lnk
[2012.07.07 15:56:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.07 03:38:34 | 001,181,365 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_2808.jpg
[2012.07.07 02:31:17 | 001,201,595 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_07072012_023109.png
[2012.07.07 02:06:38 | 000,039,210 | ---- | C] () -- C:\Users\Jan\Desktop\8084_10150922148443176_1409767915_n.jpg
[2012.07.06 15:24:57 | 000,071,302 | ---- | C] () -- C:\Users\Jan\Desktop\579629_3666562228509_591003334_n.jpg
[2012.07.06 15:21:36 | 000,356,181 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_06072012_152121.png
[2012.07.06 13:59:13 | 000,068,888 | ---- | C] () -- C:\Users\Jan\Desktop\483293_10151071363130664_1460663421_n.jpg
[2012.07.05 14:41:31 | 000,060,530 | ---- | C] () -- C:\Users\Jan\Desktop\550513_10150971121317250_624631558_n.jpg
[2012.07.05 11:25:21 | 000,090,150 | ---- | C] () -- C:\Users\Jan\Desktop\309349_10150943442884821_1921945662_n.jpg
[2012.07.05 10:57:03 | 000,414,892 | ---- | C] () -- C:\Users\Jan\Desktop\10.jpg
[2012.07.05 02:29:50 | 000,265,659 | ---- | C] () -- C:\Users\Jan\Desktop\marspic_1024.jpg
[2012.07.05 02:22:42 | 000,804,220 | ---- | C] () -- C:\Users\Jan\Desktop\Cratere_Bonneville_sur_Mars_vu_par_le_rover_Spirit.jpg
[2012.07.04 15:34:56 | 000,555,405 | ---- | C] () -- C:\Users\Jan\Desktop\07.jpg
[2012.07.04 04:57:09 | 000,040,205 | ---- | C] () -- C:\Users\Jan\Desktop\380680_4098551419305_1359789862_n.jpg
[2012.07.04 04:56:27 | 000,024,896 | ---- | C] () -- C:\Users\Jan\Desktop\524247_4216004041902_219905661_n.jpg
[2012.07.04 04:41:04 | 000,050,532 | ---- | C] () -- C:\Users\Jan\Desktop\Gong Rechnung Juni 2012.pdf
[2012.07.04 01:33:47 | 000,037,728 | ---- | C] () -- C:\Users\Jan\Desktop\311531_350126945023774_619333422_n.jpg
[2012.07.04 01:15:15 | 000,050,047 | ---- | C] () -- C:\Users\Jan\Desktop\baerlauch.jpg
[2012.07.04 00:05:42 | 000,043,690 | ---- | C] () -- C:\Users\Jan\Desktop\Mars_1.jpg
[2012.07.03 16:19:58 | 000,084,349 | ---- | C] () -- C:\Users\Jan\Desktop\581976_455878877764731_66146524_n.jpg
[2012.07.03 16:19:26 | 000,041,272 | ---- | C] () -- C:\Users\Jan\Desktop\zujg.jpg
[2012.07.03 15:47:40 | 000,027,674 | ---- | C] () -- C:\Users\Jan\Desktop\527894_449684868390009_319062588_n.jpg
[2012.07.03 15:46:31 | 000,054,341 | ---- | C] () -- C:\Users\Jan\Desktop\557829_361127947294457_2092409336_n.jpg
[2012.07.03 15:45:10 | 000,063,706 | ---- | C] () -- C:\Users\Jan\Desktop\600102_438665499497128_401874923_n.jpg
[2012.07.03 15:40:53 | 000,070,330 | ---- | C] () -- C:\Users\Jan\Desktop\399174_363860620345926_532984886_n.jpg
[2012.07.03 15:33:25 | 000,025,417 | ---- | C] () -- C:\Users\Jan\Desktop\528442_442013489152401_846630949_n.jpg
[2012.07.03 15:32:35 | 000,030,054 | ---- | C] () -- C:\Users\Jan\Desktop\182540_331679326911910_1776086151_n.jpg
[2012.07.03 15:31:23 | 000,021,962 | ---- | C] () -- C:\Users\Jan\Desktop\293274_467110876635473_1451069661_n.jpg
[2012.07.03 15:28:21 | 000,034,180 | ---- | C] () -- C:\Users\Jan\Desktop\u.jpg
[2012.07.03 03:35:38 | 000,058,613 | ---- | C] () -- C:\Users\Jan\Desktop\376875_466463636700198_723921992_n.jpg
[2012.07.02 02:51:40 | 000,588,555 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_025002.png
[2012.07.02 01:20:16 | 000,167,907 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_012000.png
[2012.07.02 00:12:47 | 000,216,525 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_02072012_001225.png
[2012.07.01 19:06:12 | 000,168,910 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_01072012_190555.png
[2012.06.29 01:43:51 | 000,543,885 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_29062012_014333.png
[2012.06.29 01:19:38 | 000,412,016 | ---- | C] () -- C:\Users\Jan\Desktop\MVI_2202.mp3
[2012.06.28 18:25:12 | 000,506,585 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_28062012_182502.png
