Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unerklärlicher Übergriff, Fachleute gesucht!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2013, 15:51   #1
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Hallo, ich habe folgendes Problem:
Habe über facebook messenger gechattet, 2 mal mit der gleichen person(übers Handy).
Diese Unterhaltung plus Daten aus meinem email eingang(nicht facebook), wurden per email, von meiner email adresse, an meine Freundin geschickt.
Wie geht das? War in der Zeit im wlan.
Danke für eure Hilfe

Das hat mein Virenscan ergeben:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.22.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Ron :: HOME [Administrator]

Schutz: Aktiviert

22.01.2013 15:44:41
mbam-log-2013-01-22 (15-44-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210033
Laufzeit: 23 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
c:\users\ron\downloads\uusee_setup_2007_oversea.exe (PUP.Uusee) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\users\ron\downloads\install_flash_player.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Geändert von sunsetx1 (22.01.2013 um 16:13 Uhr)

Alt 22.01.2013, 16:19   #2
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



hi
1. ist das wlan verschlüsselt, wenn ja wie?
2. warum hat dieses System noch nie updates gesehen, windows ist ohne Servicepack 2 zb.
3. sind das alle Malwarebytes Logs? falls nein, öffne es, Logdateien, poste Berichte mit funden.
4.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 23.01.2013, 11:25   #3
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Hallo Markus, danke für dein engagement.ich bin ein absolutes greenhorn in sachen pc, hoffe dennoch alles richtig gemacht zu haben. das w lan ist verschlüsselt, man muss einen code eingeben.
hier die daten:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.01.2013 21:02:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ron\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1012,45 Mb Total Physical Memory | 224,54 Mb Available Physical Memory | 22,18% Memory free
2,24 Gb Paging File | 0,62 Gb Available in Paging File | 27,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,70 Gb Total Space | 133,03 Gb Free Space | 41,48% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,19 Gb Free Space | 69,67% Space Free | Partition Type: FAT32
 
Computer Name: HOME | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.22 20:21:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.25 16:01:16 | 013,019,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.07.03 11:58:10 | 000,464,896 | ---- | M] (telegate MEDIA AG) -- C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE
PRC - [2009.06.26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.12.13 17:51:46 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2008.12.13 17:15:26 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.12.03 12:47:34 | 001,205,760 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 13:15:10 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 13:15:08 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.09.19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.06.03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.08.17 12:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008.07.29 12:51:22 | 000,806,912 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtNetwork4.dll
MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.19 00:53:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.17 19:30:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.12.13 17:15:26 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.24 13:15:10 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 13:15:08 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.26 15:09:56 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.06.26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009.05.27 23:41:06 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.27 23:41:01 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.27 23:41:00 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.12.13 17:15:26 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.09.15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.09.15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.09.15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.09.15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2008.01.03 14:18:13 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.04.13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=111863&tt=290312_bexdll&babsrc=SP_ss&mntrId=7618d20d000000000000001d9222e750
IE - HKCU\..\SearchScopes\{1266AF82-A6E3-4B42-B015-052395CD9A04}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultenginename,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.mybiz.de/"
FF - prefs.js..browser.startup.homepage: h", "hxxp://search.babylon.com/home?AF=16502&tt=110112_ncp1"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=111863&tt=290312_bexdll&babsrc=adbartrp&mntrId=7618d20d000000000000001d9222e750&q="
FF - prefs.js..keyword.URL,h: h", "hxxp://search.babylon.com/?babsrc=KW_def&AF=16502&tt=110112_ncp1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.02.10 16:38:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 00:53:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 00:53:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 00:53:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 00:53:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2008.09.02 13:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Extensions
[2012.11.23 14:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\cmm6nye8.default\extensions
[2012.11.23 14:50:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\firefox\profiles\cmm6nye8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.19 00:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 00:53:07 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2009.08.08 02:02:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.19 00:53:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.25 01:10:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 21:15:31 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 22:48:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.25 01:10:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.25 01:10:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.25 01:10:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.25 01:10:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=16502&tt=110112_ncp1&babsrc=SP_def&mntrId=7618d20d000000000000001d9222e750
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: wirtschaftslinks, links wirtschaft, portal business, business-portal, suchdienst, finanzen, geldanlage, aktien, aktienfonds, fonds, zinsen, linksammlung, wirtschaftsdienste
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE (telegate MEDIA AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C284AF-C7E0-4233-A052-537AA2AA7231}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c714eca0-1ca9-11df-a64c-001d9222e750}\Shell - "" = AutoRun
O33 - MountPoints2\{c714eca0-1ca9-11df-a64c-001d9222e750}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e6deb475-cd71-11dd-b366-001d9222e750}\Shell\AutoRun\command - "" = I:\EmDesk.exe
O33 - MountPoints2\{e6deb475-cd71-11dd-b366-001d9222e750}\Shell\EmDesk\command - "" = I:\EmDesk.exe
O33 - MountPoints2\{f0fa19d4-a6f6-11df-9a54-001d9222e750}\Shell - "" = AutoRun
O33 - MountPoints2\{f0fa19d4-a6f6-11df-9a54-001d9222e750}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.22 16:27:15 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\PC Sicherheit
[2013.01.22 15:42:47 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Malwarebytes
[2013.01.22 15:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.22 15:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.22 15:41:47 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.22 15:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.22 01:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.22 01:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.22 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.22 01:08:56 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.22 01:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.22 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\Simply Super Software
[2013.01.22 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Simply Super Software
[2013.01.22 01:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.01.22 01:06:51 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2013.01.22 01:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.01.22 01:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.01.19 00:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.06 03:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2013.01.05 03:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\eMule
[2013.01.05 03:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2013.01.05 03:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2013.01.03 20:40:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Mental
[2013.01.03 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Poker
[2013.01.03 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Yamadi
[2013.01.03 20:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.03 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.03 20:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.03 20:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.03 20:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.03 20:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.03 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 21:05:06 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job
[2013.01.22 21:01:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
[2013.01.22 20:50:12 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
[2013.01.22 20:35:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.22 20:31:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 20:19:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 20:19:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 19:01:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
[2013.01.22 16:19:25 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.22 16:19:25 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.22 16:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 16:19:15 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 01:24:38 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.22 01:24:38 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.21 23:50:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
[2013.01.07 16:58:51 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.07 16:58:51 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.07 16:58:51 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.07 16:58:51 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.05 19:48:51 | 000,078,336 | ---- | M] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.05 03:09:35 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2013.01.03 20:25:55 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 20:03:01 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.22 01:10:11 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.22 01:10:10 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.22 01:10:04 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.22 01:09:30 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.22 01:06:51 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2013.01.22 01:06:51 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2013.01.22 01:06:51 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2013.01.22 01:06:51 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2013.01.05 03:09:35 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2013.01.03 20:25:55 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 20:03:01 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.03 19:56:25 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.29 21:16:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2008.01.03 15:29:11 | 000,078,336 | ---- | C] () -- C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.29 17:56:13 | 000,000,091 | ---- | C] () -- C:\Users\Ron\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.02.19 20:22:41 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\ACD Systems
[2011.12.28 21:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\AllDup
[2012.04.09 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\BOM
[2009.05.29 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Image Zone Express
[2009.11.24 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\klickTel
[2013.01.06 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Nokia
[2009.02.10 16:40:58 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\PC Suite
[2008.09.18 10:49:04 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Printer Info Cache
[2012.02.10 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\QuickStoresToolbar
[2010.08.07 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\RayV
[2009.02.10 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Samsung
[2013.01.22 01:07:07 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Simply Super Software
[2011.02.14 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\TeamViewer
[2012.11.01 12:31:53 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.10.14 21:07:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.05.30 21:23:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.03.04 16:33:06 | 000,000,000 | ---D | M] -- C:\Casino
[2013.01.18 03:27:53 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.12.29 17:51:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.02 03:10:08 | 000,000,000 | ---D | M] -- C:\Intel
[2010.08.19 23:15:43 | 000,000,000 | ---D | M] -- C:\lj631ge
[2010.08.19 23:17:43 | 000,000,000 | ---D | M] -- C:\lj632
[2008.01.03 14:25:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.05.30 21:08:02 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.08.07 22:25:31 | 000,000,000 | ---D | M] -- C:\Poker
[2013.01.22 16:14:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.22 15:41:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.12.29 17:51:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.22 21:06:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.12.29 17:55:11 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.03 20:34:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.01.19 08:33:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2007.12.29 23:42:07 | 000,000,414 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job
[2009.07.01 02:46:00 | 000,001,060 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
[2009.07.01 02:46:02 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
[2010.05.27 21:34:54 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.05.27 21:34:57 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.10.01 22:40:13 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
[2011.10.01 22:40:44 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
[2012.06.07 23:08:46 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.22 01:10:04 | 000,000,620 | ---- | C] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.22 01:10:10 | 000,000,616 | ---- | C] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.22 01:10:11 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 03:07:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.02.11 03:08:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.02.11 03:08:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.15 21:19:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.10.15 21:19:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 08:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.19 08:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.01.22 21:16:14 | 003,932,160 | -HS- | M] () -- C:\Users\Ron\ntuser.dat
[2013.01.22 21:16:14 | 000,262,144 | -H-- | M] () -- C:\Users\Ron\ntuser.dat.LOG1
[2007.12.29 17:55:34 | 000,000,000 | -H-- | M] () -- C:\Users\Ron\ntuser.dat.LOG2
[2013.01.22 16:17:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.01.22 16:17:26 | 000,524,288 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.12.30 00:07:17 | 000,524,288 | -HS- | M] () -- C:\Users\Ron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.12.29 17:55:34 | 000,000,020 | -HS- | M] () -- C:\Users\Ron\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
--- --- ---
__________________

Alt 23.01.2013, 11:49   #4
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



hatt spybot oder trojan remover was gefunden? wenn ja, Berichte posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 11:56   #5
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Die Fenster hab ich leider wieder geschlossen, nach dem scan.


Alt 23.01.2013, 13:21   #6
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



dann öffne die Programme und schaue, ob logs gespeichert wurden, dies passiert automatisch.
__________________
--> Unerklärlicher Übergriff, Fachleute gesucht!

Alt 23.01.2013, 14:48   #7
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Hallo Markus, das folgende hab ich noch auf spybot gefunden.
Hast du eine Ahnung, wie er das gemacht hat und kann ich ihn ausfindig machen?
Gruss
Search results from Spybot - Search & Destroy

22.01.2013 13:00:02
Scan took 11:16:29.
145 items found.

Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $C2E2DFDF] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
Directory.subfile.size=330240
Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47
Directory.subfile.filedate=1312297518
Directory.subfile.filedatetext=2011-08-02 16:05:18
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
Directory.subfile.size=539648
Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15
Directory.subfile.filedate=1312297490
Directory.subfile.filedatetext=2011-08-02 16:04:50
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
Directory.subfile.size=347648
Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3
Directory.subfile.filedate=1312297572
Directory.subfile.filedatetext=2011-08-02 16:06:12
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
Directory.subfile.size=237680
Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988
Directory.subfile.filedate=1313324632
Directory.subfile.filedatetext=2011-08-14 13:23:52
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
Directory.subfile.size=82870
Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2
Directory.subfile.filedate=1333052188
Directory.subfile.filedatetext=2012-03-29 21:16:28
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
Directory.subfile.size=270960
Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F
Directory.subfile.filedate=1313324666
Directory.subfile.filedatetext=2011-08-14 13:24:26

Babylon.Toolbar: [SBI $6FD65E4E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
Directory.subfile.size=330240
Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47
Directory.subfile.filedate=1312297518
Directory.subfile.filedatetext=2011-08-02 16:05:18
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
Directory.subfile.size=539648
Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15
Directory.subfile.filedate=1312297490
Directory.subfile.filedatetext=2011-08-02 16:04:50
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
Directory.subfile.size=347648
Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3
Directory.subfile.filedate=1312297572
Directory.subfile.filedatetext=2011-08-02 16:06:12
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
Directory.subfile.size=237680
Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988
Directory.subfile.filedate=1313324632
Directory.subfile.filedatetext=2011-08-14 13:23:52
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
Directory.subfile.size=82870
Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2
Directory.subfile.filedate=1333052188
Directory.subfile.filedatetext=2012-03-29 21:16:28
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
Directory.subfile.size=270960
Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F
Directory.subfile.filedate=1313324666
Directory.subfile.filedatetext=2011-08-14 13:24:26

Babylon.Toolbar: [SBI $DC3E8AFA] IE start page (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\Main\Start Page

Babylon.Toolbar: [SBI $BD2D2D7E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
Directory.subfile.size=330240
Directory.subfile.md5=0D3C94D4405B18DD0F5FA45C2F1E6E47
Directory.subfile.filedate=1312297518
Directory.subfile.filedatetext=2011-08-02 16:05:18
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
Directory.subfile.size=539648
Directory.subfile.md5=9E333A83F65F010BAE4B958E71775C15
Directory.subfile.filedate=1312297490
Directory.subfile.filedatetext=2011-08-02 16:04:50
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
Directory.subfile.size=347648
Directory.subfile.md5=1EABCD6054C6E728E8DA3F2321FC29D3
Directory.subfile.filedate=1312297572
Directory.subfile.filedatetext=2011-08-02 16:06:12
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
Directory.subfile.size=237680
Directory.subfile.md5=034C197E79D7233BD04BFAC1710CB988
Directory.subfile.filedate=1313324632
Directory.subfile.filedatetext=2011-08-14 13:23:52
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
Directory.subfile.size=82870
Directory.subfile.md5=D92CE939AF049E8014760842B1C409D2
Directory.subfile.filedate=1333052188
Directory.subfile.filedatetext=2012-03-29 21:16:28
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
Directory.subfile.size=270960
Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F
Directory.subfile.filedate=1313324666
Directory.subfile.filedatetext=2011-08-14 13:24:26

Babylon.Toolbar: [SBI $7C2CF2C5] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\
Directory.subfile=C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
Directory.subfile.size=270960
Directory.subfile.md5=C471B1EEF9DF1C55B5261006CE04E11F
Directory.subfile.filedate=1313324666
Directory.subfile.filedatetext=2011-08-14 13:24:26

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Roaming\Babylon\
Directory.subfile=C:\Users\Ron\AppData\Roaming\Babylon\log_file.txt
Directory.subfile.size=4099
Directory.subfile.md5=7FBDD3C464E86D9C7AAE4265091CD6F3
Directory.subfile.filedate=1333052158
Directory.subfile.filedatetext=2012-03-29 21:15:58

Babylon.Toolbar: [SBI $0C3B54D0] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Babylon\
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\bab033.tbinst.dat
Directory.subfile.size=236
Directory.subfile.md5=1EE8C638E49EE7137607722768AFC5A2
Directory.subfile.filedate=1307274978
Directory.subfile.filedatetext=2011-06-05 12:56:18
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
Directory.subfile.size=174
Directory.subfile.md5=4F6E1FDBEF102CDBD379FDAC550B9F48
Directory.subfile.filedate=1308125304
Directory.subfile.filedatetext=2011-06-15 09:08:24
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Babylon.dat
Directory.subfile.size=11205
Directory.subfile.md5=8E6B33A7F03E2693A614002587A35DDD
Directory.subfile.filedate=1322746935
Directory.subfile.filedatetext=2011-12-01 14:42:15
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\BExternal-9.0.3.34.zpb
Directory.subfile.size=47992
Directory.subfile.md5=B4C74D56F07E5EB2996ACC2595DFA229
Directory.subfile.filedate=1333052131
Directory.subfile.filedatetext=2012-03-29 21:15:30
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\BExternal.dll
Directory.subfile.size=129536
Directory.subfile.md5=DB5E9AD61B4B79E90A234D03E477F4DF
Directory.subfile.filedate=1322747017
Directory.subfile.filedatetext=2011-12-01 14:43:37
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\IECookieLow.dll
Directory.subfile.size=5120
Directory.subfile.md5=D1A5AEBE2A21C95D965372831FA1BEFC
Directory.subfile.filedate=1322747008
Directory.subfile.filedatetext=2011-12-01 14:43:28
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb
Directory.subfile.size=1149080
Directory.subfile.md5=8182E482CE818DD9AB659C5ED2202093
Directory.subfile.filedate=1333052135
Directory.subfile.filedatetext=2012-03-29 21:15:35
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\Setup.exe
Directory.subfile.size=1789040
Directory.subfile.md5=CA99DD593A24A7369D07DDEF76023819
Directory.subfile.filedate=1322754554
Directory.subfile.filedatetext=2011-12-01 16:49:13
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\SetupStrings.dat
Directory.subfile.size=78257
Directory.subfile.md5=34546AEE591222803EC21650738AE9EE
Directory.subfile.filedate=1322746937
Directory.subfile.filedatetext=2011-12-01 14:42:16
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\sqlite3.dll
Directory.subfile.size=520234
Directory.subfile.md5=0F66E8E2340569FB17E774DAC2010E31
Directory.subfile.filedate=1269864168
Directory.subfile.filedatetext=2010-03-29 13:02:48
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
Directory.subfile.size=3547
Directory.subfile.md5=F42EF9814569EC9F8C120D0ED4914326
Directory.subfile.filedate=1304004693
Directory.subfile.filedatetext=2011-04-28 16:31:33
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\common.js
Directory.subfile.size=3291
Directory.subfile.md5=61326FE65B7AB277221D5FD3C3D8154F
Directory.subfile.filedate=1310995363
Directory.subfile.filedatetext=2011-07-18 14:22:43
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
Directory.subfile.size=79858
Directory.subfile.md5=1636D09667D7915D32F5C1B157942D70
Directory.subfile.filedate=1322754364
Directory.subfile.filedatetext=2011-12-01 16:46:04
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
Directory.subfile.size=25645
Directory.subfile.md5=D494998CD34C0FF5973635026F0805D6
Directory.subfile.filedate=1306936602
Directory.subfile.filedatetext=2011-06-01 14:56:42
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
Directory.subfile.size=3710
Directory.subfile.md5=D4C0D08D93A6DD53B2CE883F4AD8F22C
Directory.subfile.filedate=1306398580
Directory.subfile.filedatetext=2011-05-26 09:29:40
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
Directory.subfile.size=4698
Directory.subfile.md5=29D9063A9364656B7FCA644A6B1787E8
Directory.subfile.filedate=1310995363
Directory.subfile.filedatetext=2011-07-18 14:22:43
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
Directory.subfile.size=8138
Directory.subfile.md5=B256A4B205477A42E0FF9DFFB970798E
Directory.subfile.filedate=1309852935
Directory.subfile.filedatetext=2011-07-05 09:02:15
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
Directory.subfile.size=3811
Directory.subfile.md5=4A26ECDEECFB5BD336096C42F2DE6D68
Directory.subfile.filedate=1306943377
Directory.subfile.filedatetext=2011-06-01 16:49:37
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
Directory.subfile.size=2782
Directory.subfile.md5=613F21FD9BE71493F7F0F7F289FABA46
Directory.subfile.filedate=1310391298
Directory.subfile.filedatetext=2011-07-11 14:34:58
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
Directory.subfile.size=3814
Directory.subfile.md5=FD652A422B85B3E5A13862375E2D80ED
Directory.subfile.filedate=1320058422
Directory.subfile.filedatetext=2011-10-31 11:53:42
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
Directory.subfile.size=3667
Directory.subfile.md5=59658B575F68F8CC30E5790720E705DE
Directory.subfile.filedate=1320058422
Directory.subfile.filedatetext=2011-10-31 11:53:42
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
Directory.subfile.size=1876
Directory.subfile.md5=3ACBC4A0B720FD5DAFF11530AE9E0295
Directory.subfile.filedate=1310391298
Directory.subfile.filedatetext=2011-07-11 14:34:58
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
Directory.subfile.size=667
Directory.subfile.md5=C4F7CC784A074A1F6E27CAB8AFB994FD
Directory.subfile.filedate=1318252445
Directory.subfile.filedatetext=2011-10-10 14:14:04
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
Directory.subfile.size=3208
Directory.subfile.md5=26621CB27BBC94F6BAB3561791AC013B
Directory.subfile.filedate=1309852936
Directory.subfile.filedatetext=2011-07-05 09:02:16
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
Directory.subfile.size=26111
Directory.subfile.md5=12EF76069CC40B8AD478D9091915DED6
Directory.subfile.filedate=1306415658
Directory.subfile.filedatetext=2011-05-26 14:14:18
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
Directory.subfile.size=45973
Directory.subfile.md5=A9E1F1F2B2628C6EE61C1E11C7288BAF
Directory.subfile.filedate=1306415658
Directory.subfile.filedatetext=2011-05-26 14:14:18
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
Directory.subfile.size=19693
Directory.subfile.md5=56DC3CB42B46309E642C15167003685D
Directory.subfile.filedate=1304004697
Directory.subfile.filedatetext=2011-04-28 16:31:37
Directory.subfile=C:\Users\Ron\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
Directory.subfile.size=3052
Directory.subfile.md5=1385093E8869C3DE726A0D5E04D1DA97
Directory.subfile.filedate=1304004697
Directory.subfile.filedatetext=2011-04-28 16:31:37

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

EverestPoker: [SBI $34F4B617] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker

EverestPoker: [SBI $34F4B617] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker

EverestPoker: [SBI $EB906E36] Program directory (Directory, nothing done)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\
Directory.subfile=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Everest Poker.lnk
Directory.subfile.size=1797
Directory.subfile.md5=F507471579B659B206E723C829D0F20C
Directory.subfile.filedate=1225298310
Directory.subfile.filedatetext=2008-10-29 17:38:30
Directory.subfile=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker\Uninstall Everest Poker.lnk
Directory.subfile.size=1775
Directory.subfile.md5=60B08413FABC1F50EEBCB9F97B673BD5
Directory.subfile.filedate=1225298310
Directory.subfile.filedatetext=2008-10-29 17:38:30

EverestPoker: [SBI $42D10C04] Program directory (Directory, nothing done)
C:\Program Files\Everest Poker\
Directory.subfile=C:\Program Files\Everest Poker\casino.exe
Directory.subfile.size=21612
Directory.subfile.md5=D395E4F51AD4BD700EE27006D26A5C8D
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20
Directory.subfile=C:\Program Files\Everest Poker\cstart.exe
Directory.subfile.size=150016
Directory.subfile.md5=3925AB22CD5DF9AB0ADD52D53AC30FDE
Directory.subfile.filedate=1254853077
Directory.subfile.filedatetext=2009-10-06 19:17:56
Directory.subfile=C:\Program Files\Everest Poker\Everest Poker.exe
Directory.subfile.size=145920
Directory.subfile.md5=7D278D52FAA148C02F959E618365805B
Directory.subfile.filedate=1225298298
Directory.subfile.filedatetext=2008-10-29 17:38:17
Directory.subfile=C:\Program Files\Everest Poker\gvbase.dll
Directory.subfile.size=606208
Directory.subfile.md5=EA9F4F958155711E6CB3BC7642050F3E
Directory.subfile.filedate=1254853078
Directory.subfile.filedatetext=2009-10-06 19:17:57
Directory.subfile=C:\Program Files\Everest Poker\gvcrt.dll
Directory.subfile.size=105984
Directory.subfile.md5=321BF926751CCA4E6364805127410B7C
Directory.subfile.filedate=1225298302
Directory.subfile.filedatetext=2008-10-29 17:38:21
Directory.subfile=C:\Program Files\Everest Poker\gvgfx-dib.dll
Directory.subfile.size=180224
Directory.subfile.md5=F99F9AD45F139CC8433CC7DD440928BF
Directory.subfile.filedate=1254853079
Directory.subfile.filedatetext=2009-10-06 19:17:58
Directory.subfile=C:\Program Files\Everest Poker\gvgfx.dll
Directory.subfile.size=1069056
Directory.subfile.md5=9A98107085556B2894EE7078A85ABD45
Directory.subfile.filedate=1254853080
Directory.subfile.filedatetext=2009-10-06 19:18:00
Directory.subfile=C:\Program Files\Everest Poker\gvmain.dll
Directory.subfile.size=2711552
Directory.subfile.md5=D0A81EAD946D88D04F5191D64319D3AE
Directory.subfile.filedate=1254853084
Directory.subfile.filedatetext=2009-10-06 19:18:04
Directory.subfile=C:\Program Files\Everest Poker\gvmain.exe
Directory.subfile.size=21612
Directory.subfile.md5=D395E4F51AD4BD700EE27006D26A5C8D
Directory.subfile.filedate=1225298308
Directory.subfile.filedatetext=2008-10-29 17:38:27
Directory.subfile=C:\Program Files\Everest Poker\gvnetwork.dll
Directory.subfile.size=192512
Directory.subfile.md5=B7CF960EEEF89399D325219735726B22
Directory.subfile.filedate=1254853085
Directory.subfile.filedatetext=2009-10-06 19:18:05
Directory.subfile=C:\Program Files\Everest Poker\gvsound.dll
Directory.subfile.size=217088
Directory.subfile.md5=41DE00D8DA8BC6A632BAA9150273E8FB
Directory.subfile.filedate=1254853086
Directory.subfile.filedatetext=2009-10-06 19:18:06
Directory.subfile=C:\Program Files\Everest Poker\init.ini
Directory.subfile.size=869
Directory.subfile.md5=7DF585C57B0542D78458636344ACA000
Directory.subfile.filedate=1225298298
Directory.subfile.filedatetext=2008-10-29 17:38:17
Directory.subfile=C:\Program Files\Everest Poker\log.dat
Directory.subfile.size=4096
Directory.subfile.md5=B947D47E32C8D485A648AB4150851761
Directory.subfile.filedate=1254853252
Directory.subfile.filedatetext=2009-10-06 19:20:52
Directory.subfile=C:\Program Files\Everest Poker\settings.ini
Directory.subfile.size=1300
Directory.subfile.md5=7E4F34CDD6A74ED5464DAF893037D578
Directory.subfile.filedate=1254853252
Directory.subfile.filedatetext=2009-10-06 19:20:52
Directory.subfile=C:\Program Files\Everest Poker\toc_de.ini
Directory.subfile.size=3623
Directory.subfile.md5=B39E821F594C25C32A3D6E3CF27DD860
Directory.subfile.filedate=1254853100
Directory.subfile.filedatetext=2009-10-06 19:18:20
Directory.subfile=C:\Program Files\Everest Poker\var\content-de.dat
Directory.subfile.size=10138
Directory.subfile.md5=339AFE20A6B8CD629ED26118B38DFBE4
Directory.subfile.filedate=1254853234
Directory.subfile.filedatetext=2009-10-06 19:20:34
Directory.subfile=C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf
Directory.subfile.size=72988
Directory.subfile.md5=758A121697F57FE4E943CB330A36DBBD
Directory.subfile.filedate=1225298329
Directory.subfile.filedatetext=2008-10-29 17:38:48
Directory.subfile=C:\Program Files\Everest Poker\data\mp-lobby\de.gvt
Directory.subfile.size=215040
Directory.subfile.md5=48B94B9DE72AF31152B3B8D8A75E7715
Directory.subfile.filedate=1254853119
Directory.subfile.filedatetext=2009-10-06 19:18:39
Directory.subfile=C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt
Directory.subfile.size=808960
Directory.subfile.md5=8D6B463AE211BF07665D3F0F416FD3A3
Directory.subfile.filedate=1254853120
Directory.subfile.filedatetext=2009-10-06 19:18:40
Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\shared.gvt
Directory.subfile.size=3358720
Directory.subfile.md5=A99DACDE0699AE5D56D1965079BFEEAE
Directory.subfile.filedate=1254853121
Directory.subfile.filedatetext=2009-10-06 19:18:41
Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt
Directory.subfile.size=614400
Directory.subfile.md5=22985F760F301E64C2F0A3E01E69ED17
Directory.subfile.filedate=1254853112
Directory.subfile.filedatetext=2009-10-06 19:18:31
Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\bitmaps.gvt
Directory.subfile.size=10240
Directory.subfile.md5=17E9D25383A4553C5523EC85B13779CE
Directory.subfile.filedate=1254853113
Directory.subfile.filedatetext=2009-10-06 19:18:32
Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\mp-poker_strings.txt
Directory.subfile.size=22820
Directory.subfile.md5=E21FDB9B6FF5B1FA74EFA11E1E29380E
Directory.subfile.filedate=1254853114
Directory.subfile.filedatetext=2009-10-06 19:18:33
Directory.subfile=C:\Program Files\Everest Poker\data\mp-poker\de\mp-poker_tutorial.txt
Directory.subfile.size=22021
Directory.subfile.md5=E98B1BCD1557B070CD5430095484BD40
Directory.subfile.filedate=1225298321
Directory.subfile.filedatetext=2008-10-29 17:38:41
Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\country.txt
Directory.subfile.size=6280
Directory.subfile.md5=F996ADE97E9DA5D583B92C04A7EFFBE3
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\language.txt
Directory.subfile.size=748
Directory.subfile.md5=6FB842BDCA1976A90BD4AD7979913270
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\de\ordinal.txt
Directory.subfile.size=166
Directory.subfile.md5=DDC093B4775961559798C563AA6C9527
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\startup\de\cstart.txt
Directory.subfile.size=612
Directory.subfile.md5=E5F90BC92E2CEB087CE34B7348B6E120
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20
Directory.subfile=C:\Program Files\Everest Poker\data\startup\de\startup_strings.txt
Directory.subfile.size=8021
Directory.subfile.md5=D521809E463BE65B442FAE88B9172411
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20
Directory.subfile=C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt
Directory.subfile.size=7047
Directory.subfile.md5=2988076710763141097AB3E5F3A38F04
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
Directory.subfile.size=10240
Directory.subfile.md5=B6F698D58C22B7897E323E6F3F26DCB9
Directory.subfile.filedate=1254853109
Directory.subfile.filedatetext=2009-10-06 19:18:28
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
Directory.subfile.size=460
Directory.subfile.md5=E84F53F544490D26842951BEB21E27F3
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
Directory.subfile.size=4590
Directory.subfile.md5=AFB27703EA6BBC0D560A459187193E0E
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
Directory.subfile.size=6292
Directory.subfile.md5=0B1DD18799788F99097338AA7069187C
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
Directory.subfile.size=8358
Directory.subfile.md5=ACAB5D35647FE451BB3CB75BA6F72440
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
Directory.subfile.size=10180
Directory.subfile.md5=A659FA76BF36682CC44F949CDFDAC103
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
Directory.subfile.size=5224
Directory.subfile.md5=5239EBF845B1D6B547F944363F67BAC7
Directory.subfile.filedate=1225298318
Directory.subfile.filedatetext=2008-10-29 17:38:38
Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
Directory.subfile.size=38819
Directory.subfile.md5=DF474031AD2F3FB67F01EA37E009515F
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20
Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
Directory.subfile.size=25214
Directory.subfile.md5=85F38EC724F75DB5A5B9A5A507E50FEA
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:19
Directory.subfile=C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
Directory.subfile.size=9431
Directory.subfile.md5=CB6254344BDDC1DB0B37EB67928D31AE
Directory.subfile.filedate=1225298300
Directory.subfile.filedatetext=2008-10-29 17:38:20

EverestPoker: [SBI $012980E0] Executable (File, nothing done)
C:\Program Files\Everest Poker\casino.exe
Properties.size=21612
Properties.md5=D395E4F51AD4BD700EE27006D26A5C8D
Properties.filedate=1225298300
Properties.filedatetext=2008-10-29 17:38:20

EverestPoker: [SBI $55F744B5] Library (File, nothing done)
C:\Program Files\Everest Poker\gvcrt.dll
Properties.size=105984
Properties.md5=321BF926751CCA4E6364805127410B7C
Properties.filedate=1225298302
Properties.filedatetext=2008-10-29 17:38:21

EverestPoker: [SBI $E1EE1856] Executable (File, nothing done)
C:\Program Files\Everest Poker\gvmain.exe
Properties.size=21612
Properties.md5=D395E4F51AD4BD700EE27006D26A5C8D
Properties.filedate=1225298308
Properties.filedatetext=2008-10-29 17:38:27

EverestPoker: [SBI $6608D1A7] Text file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\de\language.txt
Properties.size=748
Properties.md5=6FB842BDCA1976A90BD4AD7979913270
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $7BF77F2C] Text file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\de\ordinal.txt
Properties.size=166
Properties.md5=DDC093B4775961559798C563AA6C9527
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $EF3D122C] Picture (File, nothing done)
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
Properties.size=4590
Properties.md5=AFB27703EA6BBC0D560A459187193E0E
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $28C86989] Sound file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
Properties.size=6292
Properties.md5=0B1DD18799788F99097338AA7069187C
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $C3345D6A] Sound file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
Properties.size=8358
Properties.md5=ACAB5D35647FE451BB3CB75BA6F72440
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $C6CE616E] Sound file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
Properties.size=10180
Properties.md5=A659FA76BF36682CC44F949CDFDAC103
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $C282539E] Sound file (File, nothing done)
C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
Properties.size=5224
Properties.md5=5239EBF845B1D6B547F944363F67BAC7
Properties.filedate=1225298318
Properties.filedatetext=2008-10-29 17:38:38