[2012.06.28 18:20:41 | 000,248,763 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_28062012_182020.png
[2012.06.28 18:11:40 | 000,238,984 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_0306.jpg
[2012.06.27 23:14:38 | 000,253,241 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_27062012_231354.png
[2012.06.27 22:13:50 | 000,219,689 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_27062012_221335.png
[2012.06.26 16:13:57 | 000,416,382 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_161342.png
[2012.06.26 16:11:41 | 000,415,864 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_161132.png
[2012.06.26 15:36:30 | 000,485,921 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_153622.png
[2012.06.26 01:21:37 | 000,153,019 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_012121.png
[2012.06.26 00:54:54 | 000,225,466 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_005147.png
[2012.06.26 00:54:22 | 000,225,280 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_26062012_005211.png
[2012.06.25 19:27:35 | 000,692,860 | ---- | C] () -- C:\Users\Jan\Desktop\18.jpg
[2012.06.24 23:24:17 | 000,397,968 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_24062012_232328.png
[2012.06.24 16:55:09 | 000,022,874 | ---- | C] () -- C:\Users\Jan\Desktop\600697_286971414734082_1596480150_n.jpg
[2012.06.24 16:53:34 | 000,153,376 | ---- | C] () -- C:\Users\Jan\Desktop\533397_383436081720107_1702884464_n.jpg
[2012.06.24 15:29:02 | 000,043,860 | ---- | C] () -- C:\Users\Jan\Desktop\379104_289961341044811_1350045290_n.jpg
[2012.06.24 15:26:15 | 000,084,051 | ---- | C] () -- C:\Users\Jan\Desktop\309507_291573407550271_426832357_n.jpg
[2012.06.24 15:26:01 | 000,044,185 | ---- | C] () -- C:\Users\Jan\Desktop\374190_295424550498490_575297564_n.jpg
[2012.06.24 15:25:42 | 000,159,980 | ---- | C] () -- C:\Users\Jan\Desktop\373859_300416319999313_1441714320_n.jpg
[2012.06.24 15:25:24 | 000,110,068 | ---- | C] () -- C:\Users\Jan\Desktop\380165_320725134635098_1718565664_n.jpg
[2012.06.24 15:25:06 | 000,027,231 | ---- | C] () -- C:\Users\Jan\Desktop\405513_327211960653082_582236530_n.jpg
[2012.06.24 15:24:09 | 000,040,992 | ---- | C] () -- C:\Users\Jan\Desktop\431001_356492914391653_1886625402_n.jpg
[2012.06.24 15:23:15 | 000,040,317 | ---- | C] () -- C:\Users\Jan\Desktop\485144_367968976577380_619537276_n.jpg
[2012.06.24 15:22:55 | 000,142,854 | ---- | C] () -- C:\Users\Jan\Desktop\538864_372755956098682_422651986_n.jpg
[2012.06.24 15:22:40 | 000,035,348 | ---- | C] () -- C:\Users\Jan\Desktop\319851_384024908305120_41244667_n.jpg
[2012.06.24 15:21:43 | 000,093,357 | ---- | C] () -- C:\Users\Jan\Desktop\549289_412175318823412_1311443225_n.jpg
[2012.06.24 15:21:24 | 000,145,425 | ---- | C] () -- C:\Users\Jan\Desktop\545514_411113625596248_57626409_n.jpg
[2012.06.24 15:21:02 | 000,052,220 | ---- | C] () -- C:\Users\Jan\Desktop\578180_417952271579050_1176525883_n.jpg
[2012.06.24 15:20:02 | 000,142,037 | ---- | C] () -- C:\Users\Jan\Desktop\292102_416053071768970_1762247089_n.jpg
[2012.06.24 15:17:55 | 000,048,061 | ---- | C] () -- C:\Users\Jan\Desktop\540672_425409314166679_1109603287_n.jpg
[2012.06.24 15:17:23 | 000,116,225 | ---- | C] () -- C:\Users\Jan\Desktop\600130_426293297411614_1054108455_n.jpg
[2012.06.24 15:15:36 | 000,030,400 | ---- | C] () -- C:\Users\Jan\Desktop\479720_429007057140238_1551756514_n.jpg
[2012.06.24 15:15:26 | 000,033,748 | ---- | C] () -- C:\Users\Jan\Desktop\599708_429446447096299_1729669172_n.jpg
[2012.06.24 15:15:07 | 000,067,102 | ---- | C] () -- C:\Users\Jan\Desktop\208968_429513030422974_1871102937_n.jpg
[2012.06.24 15:14:49 | 000,046,913 | ---- | C] () -- C:\Users\Jan\Desktop\480062_430067133700897_1319664948_n.jpg
[2012.06.24 15:13:54 | 000,072,533 | ---- | C] () -- C:\Users\Jan\Desktop\532886_431111920263085_1310207881_n.jpg
[2012.06.24 15:13:15 | 000,044,838 | ---- | C] () -- C:\Users\Jan\Desktop\556447_431616336879310_1628302468_n.jpg