EverestPoker: [SBI $2CC1875F] Picture (File, nothing done)
C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
Properties.size=25214
Properties.md5=85F38EC724F75DB5A5B9A5A507E50FEA
Properties.filedate=1225298300
Properties.filedatetext=2008-10-29 17:38:19

EverestPoker: [SBI $381CFDB8] Sound file (File, nothing done)
C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
Properties.size=9431
Properties.md5=CB6254344BDDC1DB0B37EB67928D31AE
Properties.filedate=1225298300
Properties.filedatetext=2008-10-29 17:38:20

EverestPoker: [SBI $C42AAFB3] User settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Grand Virtual\XD3C

Facebook.Messenger: [SBI $917BFFAB] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
Directory.subfile.size=45056
Directory.subfile.md5=579FF5AF5C46242257C56E4D995C4865
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
Directory.subfile.size=686960
Directory.subfile.md5=49D3F53BEA86A4EFEFA53550E0DBFDB1
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
Directory.subfile.size=26480
Directory.subfile.md5=245C905CB32EE583B58E67041817AB3D
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
Directory.subfile.size=29552
Directory.subfile.md5=928B67BC1C6290A7A83C03C1026F11BE
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
Directory.subfile.size=28528
Directory.subfile.md5=250EA8B66EA9A455729466C29180D453
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
Directory.subfile.size=29040
Directory.subfile.md5=5BA1698F71EF08E6BFEBC31DBDE96CE7
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
Directory.subfile.size=28528
Directory.subfile.md5=8FFC4A8F1E181ABD7091404F30307DEC
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
Directory.subfile.size=28528
Directory.subfile.md5=2CBD4F2B68728CFDB002FC847AEF4CEE
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
Directory.subfile.size=30064
Directory.subfile.md5=81EB95166B3C26C4229997100C380A64
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
Directory.subfile.size=30576
Directory.subfile.md5=68538B8FD01085017F6AA9A21B4C0C93
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
Directory.subfile.size=27504
Directory.subfile.md5=9A06D1681F83ACBA866F10B533A29A39
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
Directory.subfile.size=27504
Directory.subfile.md5=E79CAF0620FCA23560EFB8AC7C45E9A4
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
Directory.subfile.size=28528
Directory.subfile.md5=183F0F95486CE4C6FA415B57788D4811
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
Directory.subfile.size=30064
Directory.subfile.md5=118C1DCD37F48B288DDAB6406C61885B
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
Directory.subfile.size=28016
Directory.subfile.md5=7CD0531FCB03A999487F9F686A225C6A
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
Directory.subfile.size=26992
Directory.subfile.md5=DF5344C5FF431016A2E724DE7C5877E5
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
Directory.subfile.size=28528
Directory.subfile.md5=EB259F25CAFDD2C90D1FE88B55633433
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
Directory.subfile.size=29552
Directory.subfile.md5=D7052C201E03A48DD5F5701A90D070EB
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
Directory.subfile.size=30064
Directory.subfile.md5=95189C946904AFDEAD9E86C7558B1E08
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
Directory.subfile.size=28528
Directory.subfile.md5=C53E6E5215A9451ADF9191D993B26218
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
Directory.subfile.size=28016
Directory.subfile.md5=6B6AD952A21EA7E2B8EA4CB0B62845EA
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
Directory.subfile.size=29040
Directory.subfile.md5=79CB4E19373D532F6EF633186764ACD6
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
Directory.subfile.size=29552
Directory.subfile.md5=C80151966BA529CA392800917C616C13
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
Directory.subfile.size=28016
Directory.subfile.md5=9C49FD934BF47C77153BAD231131A16A
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
Directory.subfile.size=28016
Directory.subfile.md5=B3C7E8C9104645FFBB37DEE8FCCB51B0
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
Directory.subfile.size=29552
Directory.subfile.md5=FD00E6E085CB4490C3AA69984866F8FD
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
Directory.subfile.size=25456
Directory.subfile.md5=756C427AC238F793DB221AA2A8E82B28
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
Directory.subfile.size=23920
Directory.subfile.md5=A441431E92D5AE2AEF50234A5E3DA636
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
Directory.subfile.size=28016
Directory.subfile.md5=1121612A178AA31132D0AECCA5AEF5F3
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
Directory.subfile.size=23920
Directory.subfile.md5=9C8A79DA591BE82B25E090B52AA244F5
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
Directory.subfile.size=28016
Directory.subfile.md5=5290DDB098DD7F5B8E262C3B1083C330
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
Directory.subfile.size=29040
Directory.subfile.md5=F807CFB05E71764FE766E67D1A6C778D
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
Directory.subfile.size=31088
Directory.subfile.md5=270AF00622A795A89E77AE9C1F1D20EA
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
Directory.subfile.size=28016
Directory.subfile.md5=81CAD769D1BEB6E87934E3B97E5D9A54
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
Directory.subfile.size=28016
Directory.subfile.md5=C2F52F75C8F480255B6394CD22797A2A
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
Directory.subfile.size=29552
Directory.subfile.md5=B667561D8C6A0A1BAF69D6424C66FC7E
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
Directory.subfile.size=28528
Directory.subfile.md5=EB302E73B57EB99025A678118A8C7930
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
Directory.subfile.size=28528
Directory.subfile.md5=6FD10DE5279A85C9F8CF55EEC4B109B2
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
Directory.subfile.size=29552
Directory.subfile.md5=B09DDAA27BDA52C6E7FBB185BC79A5F4
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
Directory.subfile.size=29040
Directory.subfile.md5=FB50E8BF12C2042D70280D88921E1031
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
Directory.subfile.size=28528
Directory.subfile.md5=20812EBB25389A18CD66D7410FAD459B
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
Directory.subfile.size=29552
Directory.subfile.md5=9DC3F69B7DF214F88E605D94B167CE99
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
Directory.subfile.size=28016
Directory.subfile.md5=B3F59E99F1D368611630C81C7DED2175
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
Directory.subfile.size=28528
Directory.subfile.md5=695A19229311A4C83CE44C62FB4CA6A8
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
Directory.subfile.size=29040
Directory.subfile.md5=E33089260B0D52B567A6E3E80F54F812
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
Directory.subfile.size=28528
Directory.subfile.md5=A151B0B290FDFC8B76BDBC6ABDD39BA2
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
Directory.subfile.size=28016
Directory.subfile.md5=86A09E67219FD5294D30E2BD70F24141
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
Directory.subfile.size=29552
Directory.subfile.md5=2EBC6C11B60DA1E995ED96CEF7B443FA
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
Directory.subfile.size=29040
Directory.subfile.md5=1B4EC82DE451C102C4A3DFF0565A4182
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
Directory.subfile.size=26992
Directory.subfile.md5=DF798E15FEEB265076AA5579596B71C7
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
Directory.subfile.size=28528
Directory.subfile.md5=7DBA96EAAFD9F4DC387EA713C72B22CC
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
Directory.subfile.size=28528
Directory.subfile.md5=E5CFA8BC9BDA6F4FA626D7B3CF292159
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
Directory.subfile.size=28016
Directory.subfile.md5=0B92E9530F35A51302A3ABA913C9B173
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
Directory.subfile.size=27504
Directory.subfile.md5=F5142E69070228FB8D3868BC19108F82
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
Directory.subfile.size=21872
Directory.subfile.md5=2DED5194BB4CA4F4E11C5CEF5B4DDB7D
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
Directory.subfile.size=21872
Directory.subfile.md5=416130658D96FFB77F6253499C11AFB6
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\shared.lck
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317505503
Directory.subfile.filedatetext=2011-10-01 22:45:02
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\shared.xml
Directory.subfile.size=55463
Directory.subfile.md5=4AD053E1C855661F00D1A173EC3B90ED
Directory.subfile.filedate=1346600055
Directory.subfile.filedatetext=2012-09-02 16:34:15
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Directory.subfile.size=3933584
Directory.subfile.md5=7CDC2CC95CF83B07CA26E46D971115B9
Directory.subfile.filedate=1349995386
Directory.subfile.filedatetext=2012-10-11 23:43:06
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
Directory.subfile.size=1075600
Directory.subfile.md5=0B31B0F8FA99CFD009C8FBEA9E20C9DE
Directory.subfile.filedate=1349995384
Directory.subfile.filedatetext=2012-10-11 23:43:04
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt
Directory.subfile.size=7368
Directory.subfile.md5=DCE4889F1D3B1B78191C9577D2911701
Directory.subfile.filedate=1349994936
Directory.subfile.filedatetext=2012-10-11 23:35:36
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\config.lck
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317505510
Directory.subfile.filedatetext=2011-10-01 22:45:09
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\config.xml
Directory.subfile.size=1702
Directory.subfile.md5=89A4465D620DF9C8EB8D598015C93EBD
Directory.subfile.filedate=1326128627
Directory.subfile.filedatetext=2012-01-09 18:03:47
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\contactgro up256.dbb
Directory.subfile.size=2925
Directory.subfile.md5=0B6B64C96743CC20957071B9F11828D7
Directory.subfile.filedate=1317505515
Directory.subfile.filedatetext=2011-10-01 22:45:15
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\index2.dat
Directory.subfile.size=224
Directory.subfile.md5=31CCAC9AF91242FE0991373A7BC4B282
Directory.subfile.filedate=1317505516
Directory.subfile.filedatetext=2011-10-01 22:45:16
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\main.lock
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317505511
Directory.subfile.filedatetext=2011-10-01 22:45:11
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Video\Common\fb#3aac5id2gdxcpxequcyic30mcbxoromh91xavkwf3khkfwgb9xfpda2yh9o3l4gzpxr4q\profile256 .dbb
Directory.subfile.size=98
Directory.subfile.md5=954CA3892AEE59290D9A9D821BA23458
Directory.subfile.filedate=1326128624
Directory.subfile.filedatetext=2012-01-09 18:03:43

Facebook.Messenger: [SBI $21F6393C] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\CrashReports\

Facebook.Messenger: [SBI $05D5B32B] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\Update\
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
Directory.subfile.size=138096
Directory.subfile.md5=9EB925EDC8CF1C3D06E50E9348B54A0A
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
Directory.subfile.size=45056
Directory.subfile.md5=579FF5AF5C46242257C56E4D995C4865
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
Directory.subfile.size=686960
Directory.subfile.md5=49D3F53BEA86A4EFEFA53550E0DBFDB1
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
Directory.subfile.size=26480
Directory.subfile.md5=245C905CB32EE583B58E67041817AB3D
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
Directory.subfile.size=29552
Directory.subfile.md5=928B67BC1C6290A7A83C03C1026F11BE
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
Directory.subfile.size=28528
Directory.subfile.md5=250EA8B66EA9A455729466C29180D453
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
Directory.subfile.size=29040
Directory.subfile.md5=5BA1698F71EF08E6BFEBC31DBDE96CE7
Directory.subfile.filedate=1342043127
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
Directory.subfile.size=28528
Directory.subfile.md5=8FFC4A8F1E181ABD7091404F30307DEC
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
Directory.subfile.size=28528
Directory.subfile.md5=2CBD4F2B68728CFDB002FC847AEF4CEE
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
Directory.subfile.size=30064
Directory.subfile.md5=81EB95166B3C26C4229997100C380A64
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
Directory.subfile.size=30576
Directory.subfile.md5=68538B8FD01085017F6AA9A21B4C0C93
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
Directory.subfile.size=27504
Directory.subfile.md5=9A06D1681F83ACBA866F10B533A29A39
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
Directory.subfile.size=27504
Directory.subfile.md5=E79CAF0620FCA23560EFB8AC7C45E9A4
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
Directory.subfile.size=28528
Directory.subfile.md5=183F0F95486CE4C6FA415B57788D4811
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
Directory.subfile.size=30064
Directory.subfile.md5=118C1DCD37F48B288DDAB6406C61885B
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
Directory.subfile.size=28016
Directory.subfile.md5=7CD0531FCB03A999487F9F686A225C6A
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
Directory.subfile.size=26992
Directory.subfile.md5=DF5344C5FF431016A2E724DE7C5877E5
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
Directory.subfile.size=28528
Directory.subfile.md5=EB259F25CAFDD2C90D1FE88B55633433
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
Directory.subfile.size=29552
Directory.subfile.md5=D7052C201E03A48DD5F5701A90D070EB
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
Directory.subfile.size=30064
Directory.subfile.md5=95189C946904AFDEAD9E86C7558B1E08
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
Directory.subfile.size=28528
Directory.subfile.md5=C53E6E5215A9451ADF9191D993B26218
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
Directory.subfile.size=28016
Directory.subfile.md5=6B6AD952A21EA7E2B8EA4CB0B62845EA
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:27
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
Directory.subfile.size=29040
Directory.subfile.md5=79CB4E19373D532F6EF633186764ACD6
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
Directory.subfile.size=29552
Directory.subfile.md5=C80151966BA529CA392800917C616C13
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
Directory.subfile.size=28016
Directory.subfile.md5=9C49FD934BF47C77153BAD231131A16A
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
Directory.subfile.size=28016
Directory.subfile.md5=B3C7E8C9104645FFBB37DEE8FCCB51B0
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
Directory.subfile.size=29552
Directory.subfile.md5=FD00E6E085CB4490C3AA69984866F8FD
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
Directory.subfile.size=25456
Directory.subfile.md5=756C427AC238F793DB221AA2A8E82B28
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
Directory.subfile.size=23920
Directory.subfile.md5=A441431E92D5AE2AEF50234A5E3DA636
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
Directory.subfile.size=28016
Directory.subfile.md5=1121612A178AA31132D0AECCA5AEF5F3
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
Directory.subfile.size=23920
Directory.subfile.md5=9C8A79DA591BE82B25E090B52AA244F5
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
Directory.subfile.size=28016
Directory.subfile.md5=5290DDB098DD7F5B8E262C3B1083C330
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
Directory.subfile.size=29040
Directory.subfile.md5=F807CFB05E71764FE766E67D1A6C778D
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
Directory.subfile.size=31088
Directory.subfile.md5=270AF00622A795A89E77AE9C1F1D20EA
Directory.subfile.filedate=1342043128
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
Directory.subfile.size=28016
Directory.subfile.md5=81CAD769D1BEB6E87934E3B97E5D9A54
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
Directory.subfile.size=28016
Directory.subfile.md5=C2F52F75C8F480255B6394CD22797A2A
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
Directory.subfile.size=29552
Directory.subfile.md5=B667561D8C6A0A1BAF69D6424C66FC7E
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
Directory.subfile.size=28528
Directory.subfile.md5=EB302E73B57EB99025A678118A8C7930
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
Directory.subfile.size=28528
Directory.subfile.md5=6FD10DE5279A85C9F8CF55EEC4B109B2
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
Directory.subfile.size=29552
Directory.subfile.md5=B09DDAA27BDA52C6E7FBB185BC79A5F4
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
Directory.subfile.size=29040
Directory.subfile.md5=FB50E8BF12C2042D70280D88921E1031
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
Directory.subfile.size=28528
Directory.subfile.md5=20812EBB25389A18CD66D7410FAD459B
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
Directory.subfile.size=29552
Directory.subfile.md5=9DC3F69B7DF214F88E605D94B167CE99
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
Directory.subfile.size=28016
Directory.subfile.md5=B3F59E99F1D368611630C81C7DED2175
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
Directory.subfile.size=28528
Directory.subfile.md5=695A19229311A4C83CE44C62FB4CA6A8
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
Directory.subfile.size=29040
Directory.subfile.md5=E33089260B0D52B567A6E3E80F54F812
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
Directory.subfile.size=28528
Directory.subfile.md5=A151B0B290FDFC8B76BDBC6ABDD39BA2
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
Directory.subfile.size=28016
Directory.subfile.md5=86A09E67219FD5294D30E2BD70F24141
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
Directory.subfile.size=29552
Directory.subfile.md5=2EBC6C11B60DA1E995ED96CEF7B443FA
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
Directory.subfile.size=29040
Directory.subfile.md5=1B4EC82DE451C102C4A3DFF0565A4182
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
Directory.subfile.size=26992
Directory.subfile.md5=DF798E15FEEB265076AA5579596B71C7
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:28
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
Directory.subfile.size=28528
Directory.subfile.md5=7DBA96EAAFD9F4DC387EA713C72B22CC
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
Directory.subfile.size=28528
Directory.subfile.md5=E5CFA8BC9BDA6F4FA626D7B3CF292159
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
Directory.subfile.size=28016
Directory.subfile.md5=0B92E9530F35A51302A3ABA913C9B173
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
Directory.subfile.size=27504
Directory.subfile.md5=F5142E69070228FB8D3868BC19108F82
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
Directory.subfile.size=21872
Directory.subfile.md5=2DED5194BB4CA4F4E11C5CEF5B4DDB7D
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29
Directory.subfile=C:\Users\Ron\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
Directory.subfile.size=21872
Directory.subfile.md5=416130658D96FFB77F6253499C11AFB6
Directory.subfile.filedate=1342043129
Directory.subfile.filedatetext=2012-07-11 22:45:29