[2012.06.22 02:12:47 | 000,040,973 | ---- | C] () -- C:\Users\Jan\Desktop\250840_343712922365907_2029366532_n.jpg
[2012.06.22 01:52:31 | 000,043,215 | ---- | C] () -- C:\Users\Jan\Desktop\581158_314567728638253_1333646722_n.jpg
[2012.06.22 01:47:14 | 000,043,715 | ---- | C] () -- C:\Users\Jan\Desktop\542315_10151643410468484_351756534_n.jpg
[2012.06.21 17:27:30 | 000,472,967 | ---- | C] () -- C:\Users\Jan\Desktop\A6_antrag_foto.pdf
[2012.06.20 23:42:32 | 002,166,062 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_1612.JPG
[2012.06.20 23:40:43 | 000,770,102 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_234036.png
[2012.06.20 22:24:40 | 000,190,213 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_222417.png
[2012.06.20 20:51:19 | 001,395,524 | ---- | C] () -- C:\Users\Jan\Desktop\dj phil.wav
[2012.06.20 20:47:05 | 000,019,159 | ---- | C] () -- C:\Users\Jan\Desktop\600738_427976630576614_172168825_n.jpg
[2012.06.20 20:46:15 | 000,050,278 | ---- | C] () -- C:\Users\Jan\Desktop\196111_419795351394742_1115079185_n.jpg
[2012.06.20 20:44:59 | 000,046,723 | ---- | C] () -- C:\Users\Jan\Desktop\562443_423728507668093_425654802_n.jpg
[2012.06.20 20:33:03 | 000,070,501 | ---- | C] () -- C:\Users\Jan\Desktop\bob.jpg
[2012.06.20 15:20:01 | 000,098,544 | ---- | C] () -- C:\Users\Jan\Desktop\pizza.jpg
[2012.06.20 14:02:57 | 000,049,778 | ---- | C] () -- C:\Users\Jan\Desktop\601271_10151855169685584_595958766_n.jpg
[2012.06.20 01:00:36 | 000,721,724 | ---- | C] () -- C:\Users\Jan\Desktop\hochzeit_ingo_nadine.mp4
[2012.06.20 00:52:10 | 000,139,060 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_20062012_005206.png
[2012.06.20 00:16:04 | 001,203,391 | ---- | C] () -- C:\Users\Jan\Desktop\bruch.wmv
[2012.06.19 21:35:06 | 000,023,175 | ---- | C] () -- C:\Users\Jan\Desktop\zukunft.jpg
[2012.06.19 19:26:00 | 000,197,824 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_19062012_192525.png
[2012.06.19 19:25:03 | 000,187,196 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_19062012_192458.png
[2012.06.19 15:28:55 | 000,027,176 | ---- | C] () -- C:\Users\Jan\Desktop\538315_377709162290903_1580378685_n.jpg
[2012.06.19 15:28:27 | 000,019,997 | ---- | C] () -- C:\Users\Jan\Desktop\533432_10151638156488484_1677446043_n.jpg
[2012.06.19 15:26:14 | 000,054,568 | ---- | C] () -- C:\Users\Jan\Desktop\fussball.jpg
[2012.06.19 03:19:49 | 000,053,109 | ---- | C] () -- C:\Users\Jan\Desktop\melone.jpg
[2012.06.18 23:41:38 | 000,239,623 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_234128.png
[2012.06.18 23:10:49 | 000,712,060 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_230527.png
[2012.06.18 22:50:56 | 000,205,055 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_225048.png
[2012.06.18 22:37:45 | 001,005,546 | ---- | C] () -- C:\Users\Jan\Desktop\pan3.jpg
[2012.06.18 21:12:01 | 000,039,644 | ---- | C] () -- C:\Users\Jan\Desktop\batcat.jpg
[2012.06.18 21:09:41 | 000,094,677 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_210933.png
[2012.06.18 17:26:52 | 000,178,765 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_18062012_172635.png
[2012.06.18 13:46:39 | 000,061,158 | ---- | C] () -- C:\Users\Jan\Desktop\katz.jpg
[2012.06.16 17:59:57 | 001,905,550 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_16062012_175924.png
[2012.06.16 17:59:51 | 001,839,255 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_16062012_175913.png
[2012.06.16 16:38:37 | 000,048,974 | ---- | C] () -- C:\Users\Jan\Desktop\carrot.jpg
[2012.06.15 21:01:44 | 000,026,939 | ---- | C] () -- C:\Users\Jan\Desktop\father.jpg
[2012.06.15 18:34:33 | 000,027,362 | ---- | C] () -- C:\Users\Jan\Desktop\2personenliege.jpg
[2012.06.15 18:34:14 | 000,052,338 | ---- | C] () -- C:\Users\Jan\Desktop\kacken.jpg
[2012.06.15 14:26:33 | 000,035,418 | ---- | C] () -- C:\Users\Jan\Desktop\166523_320183311399056_1005710147_n.jpg