Facebook.Messenger: [SBI $CC858234] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\Update\Download\

Facebook.Messenger: [SBI $EA825272] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\Update\Manifest\

Facebook.Messenger: [SBI $EB8149C2] Program directory (Directory, nothing done)
C:\Users\Ron\AppData\Local\Facebook\Update\Manifest\Initial\

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn.yycast.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=66D8DFAF8C5156ACE7F12B1C43FAF551
Properties.filedate=1352002603
Properties.filedatetext=2012-11-04 05:16:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.videobash.com\com.jeroenwijering.sol
Properties.size=64
Properties.md5=D36E62FB39F47B79032009854CEBC93C
Properties.filedate=1355050638
Properties.filedatetext=2012-12-09 11:57:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\files.leton.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=8CA6CAE776AD9A709175EB9AD147C0AB
Properties.filedate=1352002729
Properties.filedatetext=2012-11-04 05:18:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\fr-himedia.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
Properties.size=113
Properties.md5=7A524CC0856DC19F3FD4B7AF0397ECFC
Properties.filedate=1352045011
Properties.filedatetext=2012-11-04 17:03:31

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\fr-himedia.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
Properties.size=121
Properties.md5=F2F4C4E80F929CF45177E77EC3262BF1
Properties.filedate=1352110066
Properties.filedatetext=2012-11-05 11:07:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\images.allocine.fr\AcV_Config.sol
Properties.size=64
Properties.md5=E5160514647482AB287942652CC2D208
Properties.filedate=1356798950
Properties.filedatetext=2012-12-29 17:35:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\nimg.joyclub.de\fupvid.sol
Properties.size=67
Properties.md5=CF13BB7D91E405E4B3514990057F10FD
Properties.filedate=1353428463
Properties.filedatetext=2012-11-20 17:21:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\auth.sol
Properties.size=70
Properties.md5=F829BA6857428AA959FB60F3A9F93E91
Properties.filedate=1358595469
Properties.filedatetext=2013-01-19 12:37:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\auth2.sol
Properties.size=132
Properties.md5=3F0D6EE65617CDEF120E3F40A2C9C754
Properties.filedate=1358595529
Properties.filedatetext=2013-01-19 12:38:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\player.ooyala.com\perf.sol
Properties.size=122
Properties.md5=12B8F6986EED46F4DB3ABB24806388D3
Properties.filedate=1358595505
Properties.filedatetext=2013-01-19 12:38:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\polpix.sueddeutsche.de\de.sueddeutsche.videoplayer.sol
Properties.size=66
Properties.md5=8FF63BB20EA6274EBE56D08A9C874658
Properties.filedate=1356798263
Properties.filedatetext=2012-12-29 17:24:23

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\pub.widgetbox.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1352741450
Properties.filedatetext=2012-11-12 18:30:50

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\analytics.sol
Properties.size=563
Properties.md5=D52A72E33498A1DA27ED6B860FAB595C
Properties.filedate=1352125199
Properties.filedatetext=2012-11-05 15:19:58

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\userItemRanks.sol
Properties.size=71
Properties.md5=A780F9FD3EAA0B0DFDE9D04B3818A427
Properties.filedate=1352124979
Properties.filedatetext=2012-11-05 15:16:19

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.mcstatic.com\vpPrefs.sol
Properties.size=40
Properties.md5=0F551541154188563496B48BF16BA8AB
Properties.filedate=1352124978
Properties.filedatetext=2012-11-05 15:16:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=BBB5CBBE6D7D2278260C2628F1AA7B23
Properties.filedate=1358463786
Properties.filedatetext=2013-01-18 00:03:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=6D2DF57C69E665FD5A213D571583F221
Properties.filedate=1358463948
Properties.filedatetext=2013-01-18 00:05:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggCvar.sol
Properties.size=74
Properties.md5=3BBE3FCD5C2D1CB07BDD2AB8B19D737A
Properties.filedate=1352129355
Properties.filedatetext=2012-11-05 16:29:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggCvar_temp.sol
Properties.size=79
Properties.md5=4F846A46C9CC67B7348F36EAA40A5A5C
Properties.filedate=1352129354
Properties.filedatetext=2012-11-05 16:29:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_1.sol
Properties.size=248
Properties.md5=2774A15FD6F0B44DFC9574B9016E5D26
Properties.filedate=1358633379
Properties.filedatetext=2013-01-19 23:09:38

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_2.sol
Properties.size=248
Properties.md5=D5067DF8508AB70CC007A0702970EFE3
Properties.filedate=1358633380
Properties.filedatetext=2013-01-19 23:09:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_3.sol
Properties.size=191
Properties.md5=AAD3FB082C99202BE5FD01DE73DFE680
Properties.filedate=1358633395
Properties.filedatetext=2013-01-19 23:09:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_4.sol
Properties.size=248
Properties.md5=DC2B5B96AE5E7ECFFF9E37AD4ADBB339
Properties.filedate=1358633440
Properties.filedatetext=2013-01-19 23:10:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\secure-uk.imrworldwide.com\_ggMCvar_5.sol
Properties.size=248
Properties.md5=D7CD11D6F3C5526CAEEC958EB7040845
Properties.filedate=1358633434
Properties.filedatetext=2013-01-19 23:10:33

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\static.ilive.to\com.jeroenwijering.sol
Properties.size=64
Properties.md5=81BED0B00E0660999EA90A9F8FCDD013
Properties.filedate=1354457011
Properties.filedatetext=2012-12-02 15:03:30

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\streamcloud.eu\com.jeroenwijering.sol
Properties.size=64
Properties.md5=0A9E67747EC02604B006B689376E7BA3
Properties.filedate=1355254910
Properties.filedatetext=2012-12-11 20:41:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.ecostream.tv\com.jeroenwijering.sol
Properties.size=71
Properties.md5=41C1BB8E9F17F66ACE6BD7C64FB7CD17
Properties.filedate=1357673331
Properties.filedatetext=2013-01-08 20:28:51

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.extremetube.com\com.conviva.livePass.sol
Properties.size=224
Properties.md5=70C6336A0BF6FD357A63EB08CAC68916
Properties.filedate=1354116000
Properties.filedatetext=2012-11-28 16:20:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.paypalobjects.com\paypalLSO.sol
Properties.size=111
Properties.md5=012F0E04A7BE04AF0741E38D2EE79DA6
Properties.filedate=1354285789
Properties.filedatetext=2012-11-30 15:29:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.paypalobjects.com\ppLsoTest.sol
Properties.size=48
Properties.md5=74EE4375686A2069414EEF13E7B62789
Properties.filedate=1354285765
Properties.filedatetext=2012-11-30 15:29:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\www.swr.de\com.jeroenwijering.sol
Properties.size=70
Properties.md5=1212DF3295515B16DD1CBE6D011FE52E
Properties.filedate=1356884819
Properties.filedatetext=2012-12-30 17:26:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\yesload.net\com.jeroenwijering.sol
Properties.size=64
Properties.md5=50852802483D79919B9A929DF1590147
Properties.filedate=1354032396
Properties.filedatetext=2012-11-27 17:06:35

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\777livecams.com\flc.swf\cid.sol
Properties.size=35
Properties.md5=5850DD69D3F277466B8E5B0320C11DA7
Properties.filedate=1353696147
Properties.filedatetext=2012-11-23 19:42:27

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\skype.com\#ui\preferences.sol
Properties.size=234
Properties.md5=142BDF3135E1F5A6CAB03CCAA0F8F1A0
Properties.filedate=1358814584
Properties.filedatetext=2013-01-22 01:29:43

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\track.webgains.com\wg.swf\4034.sol
Properties.size=319
Properties.md5=AA73C958F3413CF393DC894A1BCBCDD8
Properties.filedate=1352825122
Properties.filedatetext=2012-11-13 17:45:22

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.pornhub.phncdn.com\flash\pornhubSkin.swf\pornhub_opts.sol
Properties.size=44
Properties.md5=BC194AB4DE72034026F0CBFACA6E40F6
Properties.filedate=1354213933
Properties.filedatetext=2012-11-29 19:32:13

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\cdn1.static.tube8.phncdn.com\swf\player2012.swf\t8_opts.sol
Properties.size=46
Properties.md5=85D845C755B3CB46455593F101558886
Properties.filedate=1354116813
Properties.filedatetext=2012-11-28 16:33:33

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Ron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UB8XWY9U\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
Properties.size=61
Properties.md5=E966FE4A53A0F4A2BED906B8289FC8B4
Properties.filedate=1357439970
Properties.filedatetext=2013-01-06 03:39:30

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done)


Clickbank: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done)


Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Ron (default)) (Browser: Cookie, nothing done)


Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=715
Properties.md5=A928E2838C65A02B7C6A8049C068CDC2
Properties.filedate=1356980202
Properties.filedatetext=2012-12-31 19:56:42

Log: [SBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
C:\Windows\System32\wbem\logs\wmiprov.log
Properties.size=6301
Properties.md5=0224365A895E78823A1CD5BDCFF41295
Properties.filedate=1355366085
Properties.filedatetext=2012-12-13 03:34:45

Ahead Nero Burning Rom: [SBI $79A66815] Save tracks directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\SaveTrackOptions\Stdflist

Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir

Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir

Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\ahead\Nero - Burning Rom\General\OFDLastISODir

Ahead Nero Burning Rom: [SBI $505FB952] Last Audio directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\ahead\Nero - Burning Rom\General\OFDLastAudioDir

DVD Shrink 3.1: [SBI $2D9EC007] Last output device type (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\DVD Shrink\DVD Shrink 3.1\Preferences\TargetDevice

DVD Shrink 3.1: [SBI $71D1E59A] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\DVD Shrink\DVD Shrink 3.1\Recent File List

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $735D57D7] Recent open directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows.OpenWith: [SBI $65740489] Open with list - .3D extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3D\OpenWithList

Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (106) (Browser: Cache, nothing done)


Verlauf: [SBI $49804B54] Browser: History (17) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (1767) (Browser: Cookie, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-01-22 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)

Alt 23.01.2013, 14:53   #8
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Des weiteren habe ich auf dem trojan remover noch folgendes gefunden:
***** THE SYSTEM HAS BEEN RESTARTED *****
22.01.2013 01:26:02: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\SDWinLogon - already removed (or did not exist)
=======================================================
22.01.2013 01:26:02: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:09:37 22 Jan 2013
Using Database v8032
Operating System: Windows Vista Home Premium (SP1) [Build: 6.0.6001]
File System: NTFS
User Account Control is Enabled
UserData directory: C:\Users\Ron\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Ron\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
01:09:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
01:09:38: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
01:09:46: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2927104 bytes
Created: 12.12.2008 02:55
Modified: 29.10.2008 07:29
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [Windows Defender]
Value Data: [%ProgramFiles%\Windows Defender\MSASCui.exe -hide]
C:\Program Files\Windows Defender\MSASCui.exe
1008184 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:38
Company: Microsoft Corporation
--------------------
Value Name: [RtHDVCpl]
Value Data: [RtHDVCpl.exe]
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 26.10.2007 13:50
Modified: 17.08.2007 12:27
Company: Realtek Semiconductor
--------------------
Value Name: [Adobe Reader Speed Launcher]
Value Data: ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
40048 bytes
Created: 11.05.2007 02:06
Modified: 11.05.2007 02:06
Company: Adobe Systems Incorporated
--------------------
Value Name: [NeroFilterCheck]
Value Data: [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
155648 bytes
Created: 12.01.2006 14:40
Modified: 12.01.2006 14:40
Company: Nero AG
--------------------
Value Name: [Google Desktop Search]
Value Data: ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
220160 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
--------------------
Value Name: [toolbar_eula_launcher]
Value Data: [C:\Program Files\GoogleEULA\EULALauncher.exe]
C:\Program Files\GoogleEULA\EULALauncher.exe
16896 bytes
Created: 26.10.2007 15:09
Modified: 09.02.2007 14:54
Company:
--------------------
Value Name: [GrooveMonitor]
Value Data: ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
30040 bytes
Created: 26.02.2009 18:36
Modified: 26.02.2009 18:36
Company: Microsoft Corporation
--------------------
Value Name: [IgfxTray]
Value Data: [C:\Windows\system32\igfxtray.exe]
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\Windows\system32\hkcmd.exe]
C:\Windows\system32\hkcmd.exe
166424 bytes
Created: 02.01.2008 17:06
Modified: 02.01.2008 17:06
Company: Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: [C:\Windows\system32\igfxpers.exe]
C:\Windows\system32\igfxpers.exe
133656 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
Value Name: [Skytel]
Value Data: [Skytel.exe]
C:\Windows\Skytel.exe
1826816 bytes
Created: 26.10.2007 13:50
Modified: 03.08.2007 12:22
Company: Realtek Semiconductor Corp.
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 02.09.2008 13:13
Modified: 12.06.2008 13:28
Company: Avira GmbH
--------------------
Value Name: [HP Software Update]
Value Data: [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 10.12.2006 20:52
Modified: 10.12.2006 20:52
Company: Hewlett-Packard Co.
--------------------
Value Name: [NPSStartup] - blank or invalid data
--------------------
Value Name: [VX1000]
Value Data: [C:\Windows\vVX1000.exe]
C:\Windows\vVX1000.exe
757248 bytes
Created: 26.06.2009 16:21
Modified: 26.06.2009 16:21
Company: Microsoft Corporation
--------------------
Value Name: [LifeCam]
Value Data: ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"]
C:\Program Files\Microsoft LifeCam\LifeExp.exe
118640 bytes
Created: 24.07.2009 15:05
Modified: 24.07.2009 15:05
Company: Microsoft Corporation
--------------------
Value Name: [APSDaemon]
Value Data: ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
59280 bytes
Created: 28.11.2012 14:13
Modified: 28.11.2012 14:13
Company: Apple Inc.
--------------------
Value Name: [QuickTime Task]
Value Data: ["C:\Program Files\QuickTime\QTTask.exe" -atboottime]
C:\Program Files\QuickTime\QTTask.exe
421888 bytes
Created: 25.10.2012 03:12
Modified: 25.10.2012 03:12
Company: Apple Inc.
--------------------
Value Name: [iTunesHelper]
Value Data: ["C:\Program Files\iTunes\iTunesHelper.exe"]
C:\Program Files\iTunes\iTunesHelper.exe
152544 bytes
Created: 12.12.2012 13:57
Modified: 12.12.2012 13:57
Company: Apple Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1247504 bytes
Created: 22.01.2013 01:06
Modified: 14.09.2012 11:58
Company: Simply Super Software
--------------------
Value Name: [SDTray]
Value Data: ["C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"]
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
3825176 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:08
Company: Safer-Networking Ltd.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Sidebar]
Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
C:\Program Files\Windows Sidebar\sidebar.exe
1233920 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
Value Data: ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
143360 bytes
Created: 23.12.2006 17:05
Modified: 23.12.2006 17:05
Company: Nero AG
--------------------
Value Name: [Google Update]
Value Data: ["C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c]
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
--------------------
Value Name: [PC Suite Tray]
Value Data: ["C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
1205760 bytes
Created: 03.12.2008 12:47
Modified: 03.12.2008 12:47
Company: Nokia
--------------------
Value Name: [AutoStartNPSAgent]
Value Data: [C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
98304 bytes
Created: 13.12.2008 17:51
Modified: 13.12.2008 17:51
Company: Samsung Electronics Co., Ltd.
--------------------
Value Name: [ehTray.exe]
Value Data: [C:\Windows\ehome\ehTray.exe]
C:\Windows\ehome\ehTray.exe
125952 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [Facebook Update]
Value Data: ["C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver]
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
--------------------
Value Name: [WMPNSCFG]
Value Data: [C:\Program Files\Windows Media Player\WMPNSCFG.exe]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
202240 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files\Skype\Phone\Skype.exe
-R- 17418928 bytes
Created: 13.07.2012 12:33
Modified: 13.07.2012 12:33
Company: Skype Technologies S.A.
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
01:11:06: Scanning -----SHELLEXECUTEHOOKS-----

************************************************************
01:11:07: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
01:11:08: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
01:11:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
01:11:11: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
01:11:33: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACPI
ImagePath: system32\drivers\acpi.sys
C:\Windows\system32\drivers\acpi.sys
266808 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 07.06.2012 23:08
Modified: 17.01.2013 19:30
Company: Adobe Systems Incorporated
----------
Key: adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\Windows\system32\drivers\adp94xx.sys
420968 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\Windows\system32\drivers\adpahci.sys
297576 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: adpu160m
ImagePath: \SystemRoot\system32\drivers\adpu160m.sys
C:\Windows\system32\drivers\adpu160m.sys
98408 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\Windows\system32\drivers\adpu320.sys
147048 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\Windows\system32\drivers\afd.sys
273408 bytes
Created: 12.12.2011 14:08
Modified: 21.04.2011 14:16
Company: Microsoft Corporation
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys
53864 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: \SystemRoot\system32\drivers\djsvs.sys
C:\Windows\system32\drivers\djsvs.sys
71272 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\Windows\System32\alg.exe
59392 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\Windows\system32\drivers\aliide.sys
17592 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Acer Laboratories Inc.
----------
Key: amdagp
ImagePath: \SystemRoot\system32\drivers\amdagp.sys
C:\Windows\system32\drivers\amdagp.sys
54888 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\Windows\system32\drivers\amdide.sys
18104 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: AmdK7
ImagePath: \SystemRoot\system32\drivers\amdk7.sys
C:\Windows\system32\drivers\amdk7.sys
38912 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: \SystemRoot\system32\drivers\amdk8.sys
C:\Windows\system32\drivers\amdk8.sys
40960 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 02.09.2008 13:13
Modified: 24.10.2008 13:15
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 02.09.2008 13:13
Modified: 24.10.2008 13:15
Company: Avira GmbH
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
55184 bytes
Created: 11.08.2012 16:43
Modified: 11.08.2012 16:43
Company: Apple Inc.
----------
Key: arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\Windows\system32\drivers\arc.sys
67688 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\Windows\system32\drivers\arcsas.sys
67688 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\Windows\system32\DRIVERS\asyncmac.sys
17408 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys
21560 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11608 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52056 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\Windows\system32\DRIVERS\avipbb.sys
75096 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: BBSvc
ImagePath: "C:\Program Files\Microsoft\BingBar\BBSvc.EXE"
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
196176 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------
Key: BBUpdate
ImagePath: "C:\Program Files\Microsoft\BingBar\SeaPort.EXE"
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
249648 bytes
Created: 13.10.2011 17:21
Modified: 13.10.2011 17:21
Company: Microsoft Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
390504 bytes
Created: 30.08.2011 23:05
Modified: 30.08.2011 23:05
Company: Apple Inc.
----------
Key: bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\Windows\system32\DRIVERS\bowser.sys
69632 bytes
Created: 12.12.2011 14:11
Modified: 22.02.2011 13:51
Company: Microsoft Corporation
----------
Key: BrFiltLo
ImagePath: \SystemRoot\system32\drivers\brfiltlo.sys
C:\Windows\system32\drivers\brfiltlo.sys
13568 bytes
Created: 02.11.2006 10:38
Modified: 02.11.2006 09:24
Company: Brother Industries, Ltd.
----------
Key: BrFiltUp
ImagePath: \SystemRoot\system32\drivers\brfiltup.sys
C:\Windows\system32\drivers\brfiltup.sys
5248 bytes
Created: 02.11.2006 10:37
Modified: 02.11.2006 09:24
Company: Brother Industries, Ltd.
----------
Key: Brserid
ImagePath: \SystemRoot\system32\drivers\brserid.sys
C:\Windows\system32\drivers\brserid.sys
71808 bytes
Created: 02.11.2006 10:22
Modified: 02.11.2006 09:25
Company: Brother Industries Ltd.
----------
Key: BrSerWdm
ImagePath: \SystemRoot\system32\drivers\brserwdm.sys
C:\Windows\system32\drivers\brserwdm.sys
62336 bytes
Created: 02.11.2006 10:36
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BrUsbMdm
ImagePath: \SystemRoot\system32\drivers\brusbmdm.sys
C:\Windows\system32\drivers\brusbmdm.sys
12160 bytes
Created: 02.11.2006 10:37
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BrUsbSer
ImagePath: \SystemRoot\system32\drivers\brusbser.sys
C:\Windows\system32\drivers\brusbser.sys
11904 bytes
Created: 02.11.2006 10:38
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BTHMODEM
ImagePath: \SystemRoot\system32\drivers\bthmodem.sys
C:\Windows\system32\drivers\bthmodem.sys
39936 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\Windows\system32\DRIVERS\cdfs.sys
70144 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\Windows\system32\DRIVERS\cdrom.sys
67072 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\Windows\system32\drivers\circlass.sys
35328 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: CLFS
ImagePath: System32\CLFS.sys
C:\Windows\System32\CLFS.sys
247352 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
69632 bytes
Created: 07.08.2009 02:02
Modified: 27.07.2008 19:03
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\Windows\system32\drivers\cmdide.sys
19128 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: CMD Technology, Inc.
----------
Key: Compbatt
ImagePath: \SystemRoot\system32\drivers\compbatt.sys
C:\Windows\system32\drivers\compbatt.sys
18280 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\system32\dllhost.exe
7168 bytes
Created: 02.11.2006 09:50
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: crcdisk
ImagePath: system32\drivers\crcdisk.sys
C:\Windows\system32\drivers\crcdisk.sys
22632 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: Crusoe
ImagePath: \SystemRoot\system32\drivers\crusoe.sys
C:\Windows\system32\drivers\crusoe.sys
38912 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\Windows\System32\Drivers\dfsc.sys
75264 bytes
Created: 12.12.2011 14:09
Modified: 14.04.2011 15:24
Company: Microsoft Corporation
----------
Key: DFSR
ImagePath: %SystemRoot%\system32\DFSR.exe
C:\Windows\system32\DFSR.exe
2091520 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: disk
ImagePath: system32\drivers\disk.sys
C:\Windows\system32\drivers\disk.sys
55352 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\Windows\system32\drivers\drmkaud.sys
5632 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\Windows\System32\drivers\dxgkrnl.sys
625152 bytes
Created: 10.09.2008 00:25
Modified: 02.08.2008 02:01
Company: Microsoft Corporation
----------
Key: e1express
ImagePath: system32\DRIVERS\e1e6032.sys
C:\Windows\system32\DRIVERS\e1e6032.sys
228224 bytes
Created: 26.10.2007 13:15
Modified: 13.04.2007 12:22
Company: Intel Corporation
----------
Key: E1G60
ImagePath: system32\DRIVERS\E1G60I32.sys
C:\Windows\system32\DRIVERS\E1G60I32.sys
117760 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 08:30
Company: Intel Corporation
----------
Key: Ecache
ImagePath: System32\drivers\ecache.sys
C:\Windows\System32\drivers\ecache.sys
143416 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: ehRecvr
ImagePath: %systemroot%\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
292352 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: %systemroot%\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
131072 bytes
Created: 02.11.2006 13:35
Modified: 02.11.2006 13:35
Company: Microsoft Corporation
----------
Key: elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\Windows\system32\drivers\elxstor.sys
316520 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Emulex
----------
Key: fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\Windows\system32\DRIVERS\fdc.sys
25088 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\Windows\system32\drivers\fileinfo.sys
58936 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\Windows\system32\drivers\filetrace.sys
27648 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:30
Company: Microsoft Corporation
----------
Key: flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\Windows\system32\DRIVERS\flpydisk.sys
20480 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\Windows\system32\drivers\fltmgr.sys
192056 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
46104 bytes
Created: 07.08.2009 02:14
Modified: 20.06.2008 02:14
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\system32\FsUsbExDisk.SYS
C:\Windows\system32\FsUsbExDisk.SYS
36608 bytes
Created: 10.02.2009 17:11
Modified: 13.12.2008 17:15
Company: [no info]
----------
Key: FsUsbExService
ImagePath: C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\FsUsbExService.Exe
233472 bytes
Created: 10.02.2009 17:11
Modified: 13.12.2008 17:15
Company: Teruten
----------
Key: gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\Windows\system32\drivers\gagp30kx.sys
58984 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: GEARAspiWDM
ImagePath: system32\DRIVERS\GEARAspiWDM.sys
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
26840 bytes
Created: 03.01.2013 20:25
Modified: 21.08.2012 13:01
Company: GEAR Software Inc.
----------
Key: GoogleDesktopManager
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
69120 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------
Key: gupdate
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
----------
Key: gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\Windows\system32\drivers\HdAudio.sys
235520 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 08:36
Company: Microsoft Corporation
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\Windows\system32\DRIVERS\HDAudBus.sys
53760 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 05:30
Company: Microsoft Corporation
----------
Key: HidBth
ImagePath: \SystemRoot\system32\drivers\hidbth.sys
C:\Windows\system32\drivers\hidbth.sys
29184 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\Windows\system32\drivers\hidir.sys
21504 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\Windows\system32\DRIVERS\hidusb.sys
12288 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: HpCISSs
ImagePath: \SystemRoot\system32\drivers\hpcisss.sys
C:\Windows\system32\drivers\hpcisss.sys
37480 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Hewlett-Packard Company
----------
Key: HTTP
ImagePath: system32\drivers\HTTP.sys
C:\Windows\system32\drivers\HTTP.sys
411136 bytes
Created: 13.12.2011 03:16
Modified: 20.02.2010 22:18
Company: Microsoft Corporation
----------
Key: i2omp
ImagePath: \SystemRoot\system32\drivers\i2omp.sys
C:\Windows\system32\drivers\i2omp.sys
27752 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\Windows\system32\DRIVERS\i8042prt.sys
54784 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iastorv.sys
C:\Windows\system32\drivers\iastorv.sys
232040 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
881664 bytes
Created: 07.08.2009 02:14
Modified: 20.06.2008 02:14
Company: Microsoft Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2016256 bytes
Created: 02.01.2008 16:48
Modified: 02.01.2008 16:48
Company: Intel Corporation
----------
Key: iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\Windows\system32\drivers\iirsp.sys
41576 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Intel Corp./ICP vortex GmbH
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHDA.sys
C:\Windows\system32\drivers\RTKVHDA.sys
1950552 bytes
Created: 26.10.2007 13:50
Modified: 22.08.2007 17:44
Company: Realtek Semiconductor Corp.
----------
Key: intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\Windows\system32\drivers\intelide.sys
17592 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: intelppm
ImagePath: system32\DRIVERS\intelppm.sys
C:\Windows\system32\DRIVERS\intelppm.sys
41472 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:27
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\Windows\system32\DRIVERS\ipfltdrv.sys
47616 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: IPMIDRV
ImagePath: \SystemRoot\system32\drivers\ipmidrv.sys
C:\Windows\system32\drivers\ipmidrv.sys
65536 bytes
Created: 02.11.2006 09:42
Modified: 02.11.2006 09:42
Company: Microsoft Corporation
----------
Key: IPNAT
ImagePath: system32\DRIVERS\ipnat.sys
C:\Windows\system32\DRIVERS\ipnat.sys
100864 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
553440 bytes
Created: 12.12.2012 13:57
Modified: 12.12.2012 13:57
Company: Apple Inc.
----------
Key: IRENUM
ImagePath: system32\drivers\irenum.sys
C:\Windows\system32\drivers\irenum.sys
13312 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\Windows\system32\drivers\isapnp.sys
47208 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: iScsiPrt
ImagePath: system32\DRIVERS\msiscsi.sys
C:\Windows\system32\DRIVERS\msiscsi.sys
181304 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: iteatapi
ImagePath: \SystemRoot\system32\drivers\iteatapi.sys
C:\Windows\system32\drivers\iteatapi.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Integrated Technology Express, Inc.
----------
Key: iteraid
ImagePath: \SystemRoot\system32\drivers\iteraid.sys
C:\Windows\system32\drivers\iteraid.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Integrated Technology Express, Inc.
----------
Key: kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\Windows\system32\DRIVERS\kbdclass.sys
35384 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: kbdhid
ImagePath: system32\DRIVERS\kbdhid.sys
C:\Windows\system32\DRIVERS\kbdhid.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\Windows\System32\Drivers\ksecdd.sys
439896 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 19:20
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
61440 bytes
Created: 19.10.2006 12:52
Modified: 19.10.2006 12:52
Company: Hewlett-Packard Company
----------
Key: lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\Windows\system32\DRIVERS\lltdio.sys
47104 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\Windows\system32\drivers\lsi_fc.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\Windows\system32\drivers\lsi_sas.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\Windows\system32\drivers\lsi_scsi.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\Windows\system32\drivers\luafv.sys
84480 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:30
Company: Microsoft Corporation
----------
Key: McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
237008 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
----------
Key: megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\Windows\system32\drivers\megasas.sys
28776 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic Corporation
----------
Key: Microsoft Office Groove Audit Service
ImagePath: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
64856 bytes
Created: 26.02.2009 18:36
Modified: 26.02.2009 18:36
Company: Microsoft Corporation
----------
Key: Modem
ImagePath: system32\drivers\modem.sys
C:\Windows\system32\drivers\modem.sys
31744 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:57
Company: Microsoft Corporation
----------
Key: monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\Windows\system32\DRIVERS\monitor.sys
41984 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:52
Company: Microsoft Corporation
----------
Key: mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\Windows\system32\DRIVERS\mouclass.sys
34360 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\Windows\system32\DRIVERS\mouhid.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MountMgr
ImagePath: System32\drivers\mountmgr.sys
C:\Windows\System32\drivers\mountmgr.sys
57400 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: MozillaMaintenance
ImagePath: C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
115608 bytes
Created: 28.04.2012 22:38
Modified: 19.01.2013 00:53
Company: Mozilla Foundation
----------
Key: mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\Windows\system32\drivers\mpio.sys
78952 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\Windows\System32\drivers\mpsdrv.sys
64000 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:54
Company: Microsoft Corporation
----------
Key: Mraid35x
ImagePath: \SystemRoot\system32\drivers\mraid35x.sys
C:\Windows\system32\drivers\mraid35x.sys
33384 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic Corporation
----------
Key: MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\Windows\system32\drivers\mrxdav.sys
110080 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\Windows\system32\DRIVERS\mrxsmb.sys
105984 bytes
Created: 12.12.2011 14:09
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\Windows\system32\DRIVERS\mrxsmb10.sys
213504 bytes
Created: 12.12.2011 14:09
Modified: 06.07.2011 15:56
Company: Microsoft Corporation
----------
Key: mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\Windows\system32\DRIVERS\mrxsmb20.sys
79360 bytes
Created: 12.12.2011 14:09
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys
25784 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
139120 bytes
Created: 24.07.2009 15:05
Modified: 24.07.2009 15:05
Company: Microsoft Corporation
----------
Key: msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\Windows\system32\drivers\msdsm.sys
80488 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
105984 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\Windows\system32\drivers\msisadrv.sys
16440 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
C:\Windows\system32\msiexec - [file not found to scan]
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\Windows\system32\drivers\MSKSSRV.sys
8192 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\Windows\system32\drivers\MSPCLOCK.sys
5888 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\Windows\system32\drivers\MSPQM.sys
5504 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\Windows\system32\DRIVERS\mssmbios.sys
31288 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\Windows\system32\drivers\MSTEE.sys
6016 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: Mup
ImagePath: System32\Drivers\mup.sys
C:\Windows\System32\Drivers\mup.sys
49720 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\Windows\system32\DRIVERS\nwifi.sys
148480 bytes
Created: 10.09.2008 00:25
Modified: 20.05.2008 03:07
Company: Microsoft Corporation
----------
Key: NBService
ImagePath: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
774144 bytes
Created: 05.12.2006 11:44
Modified: 05.12.2006 11:44
Company: Nero AG
----------
Key: NDIS
ImagePath: system32\drivers\ndis.sys
C:\Windows\system32\drivers\ndis.sys
529464 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\Windows\system32\DRIVERS\ndistapi.sys
20992 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\Windows\system32\DRIVERS\ndisuio.sys
16896 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\Windows\system32\DRIVERS\ndiswan.sys
121344 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\Windows\system32\DRIVERS\netbios.sys
35840 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: netbt
ImagePath: System32\DRIVERS\netbt.sys
C:\Windows\System32\DRIVERS\netbt.sys
184320 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\Windows\system32\drivers\nfrd960.sys
45160 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: IBM Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
262144 bytes
Created: 23.12.2006 16:54
Modified: 23.12.2006 16:54
Company: Nero AG
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\Windows\system32\drivers\ccdcmb.sys
17664 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\Windows\system32\drivers\ccdcmbo.sys
22016 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Nokia
----------
Key: nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\Windows\system32\drivers\nsiproxy.sys
16384 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: ntrigdigi
ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys
C:\Windows\system32\drivers\ntrigdigi.sys
20608 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 08:36
Company: N-trig Innovative Technologies
----------
Key: nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\Windows\system32\drivers\nvraid.sys
88680 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: NVIDIA Corporation
----------
Key: nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\Windows\system32\drivers\nvstor.sys
40040 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\Windows\system32\drivers\nv_agp.sys
106600 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: odserv
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
440696 bytes
Created: 20.07.2011 05:18
Modified: 20.07.2011 05:18
Company: Microsoft Corporation
----------
Key: ohci1394
ImagePath: system32\DRIVERS\ohci1394.sys
C:\Windows\system32\DRIVERS\ohci1394.sys
61952 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26.10.2006 14:03
Modified: 26.10.2006 14:03
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\system32\drivers\parport.sys
79360 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: partmgr
ImagePath: System32\drivers\partmgr.sys
C:\Windows\System32\drivers\partmgr.sys
56376 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: Parvdm
ImagePath: \SystemRoot\system32\drivers\parvdm.sys
C:\Windows\system32\drivers\parvdm.sys
8704 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\Windows\system32\DRIVERS\pccsmcfd.sys
18816 bytes
Created: 10.02.2009 16:37
Modified: 26.08.2008 09:26
Company: Nokia
----------
Key: pci
ImagePath: system32\drivers\pci.sys
C:\Windows\system32\drivers\pci.sys
151096 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: pciide
ImagePath: system32\drivers\pciide.sys
C:\Windows\system32\drivers\pciide.sys
16440 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\Windows\system32\drivers\pcmcia.sys
167528 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:51
Company: Microsoft Corporation
----------
Key: PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\Windows\system32\drivers\peauth.sys
878080 bytes
Created: 02.11.2006 10:04
Modified: 02.11.2006 10:04
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys
10368 bytes
Created: 03.01.2008 14:18
Modified: 03.01.2008 14:18
Company: Padus, Inc.
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\Windows\system32\DRIVERS\raspptp.sys
62976 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\Windows\system32\drivers\processr.sys
38400 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: PSched
ImagePath: system32\DRIVERS\pacer.sys
C:\Windows\system32\DRIVERS\pacer.sys
72192 bytes
Created: 12.07.2008 14:46
Modified: 05.04.2008 02:21
Company: Microsoft Corporation
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys
900712 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys
106088 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: QLogic Corporation
----------
Key: QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\Windows\system32\drivers\qwavedrv.sys
31232 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\Windows\System32\DRIVERS\rasacd.sys
11776 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\Windows\system32\DRIVERS\rasl2tp.sys
76288 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\Windows\system32\DRIVERS\raspppoe.sys
41472 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\Windows\system32\DRIVERS\rassstp.sys
69120 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\Windows\system32\DRIVERS\rdbss.sys
224768 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\Windows\System32\DRIVERS\RDPCDD.sys
6144 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: rdpdr
ImagePath: \SystemRoot\system32\drivers\rdpdr.sys
C:\Windows\system32\drivers\rdpdr.sys
242688 bytes
Created: 02.11.2006 10:03
Modified: 02.11.2006 10:03
Company: Microsoft Corporation
----------
Key: RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\Windows\system32\drivers\rdpencdd.sys
6144 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\Windows\system32\locator.exe
7680 bytes
Created: 02.11.2006 09:50
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\Windows\system32\DRIVERS\rspndr.sys
60416 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\Windows\system32\drivers\sbp2port.sys
76392 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: SDScannerService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
1103392 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: SDUpdateService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
1369624 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: SDWSCService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
168384 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: Serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys
17920 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys
83456 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\Windows\system32\drivers\sermouse.sys
19968 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
620544 bytes
Created: 11.11.2008 09:38
Modified: 11.11.2008 09:38
Company: Nokia.
----------
Key: sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\Windows\system32\drivers\sffdisk.sys
13312 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\Windows\system32\drivers\sffp_mmc.sys
12800 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\Windows\system32\drivers\sffp_sd.sys
12800 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\Windows\system32\drivers\sfloppy.sys
13312 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: sisagp
ImagePath: \SystemRoot\system32\drivers\sisagp.sys
C:\Windows\system32\drivers\sisagp.sys
53352 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: SiSRaid2
ImagePath: \SystemRoot\system32\drivers\sisraid2.sys
C:\Windows\system32\drivers\sisraid2.sys
38504 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Silicon Integrated Systems Corp.
----------
Key: SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\Windows\system32\drivers\sisraid4.sys
71784 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Silicon Integrated Systems
----------
Key: SkypeUpdate
ImagePath: "C:\Program Files\Skype\Updater\Updater.exe"
C:\Program Files\Skype\Updater\Updater.exe
-R- 160944 bytes
Created: 03.07.2012 12:19
Modified: 03.07.2012 12:19
Company: Skype Technologies
----------
Key: slsvc
ImagePath: %SystemRoot%\system32\SLsvc.exe
C:\Windows\system32\SLsvc.exe
2623488 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: Smb
ImagePath: system32\DRIVERS\smb.sys
C:\Windows\system32\DRIVERS\smb.sys
66560 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
12800 bytes
Created: 02.11.2006 09:58
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
126464 bytes
Created: 12.12.2011 14:08
Modified: 17.08.2010 14:32
Company: Microsoft Corporation
----------
Key: srv
ImagePath: System32\DRIVERS\srv.sys
C:\Windows\System32\DRIVERS\srv.sys
304640 bytes
Created: 12.12.2011 14:09
Modified: 18.02.2011 14:31
Company: Microsoft Corporation
----------
Key: srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\Windows\System32\DRIVERS\srv2.sys
146432 bytes
Created: 12.12.2011 14:08
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\Windows\System32\DRIVERS\srvnet.sys
102400 bytes
Created: 12.12.2011 14:08
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: sscdbus
ImagePath: system32\DRIVERS\sscdbus.sys
C:\Windows\system32\DRIVERS\sscdbus.sys
87936 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: sscdmdfl
ImagePath: system32\DRIVERS\sscdmdfl.sys
C:\Windows\system32\DRIVERS\sscdmdfl.sys
14976 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: sscdmdm
ImagePath: system32\DRIVERS\sscdmdm.sys
C:\Windows\system32\DRIVERS\sscdmdm.sys
114304 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\Windows\system32\DRIVERS\ssmdrv.sys
21248 bytes
Created: 02.09.2008 13:13
Modified: 08.11.2007 18:03
Company: AVIRA GmbH
----------
Key: swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\Windows\system32\DRIVERS\swenum.sys
15288 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: Symc8xx
ImagePath: \SystemRoot\system32\drivers\symc8xx.sys
C:\Windows\system32\drivers\symc8xx.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: Sym_hi
ImagePath: \SystemRoot\system32\drivers\sym_hi.sys
C:\Windows\system32\drivers\sym_hi.sys
31848 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic
----------
Key: Sym_u3
ImagePath: \SystemRoot\system32\drivers\sym_u3.sys
C:\Windows\system32\drivers\sym_u3.sys
34920 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\Windows\System32\drivers\tcpip.sys
898952 bytes
Created: 12.12.2011 14:05
Modified: 16.06.2010 16:59
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip.sys
C:\Windows\system32\DRIVERS\tcpip.sys
898952 bytes
Created: 12.12.2011 14:05
Modified: 16.06.2010 16:59
Company: Microsoft Corporation
----------
Key: tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\Windows\System32\drivers\tcpipreg.sys
30208 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\Windows\system32\drivers\tdpipe.sys
17920 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\Windows\system32\drivers\tdtcp.sys
29184 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\Windows\system32\DRIVERS\tdx.sys
71680 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: TermDD
ImagePath: system32\DRIVERS\termdd.sys
C:\Windows\system32\DRIVERS\termdd.sys
54328 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: TrustedInstaller
ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
39424 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\Windows\System32\DRIVERS\tssecsrv.sys
23552 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: tunmp
ImagePath: system32\DRIVERS\tunmp.sys
C:\Windows\system32\DRIVERS\tunmp.sys
15360 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\Windows\system32\DRIVERS\tunnel.sys
25088 bytes
Created: 13.03.2012 08:42
Modified: 18.02.2010 12:52
Company: Microsoft Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys
56936 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\Windows\system32\DRIVERS\udfs.sys
226816 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\Windows\system32\UI0Detect.exe
35840 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\Windows\system32\drivers\uliagpkx.sys
58472 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: uliahci
ImagePath: \SystemRoot\system32\drivers\uliahci.sys
C:\Windows\system32\drivers\uliahci.sys
235112 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: ULi Electronics Inc.
----------
Key: UlSata
ImagePath: \SystemRoot\system32\drivers\ulsata.sys
C:\Windows\system32\drivers\ulsata.sys
98408 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Promise Technology, Inc.
----------
Key: ulsata2
ImagePath: \SystemRoot\system32\drivers\ulsata2.sys
C:\Windows\system32\drivers\ulsata2.sys
115816 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Promise Technology, Inc.
----------
Key: umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\Windows\system32\DRIVERS\umbus.sys
34816 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
12352 bytes
Created: 01.07.2010 18:11
Modified: 01.07.2010 18:11
Company: [no info]
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\Windows\System32\Drivers\usbaapl.sys
44544 bytes
Created: 28.09.2012 10:32
Modified: 28.09.2012 10:32
Company: Apple, Inc.
----------
Key: usbaudio
ImagePath: system32\drivers\usbaudio.sys
C:\Windows\system32\drivers\usbaudio.sys
73088 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\Windows\system32\DRIVERS\usbccgp.sys
73216 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\Windows\system32\drivers\usbcir.sys
68608 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\Windows\system32\DRIVERS\usbehci.sys
39424 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\Windows\system32\DRIVERS\usbhub.sys
194560 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbohci
ImagePath: \SystemRoot\system32\drivers\usbohci.sys
C:\Windows\system32\drivers\usbohci.sys
19456 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\Windows\system32\DRIVERS\usbprint.sys
18944 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:14
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\Windows\system32\DRIVERS\usbscan.sys
35328 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:14
Company: Microsoft Corporation
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\Windows\system32\drivers\usbser.sys
28160 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\Windows\system32\DRIVERS\USBSTOR.SYS
55296 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: system32\DRIVERS\usbuhci.sys
C:\Windows\system32\DRIVERS\usbuhci.sys
23552 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\Windows\System32\vds.exe
382976 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\Windows\system32\DRIVERS\vgapnp.sys
26112 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 09:53
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\Windows\System32\drivers\vga.sys
25088 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:52
Company: Microsoft Corporation
----------
Key: viaagp
ImagePath: \SystemRoot\system32\drivers\viaagp.sys
C:\Windows\system32\drivers\viaagp.sys
54376 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: ViaC7
ImagePath: \SystemRoot\system32\drivers\viac7.sys
C:\Windows\system32\drivers\viac7.sys
39424 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys
20152 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: VIA Technologies, Inc.
----------
Key: volmgr
ImagePath: system32\drivers\volmgr.sys
C:\Windows\system32\drivers\volmgr.sys
52792 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\Windows\System32\drivers\volmgrx.sys
294456 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: volsnap
ImagePath: system32\drivers\volsnap.sys
C:\Windows\system32\drivers\volsnap.sys
227896 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\Windows\system32\drivers\vsmraid.sys
112232 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: VIA Technologies Inc.,Ltd
----------
Key: VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1054720 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\Windows\system32\DRIVERS\VX1000.sys
1956096 bytes
Created: 26.06.2009 16:21
Modified: 26.06.2009 16:21
Company: Microsoft Corporation
----------
Key: WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\Windows\system32\drivers\wacompen.sys
20608 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 09:52
Company: Microsoft Corporation
----------
Key: Wanarp
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\system32\DRIVERS\wanarp.sys
62464 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Wanarpv6
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\system32\DRIVERS\wanarp.sys
62464 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: \SystemRoot\system32\drivers\wd.sys
C:\Windows\system32\drivers\wd.sys
19560 bytes
Created: 02.11.2006 09:54
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: Wdf01000
ImagePath: system32\drivers\Wdf01000.sys
C:\Windows\system32\drivers\Wdf01000.sys
503864 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: WmiAcpi
ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys
C:\Windows\system32\drivers\wmiacpi.sys
11264 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 09:35
Company: Microsoft Corporation
----------
Key: wmiApSrv
ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
137728 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
896512 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:04
Company: Microsoft Corporation
----------
Key: WPFFontCache_v0400
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: ws2ifsl
ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys
C:\Windows\system32\drivers\ws2ifsl.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: WSearch
ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created: 22.08.2008 02:01
Modified: 27.05.2008 06:18
Company: Microsoft Corporation
----------
Key: WUDFRd
ImagePath: system32\DRIVERS\WUDFRd.sys
C:\Windows\system32\DRIVERS\WUDFRd.sys
83328 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------