[2012.06.15 01:29:52 | 000,024,425 | ---- | C] () -- C:\Users\Jan\Desktop\542412_455731557788398_1977578464_n.jpg
[2012.06.14 23:55:35 | 000,258,845 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_235527.png
[2012.06.14 22:08:36 | 000,234,350 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_220737.png
[2012.06.14 22:07:42 | 002,698,792 | ---- | C] () -- C:\Users\Jan\Desktop\Ohne Titel.mp4
[2012.06.14 19:35:51 | 001,150,158 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_14062012_193543.png
[2012.06.14 16:04:12 | 000,026,344 | ---- | C] () -- C:\Users\Jan\Desktop\s715i.jpg
[2012.06.14 03:01:42 | 000,380,808 | ---- | C] () -- C:\Users\Jan\Desktop\001.jpg
[2012.06.13 15:00:15 | 000,386,404 | ---- | C] () -- C:\Users\Jan\Desktop\1_9_2 (2).jpg
[2012.06.13 14:48:10 | 001,280,574 | ---- | C] () -- C:\Users\Jan\Desktop\IMG_13062012_144713.png
[2012.04.29 22:36:46 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Starglow.exe
[2012.04.20 18:21:03 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.20 18:21:00 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.05 04:52:46 | 000,000,005 | ---- | C] () -- C:\Windows\BorisFX BCC7.ini
[2012.01.25 07:16:47 | 000,000,238 | ---- | C] () -- C:\Windows\wininit.ini
[2012.01.25 03:59:15 | 000,004,441 | ---- | C] () -- C:\Windows\jcvtwwx48.ini
[2012.01.11 18:33:16 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\@
[2011.12.14 23:21:36 | 000,000,147 | ---- | C] () -- C:\Windows\RealFlight.INI
[2011.11.11 04:54:40 | 000,000,054 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\updater.cfg
[2011.10.17 21:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\RegKey.exe
[2011.10.17 21:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\Sony Vegas Pro 10 Portable.exe
[2011.09.29 17:30:05 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2011.09.18 07:34:58 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011.09.11 02:46:15 | 001,810,360 | ---- | C] () -- C:\Users\Jan\herbst.png
[2011.09.11 02:46:15 | 001,520,612 | ---- | C] () -- C:\Users\Jan\sommer.png
[2011.09.11 02:46:15 | 001,433,407 | ---- | C] () -- C:\Users\Jan\frühling.png
[2011.09.11 02:46:15 | 000,810,133 | ---- | C] () -- C:\Users\Jan\winter.png
[2011.08.30 01:50:34 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.30 01:45:37 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.08.30 01:38:21 | 000,063,940 | ---- | C] () -- C:\Users\Jan\t2.jpg
[2011.08.30 01:38:21 | 000,032,760 | ---- | C] () -- C:\Users\Jan\t1.jpg
[2011.08.15 20:07:24 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.08.15 20:07:23 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.08.15 20:07:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.08.15 20:07:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.08.15 20:07:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.07.18 02:40:42 | 001,656,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.16 13:09:13 | 000,002,706 | ---- | C] () -- C:\Windows\lightworks.ini
[2011.06.11 13:32:57 | 000,000,842 | ---- | C] () -- C:\Users\Jan\.recently-used.xbel
[2011.06.04 15:00:50 | 000,049,642 | ---- | C] () -- C:\Users\Jan\index.php
[2011.03.14 19:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
[2011.02.03 03:21:09 | 000,007,597 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg
[2010.09.26 16:37:02 | 000,013,824 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 16:05:54 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.08.22 15:11:25 | 000,000,336 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.08.18 00:50:34 | 000,001,456 | ---- | C] () -- C:\Users\Jan\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2010.08.04 14:35:32 | 000,000,238 | ---- | C] () -- C:\Windows\EasyCT.INI
[2009.11.02 22:43:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2010.08.04 14:03:26 | 000,000,000 | -HSD | M] -- C:\Users\Jan\AppData\Roaming\.#