************************************************************
01:15:24: Scanning -----VXD ENTRIES-----

************************************************************
01:15:24: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : SDWinLogon
DLLName: SDWinLogon.dll
SDWinLogon.dll - this reference has been removed [file not found to scan]
----------

************************************************************
01:16:10: Scanning ----- CONTEXTMENUHANDLERS -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
129080 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:06
Company: Safer-Networking Ltd.
----------

************************************************************
01:16:11: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0561EC90-CE54-4f0c-9C55-E226110A740C}
File: [CLSID does not appear to reference a file]

************************************************************
01:16:11: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
BHO: mscoree.dll
C:\Windows\system32\mscoree.dll
297808 bytes
Created: 13.12.2011 03:20
Modified: 08.11.2009 10:55
Company: Microsoft Corporation
----------
Key: {2EECD738-5844-4a99-B4B6-146BF802613B}
BHO: C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
270960 bytes
Created: 14.08.2011 13:24
Modified: 14.08.2011 13:24
Company: Babylon BHO
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
3214392 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:06
Company: Safer-Networking Ltd.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2427968 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google Germany GmbH
----------
Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
BHO: "C:\Program Files\Microsoft\BingBar\BingExt.dll"
C:\Program Files\Microsoft\BingBar\BingExt.dll
1219152 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------

************************************************************
01:16:14: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
01:16:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
01:16:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
01:16:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL]
File: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
146432 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------

************************************************************
01:16:15: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
01:16:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 02.11.2006 13:50
Modified: 30.05.2008 21:23
Company: [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE
272528 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
--------------------

************************************************************
01:16:16: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Ron
[C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 29.12.2007 17:55
Modified: 29.12.2007 17:55
Company: [no info]
----------
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
97680 bytes
Created: 26.02.2009 15:24
Modified: 26.02.2009 15:24
Company: Microsoft Corporation
----------
Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - links to C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE
C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE
464896 bytes
Created: 24.11.2009 12:04
Modified: 03.07.2009 11:58
Company: telegate MEDIA AG
----------
--------------------

************************************************************
01:16:17: Scanning ----- SCHEDULED TASKS -----
Taskname: {291ADD4D-0E9B-4351-B9AD-952063F19422}
File: c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\firefox.exe
917400 bytes
Created: 19.01.2013 00:53
Modified: 19.01.2013 00:53
Company: Mozilla Corporation
Parameters: Skype for Windows
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {457B8049-2925-4140-93C1-9E2EF7B89B54}
----------
Taskname: {86EC80DD-C1C5-4381-B140-4ACC7D7D8650}
----------
Taskname: {B453A9D9-7772-402D-8F1D-A5EC4F67EC2B}
File: C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
-R- 17418928 bytes
Created: 13.07.2012 12:33
Modified: 13.07.2012 12:33
Company: Skype Technologies S.A.
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 07.06.2012 23:08
Modified: 17.01.2013 19:30
Company: Adobe Systems Incorporated
Schedule: At 01:30:00 every day
Next Run Time: 22.01.2013 01:30:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: Check for updates (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
3487240 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:08
Company: Safer-Networking Ltd.
Parameters: /autoupdate /silent /autoclose
Schedule: At logon
Next Run Time:
Status: Running
Creator: Spybot - Search & Destroy 2
Comments: This task will regularly check for software updates, and install any available updates, to ensure you are well-protected.
----------
Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core
File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
Parameters: /c /nocrashserver
Schedule: At 23:50:00 every day
Next Run Time: 22.01.2013 23:50:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird.
----------
Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA
File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
Parameters: /ua /installsource scheduler
Schedule: At 23:50:00 every day
Next Run Time: 22.01.2013 02:50:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 22.01.2013 01:35:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 01:35:00 every day
Next Run Time: 22.01.2013 01:35:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core
File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
Parameters: /c
Schedule: At 19:01:00 every day
Next Run Time: 22.01.2013 19:01:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA
File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 19:01:00 every day
Next Run Time: 22.01.2013 02:01:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: Refresh immunization (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
3653656 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
Parameters: /immunize /silent /autoclose
Schedule: At 00:30:00 every Mittwoch of every week, starting 22.01.2013
Next Run Time: 23.01.2013 00:30:00
Status: Ready
Creator: Spybot - Search & Destroy 2
Comments: This task will update your immunization, keeping your browsers protected against known malware sites, cookies and more.
----------
Taskname: Scan the system (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
3906584 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
Parameters: /scan /cleanclose
Schedule: At 00:30:00 on day 1 of month 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, starting 22.01.2013
Next Run Time: 01.02.2013 00:30:00
Status: Ready
Creator: Spybot - Search & Destroy 2
Comments: A full system scan is recommended once per month.
----------
Taskname: User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12800 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
Parameters: sync
Schedule: Multiple schedule times
Next Run Time: 22.01.2013 01:20:00
Status: Ready
Creator: Ron
Comments: Updates out-of-date system feeds.
----------

************************************************************
01:16:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
01:16:31: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.VP40
File: vp4vfw.dll
vp4vfw.dll - [file not found to scan]
----------
Value: vidc.VP60
File: vp6vfw.dll
C:\Windows\system32\vp6vfw.dll
-S- 425984 bytes
Created: 15.12.2003 16:11
Modified: 15.12.2003 16:11
Company: On2.com
----------
Value: vidc.VP50
File: vp5vfw.dll
vp5vfw.dll - [file not found to scan]
----------
Value: vidc.VP61
File: vp6vfw.dll
C:\Windows\system32\vp6vfw.dll - file already scanned
----------
Value: VIDC.ACDV
File: ACDV.dll
C:\Windows\system32\ACDV.dll
462848 bytes
Created: 20.06.2005 13:56
Modified: 20.06.2005 13:56
Company: ACD Systems
----------
Value: msacm.divxa32
File: divxa32.acm
C:\Windows\system32\divxa32.acm
287744 bytes
Created: 08.06.2007 13:39
Modified: 08.06.2007 13:39
Company: Kristal Studio
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\Windows\system32\ff_vfw.dll
7680 bytes
Created: 12.06.2008 19:36
Modified: 12.06.2008 19:36
Company: [no info]
----------
Value: vidc.DIVX
File: DivX.dll
C:\Windows\system32\DivX.dll
684032 bytes
Created: 21.11.2008 22:45
Modified: 21.11.2008 22:45
Company: DivX, Inc.
----------
Value: vidc.yv12
File: DivX.dll
C:\Windows\system32\DivX.dll - file already scanned
----------

************************************************************
01:16:36: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
189897 bytes
Created: 05.10.2010 12:23
Modified: 05.10.2010 12:23
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
189897 bytes
Created: 05.10.2010 12:23
Modified: 05.10.2010 12:23
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed

************************************************************
01:16:39: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
64000 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96768 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\services.exe
279040 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
229888 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
314880 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
21504 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskeng.exe
171520 bytes
Created: 12.12.2011 14:07
Modified: 05.11.2010 01:53
Company: Microsoft Corporation
--------------------
C:\Windows\system32\Dwm.exe
81920 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
272528 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
--------------------
C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE
464896 bytes
Created: 24.11.2009 12:04
Modified: 03.07.2009 11:58
Company: telegate MEDIA AG
--------------------
C:\Windows\system32\igfxsrvc.exe
256536 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
C:\Windows\ehome\ehmsas.exe
37376 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
905216 bytes
Created: 23.12.2006 17:04
Modified: 23.12.2006 17:04
Company: Nero AG
--------------------
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created: 22.08.2008 02:01
Modified: 27.05.2008 06:18
Company: Microsoft Corporation
--------------------
C:\Windows\system32\WUDFHost.exe
142336 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
13019280 bytes
Created: 25.09.2012 16:01
Modified: 25.09.2012 16:01
Company: Microsoft Corporation
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
130560 bytes
Created: 19.09.2008 08:52
Modified: 19.09.2008 08:52
Company:
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
119808 bytes
Created: 03.06.2008 08:02
Modified: 03.06.2008 08:02
Company:
--------------------
C:\Windows\system32\wuauclt.exe
53472 bytes
Created: 12.12.2011 12:33
Modified: 07.08.2009 03:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 4766968
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\conime.exe
69120 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Mozilla Firefox\plugin-container.exe
17304 bytes
Created: 19.01.2013 00:53
Modified: 19.01.2013 00:53
Company: Mozilla Corporation
--------------------
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
1808392 bytes
Created: 17.01.2013 19:30
Modified: 17.01.2013 19:30
Company: Adobe Systems, Inc.
--------------------

************************************************************
01:16:47: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Sign In
HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01:16:47 22 Jan 2013
Total Scan time: 00:07:09
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
Scan cancelled by User
22.01.2013 01:22:00: restart commenced
************************************************************

Alt 23.01.2013, 14:54   #9
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



das ist nur harmloses zeug, dazu kommen wir später.
trojan remover log, gabs da was?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 14:55   #10
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Des weiteren habe ich auf dem trojan remover noch folgendes gefunden:
***** THE SYSTEM HAS BEEN RESTARTED *****
22.01.2013 01:26:02: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\SDWinLogon - already removed (or did not exist)
=======================================================
22.01.2013 01:26:02: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:09:37 22 Jan 2013
Using Database v8032
Operating System: Windows Vista Home Premium (SP1) [Build: 6.0.6001]
File System: NTFS
User Account Control is Enabled
UserData directory: C:\Users\Ron\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Ron\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
01:09:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
01:09:38: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
01:09:46: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2927104 bytes
Created: 12.12.2008 02:55
Modified: 29.10.2008 07:29
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [Windows Defender]
Value Data: [%ProgramFiles%\Windows Defender\MSASCui.exe -hide]
C:\Program Files\Windows Defender\MSASCui.exe
1008184 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:38
Company: Microsoft Corporation
--------------------
Value Name: [RtHDVCpl]
Value Data: [RtHDVCpl.exe]
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 26.10.2007 13:50
Modified: 17.08.2007 12:27
Company: Realtek Semiconductor
--------------------
Value Name: [Adobe Reader Speed Launcher]
Value Data: ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
40048 bytes
Created: 11.05.2007 02:06
Modified: 11.05.2007 02:06
Company: Adobe Systems Incorporated
--------------------
Value Name: [NeroFilterCheck]
Value Data: [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
155648 bytes
Created: 12.01.2006 14:40
Modified: 12.01.2006 14:40
Company: Nero AG
--------------------
Value Name: [Google Desktop Search]
Value Data: ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
220160 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
--------------------
Value Name: [toolbar_eula_launcher]
Value Data: [C:\Program Files\GoogleEULA\EULALauncher.exe]
C:\Program Files\GoogleEULA\EULALauncher.exe
16896 bytes
Created: 26.10.2007 15:09
Modified: 09.02.2007 14:54
Company:
--------------------
Value Name: [GrooveMonitor]
Value Data: ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
30040 bytes
Created: 26.02.2009 18:36
Modified: 26.02.2009 18:36
Company: Microsoft Corporation
--------------------
Value Name: [IgfxTray]
Value Data: [C:\Windows\system32\igfxtray.exe]
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\Windows\system32\hkcmd.exe]
C:\Windows\system32\hkcmd.exe
166424 bytes
Created: 02.01.2008 17:06
Modified: 02.01.2008 17:06
Company: Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: [C:\Windows\system32\igfxpers.exe]
C:\Windows\system32\igfxpers.exe
133656 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
Value Name: [Skytel]
Value Data: [Skytel.exe]
C:\Windows\Skytel.exe
1826816 bytes
Created: 26.10.2007 13:50
Modified: 03.08.2007 12:22
Company: Realtek Semiconductor Corp.
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 02.09.2008 13:13
Modified: 12.06.2008 13:28
Company: Avira GmbH
--------------------
Value Name: [HP Software Update]
Value Data: [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 10.12.2006 20:52
Modified: 10.12.2006 20:52
Company: Hewlett-Packard Co.
--------------------
Value Name: [NPSStartup] - blank or invalid data
--------------------
Value Name: [VX1000]
Value Data: [C:\Windows\vVX1000.exe]
C:\Windows\vVX1000.exe
757248 bytes
Created: 26.06.2009 16:21
Modified: 26.06.2009 16:21
Company: Microsoft Corporation
--------------------
Value Name: [LifeCam]
Value Data: ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"]
C:\Program Files\Microsoft LifeCam\LifeExp.exe
118640 bytes
Created: 24.07.2009 15:05
Modified: 24.07.2009 15:05
Company: Microsoft Corporation
--------------------
Value Name: [APSDaemon]
Value Data: ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
59280 bytes
Created: 28.11.2012 14:13
Modified: 28.11.2012 14:13
Company: Apple Inc.
--------------------
Value Name: [QuickTime Task]
Value Data: ["C:\Program Files\QuickTime\QTTask.exe" -atboottime]
C:\Program Files\QuickTime\QTTask.exe
421888 bytes
Created: 25.10.2012 03:12
Modified: 25.10.2012 03:12
Company: Apple Inc.
--------------------
Value Name: [iTunesHelper]
Value Data: ["C:\Program Files\iTunes\iTunesHelper.exe"]
C:\Program Files\iTunes\iTunesHelper.exe
152544 bytes
Created: 12.12.2012 13:57
Modified: 12.12.2012 13:57
Company: Apple Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1247504 bytes
Created: 22.01.2013 01:06
Modified: 14.09.2012 11:58
Company: Simply Super Software
--------------------
Value Name: [SDTray]
Value Data: ["C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"]
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
3825176 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:08
Company: Safer-Networking Ltd.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Sidebar]
Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
C:\Program Files\Windows Sidebar\sidebar.exe
1233920 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
Value Data: ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
143360 bytes
Created: 23.12.2006 17:05
Modified: 23.12.2006 17:05
Company: Nero AG
--------------------
Value Name: [Google Update]
Value Data: ["C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe" /c]
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
--------------------
Value Name: [PC Suite Tray]
Value Data: ["C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
1205760 bytes
Created: 03.12.2008 12:47
Modified: 03.12.2008 12:47
Company: Nokia
--------------------
Value Name: [AutoStartNPSAgent]
Value Data: [C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
98304 bytes
Created: 13.12.2008 17:51
Modified: 13.12.2008 17:51
Company: Samsung Electronics Co., Ltd.
--------------------
Value Name: [ehTray.exe]
Value Data: [C:\Windows\ehome\ehTray.exe]
C:\Windows\ehome\ehTray.exe
125952 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [Facebook Update]
Value Data: ["C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver]
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
--------------------
Value Name: [WMPNSCFG]
Value Data: [C:\Program Files\Windows Media Player\WMPNSCFG.exe]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
202240 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files\Skype\Phone\Skype.exe
-R- 17418928 bytes
Created: 13.07.2012 12:33
Modified: 13.07.2012 12:33
Company: Skype Technologies S.A.
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
01:11:06: Scanning -----SHELLEXECUTEHOOKS-----