[2010.06.11 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\acccore
[2010.08.26 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audacity
[2011.08.02 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Audio Recorder for Free
[2012.02.06 03:39:14 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\avidemux
[2012.04.20 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Babylon
[2010.12.12 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Canneverbe Limited
[2012.05.09 17:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Canon
[2011.10.29 04:35:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.29 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DesktopIconForAmazon
[2012.07.12 16:47:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Dropbox
[2011.08.01 00:24:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft
[2011.02.21 06:13:22 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.14 06:30:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\elsterformular
[2011.06.17 01:05:08 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\EurekaLog
[2011.06.18 05:39:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\fdrtools.com
[2012.07.13 00:09:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FileZilla
[2010.08.25 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FlashGet
[2012.03.16 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Free Download Manager
[2010.06.04 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GameConsole
[2012.04.30 03:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GetRightToGo
[2010.08.25 02:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\gtk-2.0
[2011.10.22 04:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Gunther Wegner
[2012.03.23 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2011.08.03 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\IrfanView
[2011.06.10 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\jAlbum
[2011.09.21 15:14:33 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MAGIX
[2012.01.15 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MAXON
[2011.01.15 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Moyea
[2011.11.04 06:01:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\NeatVideo SV 64
[2011.10.31 07:19:25 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Nvu
[2012.01.10 00:39:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy
[2010.08.04 23:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org
[2010.08.09 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Opera
[2010.06.04 16:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Packard Bell
[2011.08.15 04:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PhotoScape
[2011.06.08 02:26:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Pixmantec
[2010.06.04 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PlayFirst
[2012.04.06 05:47:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\proDAD
[2010.12.08 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ProtectDisc
[2011.10.17 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Publish Providers
[2012.03.01 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\QuickScan
[2011.11.11 04:54:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Red Giant Link
[2012.07.12 19:19:42 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony
[2011.10.27 08:41:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Sony Creative Software Inc
[2012.07.09 02:51:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Spotify
[2010.10.14 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.12.09 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TeamViewer
[2010.10.11 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Thinstall
[2011.07.22 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2010.08.17 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TrueCrypt
[2011.10.06 03:11:12 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2010.08.05 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Uniblue
[2010.07.27 21:34:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ViquaSoft
[2010.08.17 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Vodafone
[2011.01.03 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Windows Live Writer
[2012.07.13 01:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000Core.job
[2012.07.13 01:00:10 | 000,001,134 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666297943-1773055161-344599904-1000UA.job
[2012.07.06 12:18:30 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2012.06.02 04:03:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Alt 13.07.2012, 17:53   #2
markusg
/// Malware-holic
 
Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ - Standard

Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@



hi
wenn du onlinebanking machst, rufe die bank an, sperren lassen wegen zero access rootkit.
da dieses ein gefärhliches rootkit ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Antwort

Themen zu Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@
00000008.@, adobe, application/pdf:, autorun, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, cyberghost, explorer, firefox, flash player, format, free download, google earth, haribo, home, launch, limited.com/facebook, logfile, mozilla, mp3, nvidia, object, packard bell, photoshop, realtek, rundll, scan, searchscopes, security, senden, software, spam, tracker, trojan.dropper.bcminer, trojaner, windows, wlan



Ähnliche Themen: Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@


  1. Entfernung von 'HTML/Malicious.Flash.Gen' [virus] in 'C:\Windows\Temp\00000008-42E79AFD' aber wie?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  2. Trojan.Zacces in C:\Windows\Installer\{eed5af05-0375-5448-574c-b403a95466a9}\U\000000cb.@
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (2)
  3. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  4. Infektion mit GVU Trojaner;Trjan.0Accsess,Ransom.Gen,Delf,Dropper.BCMiner,Drop.Gs
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  5. C:\Windows\Installer\{186ebdc5-ab8b-9ec9-f05a-9114f54dd4b0}\u\\00000008.@ virus
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (12)
  6. Trojan.Dropped.PE4 Windows\Installer\{5440c0cf-6c4c-51f3-4500-c3c0d724cfcf0\n und weitere
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (14)
  7. HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (15)
  8. dropper.bcminer / ZeroAccess
    Log-Analyse und Auswertung - 27.07.2012 (1)
  9. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (6)
  10. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  11. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (7)
  12. Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (23)
  13. 4 Trojaner & veränderte Systemdatei (ATRAPS.Gen & Gen2, Dropper.BCMiner, ZAccess.H)
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (9)
  14. 2x Rootkit0.Access, Trojan.Zaccess und zweimal Trojan.Dropper.PE4 in C:\Windows\Installer\
    Log-Analyse und Auswertung - 14.07.2012 (3)
  15. TR/ATRAPS.Gen2 und Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  16. Adobe Flash Player Installer Virus / TrojanDropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)

Zum Thema Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ - Guten Tag, habe mir den "Trojan.Dropper.BCMiner" laut Malwarebytes eingefangen. Leider habe ich ihn voreilig in Malwarebytes schon gelöscht. Ich hoffe es kann mir jemand weiterhelfen, wie ich weiter vorgehen soll, - Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@...
Archiv
Du betrachtest: Trojan.Dropper.BCMiner in C:\Windows\Installer\{a0961373-e51f-470b-7bb6-244289a4398b}\U\00000008.@ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.