************************************************************
01:11:07: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
01:11:08: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
01:11:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
01:11:11: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
01:11:33: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACPI
ImagePath: system32\drivers\acpi.sys
C:\Windows\system32\drivers\acpi.sys
266808 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 07.06.2012 23:08
Modified: 17.01.2013 19:30
Company: Adobe Systems Incorporated
----------
Key: adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\Windows\system32\drivers\adp94xx.sys
420968 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\Windows\system32\drivers\adpahci.sys
297576 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: adpu160m
ImagePath: \SystemRoot\system32\drivers\adpu160m.sys
C:\Windows\system32\drivers\adpu160m.sys
98408 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\Windows\system32\drivers\adpu320.sys
147048 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Adaptec, Inc.
----------
Key: AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\Windows\system32\drivers\afd.sys
273408 bytes
Created: 12.12.2011 14:08
Modified: 21.04.2011 14:16
Company: Microsoft Corporation
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys
53864 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: \SystemRoot\system32\drivers\djsvs.sys
C:\Windows\system32\drivers\djsvs.sys
71272 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\Windows\System32\alg.exe
59392 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\Windows\system32\drivers\aliide.sys
17592 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Acer Laboratories Inc.
----------
Key: amdagp
ImagePath: \SystemRoot\system32\drivers\amdagp.sys
C:\Windows\system32\drivers\amdagp.sys
54888 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\Windows\system32\drivers\amdide.sys
18104 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: AmdK7
ImagePath: \SystemRoot\system32\drivers\amdk7.sys
C:\Windows\system32\drivers\amdk7.sys
38912 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: \SystemRoot\system32\drivers\amdk8.sys
C:\Windows\system32\drivers\amdk8.sys
40960 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 02.09.2008 13:13
Modified: 24.10.2008 13:15
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 02.09.2008 13:13
Modified: 24.10.2008 13:15
Company: Avira GmbH
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
55184 bytes
Created: 11.08.2012 16:43
Modified: 11.08.2012 16:43
Company: Apple Inc.
----------
Key: arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\Windows\system32\drivers\arc.sys
67688 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\Windows\system32\drivers\arcsas.sys
67688 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Adaptec, Inc.
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\Windows\system32\DRIVERS\asyncmac.sys
17408 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys
21560 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11608 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52056 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\Windows\system32\DRIVERS\avipbb.sys
75096 bytes
Created: 02.09.2008 13:13
Modified: 27.05.2009 23:41
Company: Avira GmbH
----------
Key: BBSvc
ImagePath: "C:\Program Files\Microsoft\BingBar\BBSvc.EXE"
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
196176 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------
Key: BBUpdate
ImagePath: "C:\Program Files\Microsoft\BingBar\SeaPort.EXE"
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
249648 bytes
Created: 13.10.2011 17:21
Modified: 13.10.2011 17:21
Company: Microsoft Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
390504 bytes
Created: 30.08.2011 23:05
Modified: 30.08.2011 23:05
Company: Apple Inc.
----------
Key: bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\Windows\system32\DRIVERS\bowser.sys
69632 bytes
Created: 12.12.2011 14:11
Modified: 22.02.2011 13:51
Company: Microsoft Corporation
----------
Key: BrFiltLo
ImagePath: \SystemRoot\system32\drivers\brfiltlo.sys
C:\Windows\system32\drivers\brfiltlo.sys
13568 bytes
Created: 02.11.2006 10:38
Modified: 02.11.2006 09:24
Company: Brother Industries, Ltd.
----------
Key: BrFiltUp
ImagePath: \SystemRoot\system32\drivers\brfiltup.sys
C:\Windows\system32\drivers\brfiltup.sys
5248 bytes
Created: 02.11.2006 10:37
Modified: 02.11.2006 09:24
Company: Brother Industries, Ltd.
----------
Key: Brserid
ImagePath: \SystemRoot\system32\drivers\brserid.sys
C:\Windows\system32\drivers\brserid.sys
71808 bytes
Created: 02.11.2006 10:22
Modified: 02.11.2006 09:25
Company: Brother Industries Ltd.
----------
Key: BrSerWdm
ImagePath: \SystemRoot\system32\drivers\brserwdm.sys
C:\Windows\system32\drivers\brserwdm.sys
62336 bytes
Created: 02.11.2006 10:36
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BrUsbMdm
ImagePath: \SystemRoot\system32\drivers\brusbmdm.sys
C:\Windows\system32\drivers\brusbmdm.sys
12160 bytes
Created: 02.11.2006 10:37
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BrUsbSer
ImagePath: \SystemRoot\system32\drivers\brusbser.sys
C:\Windows\system32\drivers\brusbser.sys
11904 bytes
Created: 02.11.2006 10:38
Modified: 02.11.2006 09:24
Company: Brother Industries Ltd.
----------
Key: BTHMODEM
ImagePath: \SystemRoot\system32\drivers\bthmodem.sys
C:\Windows\system32\drivers\bthmodem.sys
39936 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\Windows\system32\DRIVERS\cdfs.sys
70144 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\Windows\system32\DRIVERS\cdrom.sys
67072 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\Windows\system32\drivers\circlass.sys
35328 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: CLFS
ImagePath: System32\CLFS.sys
C:\Windows\System32\CLFS.sys
247352 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
69632 bytes
Created: 07.08.2009 02:02
Modified: 27.07.2008 19:03
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\Windows\system32\drivers\cmdide.sys
19128 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: CMD Technology, Inc.
----------
Key: Compbatt
ImagePath: \SystemRoot\system32\drivers\compbatt.sys
C:\Windows\system32\drivers\compbatt.sys
18280 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\system32\dllhost.exe
7168 bytes
Created: 02.11.2006 09:50
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: crcdisk
ImagePath: system32\drivers\crcdisk.sys
C:\Windows\system32\drivers\crcdisk.sys
22632 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: Crusoe
ImagePath: \SystemRoot\system32\drivers\crusoe.sys
C:\Windows\system32\drivers\crusoe.sys
38912 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\Windows\System32\Drivers\dfsc.sys
75264 bytes
Created: 12.12.2011 14:09
Modified: 14.04.2011 15:24
Company: Microsoft Corporation
----------
Key: DFSR
ImagePath: %SystemRoot%\system32\DFSR.exe
C:\Windows\system32\DFSR.exe
2091520 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: disk
ImagePath: system32\drivers\disk.sys
C:\Windows\system32\drivers\disk.sys
55352 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\Windows\system32\drivers\drmkaud.sys
5632 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\Windows\System32\drivers\dxgkrnl.sys
625152 bytes
Created: 10.09.2008 00:25
Modified: 02.08.2008 02:01
Company: Microsoft Corporation
----------
Key: e1express
ImagePath: system32\DRIVERS\e1e6032.sys
C:\Windows\system32\DRIVERS\e1e6032.sys
228224 bytes
Created: 26.10.2007 13:15
Modified: 13.04.2007 12:22
Company: Intel Corporation
----------
Key: E1G60
ImagePath: system32\DRIVERS\E1G60I32.sys
C:\Windows\system32\DRIVERS\E1G60I32.sys
117760 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 08:30
Company: Intel Corporation
----------
Key: Ecache
ImagePath: System32\drivers\ecache.sys
C:\Windows\System32\drivers\ecache.sys
143416 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: ehRecvr
ImagePath: %systemroot%\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
292352 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: %systemroot%\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
131072 bytes
Created: 02.11.2006 13:35
Modified: 02.11.2006 13:35
Company: Microsoft Corporation
----------
Key: elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\Windows\system32\drivers\elxstor.sys
316520 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Emulex
----------
Key: fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\Windows\system32\DRIVERS\fdc.sys
25088 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\Windows\system32\drivers\fileinfo.sys
58936 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\Windows\system32\drivers\filetrace.sys
27648 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:30
Company: Microsoft Corporation
----------
Key: flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\Windows\system32\DRIVERS\flpydisk.sys
20480 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\Windows\system32\drivers\fltmgr.sys
192056 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
46104 bytes
Created: 07.08.2009 02:14
Modified: 20.06.2008 02:14
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\system32\FsUsbExDisk.SYS
C:\Windows\system32\FsUsbExDisk.SYS
36608 bytes
Created: 10.02.2009 17:11
Modified: 13.12.2008 17:15
Company: [no info]
----------
Key: FsUsbExService
ImagePath: C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\FsUsbExService.Exe
233472 bytes
Created: 10.02.2009 17:11
Modified: 13.12.2008 17:15
Company: Teruten
----------
Key: gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\Windows\system32\drivers\gagp30kx.sys
58984 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: GEARAspiWDM
ImagePath: system32\DRIVERS\GEARAspiWDM.sys
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
26840 bytes
Created: 03.01.2013 20:25
Modified: 21.08.2012 13:01
Company: GEAR Software Inc.
----------
Key: GoogleDesktopManager
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
69120 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------
Key: gupdate
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
----------
Key: gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\Windows\system32\drivers\HdAudio.sys
235520 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 08:36
Company: Microsoft Corporation
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\Windows\system32\DRIVERS\HDAudBus.sys
53760 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 05:30
Company: Microsoft Corporation
----------
Key: HidBth
ImagePath: \SystemRoot\system32\drivers\hidbth.sys
C:\Windows\system32\drivers\hidbth.sys
29184 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\Windows\system32\drivers\hidir.sys
21504 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\Windows\system32\DRIVERS\hidusb.sys
12288 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: HpCISSs
ImagePath: \SystemRoot\system32\drivers\hpcisss.sys
C:\Windows\system32\drivers\hpcisss.sys
37480 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Hewlett-Packard Company
----------
Key: HTTP
ImagePath: system32\drivers\HTTP.sys
C:\Windows\system32\drivers\HTTP.sys
411136 bytes
Created: 13.12.2011 03:16
Modified: 20.02.2010 22:18
Company: Microsoft Corporation
----------
Key: i2omp
ImagePath: \SystemRoot\system32\drivers\i2omp.sys
C:\Windows\system32\drivers\i2omp.sys
27752 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\Windows\system32\DRIVERS\i8042prt.sys
54784 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iastorv.sys
C:\Windows\system32\drivers\iastorv.sys
232040 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
881664 bytes
Created: 07.08.2009 02:14
Modified: 20.06.2008 02:14
Company: Microsoft Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2016256 bytes
Created: 02.01.2008 16:48
Modified: 02.01.2008 16:48
Company: Intel Corporation
----------
Key: iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\Windows\system32\drivers\iirsp.sys
41576 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Intel Corp./ICP vortex GmbH
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHDA.sys
C:\Windows\system32\drivers\RTKVHDA.sys
1950552 bytes
Created: 26.10.2007 13:50
Modified: 22.08.2007 17:44
Company: Realtek Semiconductor Corp.
----------
Key: intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\Windows\system32\drivers\intelide.sys
17592 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: intelppm
ImagePath: system32\DRIVERS\intelppm.sys
C:\Windows\system32\DRIVERS\intelppm.sys
41472 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:27
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\Windows\system32\DRIVERS\ipfltdrv.sys
47616 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: IPMIDRV
ImagePath: \SystemRoot\system32\drivers\ipmidrv.sys
C:\Windows\system32\drivers\ipmidrv.sys
65536 bytes
Created: 02.11.2006 09:42
Modified: 02.11.2006 09:42
Company: Microsoft Corporation
----------
Key: IPNAT
ImagePath: system32\DRIVERS\ipnat.sys
C:\Windows\system32\DRIVERS\ipnat.sys
100864 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
553440 bytes
Created: 12.12.2012 13:57
Modified: 12.12.2012 13:57
Company: Apple Inc.
----------
Key: IRENUM
ImagePath: system32\drivers\irenum.sys
C:\Windows\system32\drivers\irenum.sys
13312 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\Windows\system32\drivers\isapnp.sys
47208 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: iScsiPrt
ImagePath: system32\DRIVERS\msiscsi.sys
C:\Windows\system32\DRIVERS\msiscsi.sys
181304 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: iteatapi
ImagePath: \SystemRoot\system32\drivers\iteatapi.sys
C:\Windows\system32\drivers\iteatapi.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Integrated Technology Express, Inc.
----------
Key: iteraid
ImagePath: \SystemRoot\system32\drivers\iteraid.sys
C:\Windows\system32\drivers\iteraid.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Integrated Technology Express, Inc.
----------
Key: kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\Windows\system32\DRIVERS\kbdclass.sys
35384 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: kbdhid
ImagePath: system32\DRIVERS\kbdhid.sys
C:\Windows\system32\DRIVERS\kbdhid.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\Windows\System32\Drivers\ksecdd.sys
439896 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 19:20
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
61440 bytes
Created: 19.10.2006 12:52
Modified: 19.10.2006 12:52
Company: Hewlett-Packard Company
----------
Key: lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\Windows\system32\DRIVERS\lltdio.sys
47104 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\Windows\system32\drivers\lsi_fc.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\Windows\system32\drivers\lsi_sas.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\Windows\system32\drivers\lsi_scsi.sys
65640 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\Windows\system32\drivers\luafv.sys
84480 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:30
Company: Microsoft Corporation
----------
Key: McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
237008 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
----------
Key: megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\Windows\system32\drivers\megasas.sys
28776 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic Corporation
----------
Key: Microsoft Office Groove Audit Service
ImagePath: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
64856 bytes
Created: 26.02.2009 18:36
Modified: 26.02.2009 18:36
Company: Microsoft Corporation
----------
Key: Modem
ImagePath: system32\drivers\modem.sys
C:\Windows\system32\drivers\modem.sys
31744 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:57
Company: Microsoft Corporation
----------
Key: monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\Windows\system32\DRIVERS\monitor.sys
41984 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:52
Company: Microsoft Corporation
----------
Key: mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\Windows\system32\DRIVERS\mouclass.sys
34360 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\Windows\system32\DRIVERS\mouhid.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MountMgr
ImagePath: System32\drivers\mountmgr.sys
C:\Windows\System32\drivers\mountmgr.sys
57400 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: MozillaMaintenance
ImagePath: C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
115608 bytes
Created: 28.04.2012 22:38
Modified: 19.01.2013 00:53
Company: Mozilla Foundation
----------
Key: mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\Windows\system32\drivers\mpio.sys
78952 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\Windows\System32\drivers\mpsdrv.sys
64000 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:54
Company: Microsoft Corporation
----------
Key: Mraid35x
ImagePath: \SystemRoot\system32\drivers\mraid35x.sys
C:\Windows\system32\drivers\mraid35x.sys
33384 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic Corporation
----------
Key: MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\Windows\system32\drivers\mrxdav.sys
110080 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\Windows\system32\DRIVERS\mrxsmb.sys
105984 bytes
Created: 12.12.2011 14:09
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\Windows\system32\DRIVERS\mrxsmb10.sys
213504 bytes
Created: 12.12.2011 14:09
Modified: 06.07.2011 15:56
Company: Microsoft Corporation
----------
Key: mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\Windows\system32\DRIVERS\mrxsmb20.sys
79360 bytes
Created: 12.12.2011 14:09
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys
25784 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: Microsoft Corporation
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
139120 bytes
Created: 24.07.2009 15:05
Modified: 24.07.2009 15:05
Company: Microsoft Corporation
----------
Key: msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\Windows\system32\drivers\msdsm.sys
80488 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
105984 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\Windows\system32\drivers\msisadrv.sys
16440 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
C:\Windows\system32\msiexec - [file not found to scan]
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\Windows\system32\drivers\MSKSSRV.sys
8192 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\Windows\system32\drivers\MSPCLOCK.sys
5888 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\Windows\system32\drivers\MSPQM.sys
5504 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\Windows\system32\DRIVERS\mssmbios.sys
31288 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\Windows\system32\drivers\MSTEE.sys
6016 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: Mup
ImagePath: System32\Drivers\mup.sys
C:\Windows\System32\Drivers\mup.sys
49720 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\Windows\system32\DRIVERS\nwifi.sys
148480 bytes
Created: 10.09.2008 00:25
Modified: 20.05.2008 03:07
Company: Microsoft Corporation
----------
Key: NBService
ImagePath: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
774144 bytes
Created: 05.12.2006 11:44
Modified: 05.12.2006 11:44
Company: Nero AG
----------
Key: NDIS
ImagePath: system32\drivers\ndis.sys
C:\Windows\system32\drivers\ndis.sys
529464 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\Windows\system32\DRIVERS\ndistapi.sys
20992 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\Windows\system32\DRIVERS\ndisuio.sys
16896 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\Windows\system32\DRIVERS\ndiswan.sys
121344 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\Windows\system32\DRIVERS\netbios.sys
35840 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: netbt
ImagePath: System32\DRIVERS\netbt.sys
C:\Windows\System32\DRIVERS\netbt.sys
184320 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\Windows\system32\drivers\nfrd960.sys
45160 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: IBM Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
262144 bytes
Created: 23.12.2006 16:54
Modified: 23.12.2006 16:54
Company: Nero AG
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\Windows\system32\drivers\ccdcmb.sys
17664 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\Windows\system32\drivers\ccdcmbo.sys
22016 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Nokia
----------
Key: nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\Windows\system32\drivers\nsiproxy.sys
16384 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: ntrigdigi
ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys
C:\Windows\system32\drivers\ntrigdigi.sys
20608 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 08:36
Company: N-trig Innovative Technologies
----------
Key: nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\Windows\system32\drivers\nvraid.sys
88680 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: NVIDIA Corporation
----------
Key: nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\Windows\system32\drivers\nvstor.sys
40040 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\Windows\system32\drivers\nv_agp.sys
106600 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: odserv
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
440696 bytes
Created: 20.07.2011 05:18
Modified: 20.07.2011 05:18
Company: Microsoft Corporation
----------
Key: ohci1394
ImagePath: system32\DRIVERS\ohci1394.sys
C:\Windows\system32\DRIVERS\ohci1394.sys
61952 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26.10.2006 14:03
Modified: 26.10.2006 14:03
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\system32\drivers\parport.sys
79360 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: partmgr
ImagePath: System32\drivers\partmgr.sys
C:\Windows\System32\drivers\partmgr.sys
56376 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: Parvdm
ImagePath: \SystemRoot\system32\drivers\parvdm.sys
C:\Windows\system32\drivers\parvdm.sys
8704 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\Windows\system32\DRIVERS\pccsmcfd.sys
18816 bytes
Created: 10.02.2009 16:37
Modified: 26.08.2008 09:26
Company: Nokia
----------
Key: pci
ImagePath: system32\drivers\pci.sys
C:\Windows\system32\drivers\pci.sys
151096 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: pciide
ImagePath: system32\drivers\pciide.sys
C:\Windows\system32\drivers\pciide.sys
16440 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\Windows\system32\drivers\pcmcia.sys
167528 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:51
Company: Microsoft Corporation
----------
Key: PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\Windows\system32\drivers\peauth.sys
878080 bytes
Created: 02.11.2006 10:04
Modified: 02.11.2006 10:04
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys
10368 bytes
Created: 03.01.2008 14:18
Modified: 03.01.2008 14:18
Company: Padus, Inc.
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\Windows\system32\DRIVERS\raspptp.sys
62976 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\Windows\system32\drivers\processr.sys
38400 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: PSched
ImagePath: system32\DRIVERS\pacer.sys
C:\Windows\system32\DRIVERS\pacer.sys
72192 bytes
Created: 12.07.2008 14:46
Modified: 05.04.2008 02:21
Company: Microsoft Corporation
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys
900712 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys
106088 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: QLogic Corporation
----------
Key: QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\Windows\system32\drivers\qwavedrv.sys
31232 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\Windows\System32\DRIVERS\rasacd.sys
11776 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\Windows\system32\DRIVERS\rasl2tp.sys
76288 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\Windows\system32\DRIVERS\raspppoe.sys
41472 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\Windows\system32\DRIVERS\rassstp.sys
69120 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\Windows\system32\DRIVERS\rdbss.sys
224768 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\Windows\System32\DRIVERS\RDPCDD.sys
6144 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: rdpdr
ImagePath: \SystemRoot\system32\drivers\rdpdr.sys
C:\Windows\system32\drivers\rdpdr.sys
242688 bytes
Created: 02.11.2006 10:03
Modified: 02.11.2006 10:03
Company: Microsoft Corporation
----------
Key: RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\Windows\system32\drivers\rdpencdd.sys
6144 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\Windows\system32\locator.exe
7680 bytes
Created: 02.11.2006 09:50
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\Windows\system32\DRIVERS\rspndr.sys
60416 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe
9728 bytes
Created: 12.12.2011 14:13
Modified: 15.06.2009 13:57
Company: Microsoft Corporation
----------
Key: sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\Windows\system32\drivers\sbp2port.sys
76392 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: SDScannerService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
1103392 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: SDUpdateService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
1369624 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: SDWSCService
ImagePath: C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
168384 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
----------
Key: Serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys
17920 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys
83456 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\Windows\system32\drivers\sermouse.sys
19968 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:49
Company: Microsoft Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
620544 bytes
Created: 11.11.2008 09:38
Modified: 11.11.2008 09:38
Company: Nokia.
----------
Key: sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\Windows\system32\drivers\sffdisk.sys
13312 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\Windows\system32\drivers\sffp_mmc.sys
12800 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\Windows\system32\drivers\sffp_sd.sys
12800 bytes
Created: 02.11.2006 09:51
Modified: 15.10.2007 21:54
Company: Microsoft Corporation
----------
Key: sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\Windows\system32\drivers\sfloppy.sys
13312 bytes
Created: 02.11.2006 09:51
Modified: 02.11.2006 09:51
Company: Microsoft Corporation
----------
Key: sisagp
ImagePath: \SystemRoot\system32\drivers\sisagp.sys
C:\Windows\system32\drivers\sisagp.sys
53352 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: SiSRaid2
ImagePath: \SystemRoot\system32\drivers\sisraid2.sys
C:\Windows\system32\drivers\sisraid2.sys
38504 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Silicon Integrated Systems Corp.
----------
Key: SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\Windows\system32\drivers\sisraid4.sys
71784 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Silicon Integrated Systems
----------
Key: SkypeUpdate
ImagePath: "C:\Program Files\Skype\Updater\Updater.exe"
C:\Program Files\Skype\Updater\Updater.exe
-R- 160944 bytes
Created: 03.07.2012 12:19
Modified: 03.07.2012 12:19
Company: Skype Technologies
----------
Key: slsvc
ImagePath: %SystemRoot%\system32\SLsvc.exe
C:\Windows\system32\SLsvc.exe
2623488 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: Smb
ImagePath: system32\DRIVERS\smb.sys
C:\Windows\system32\DRIVERS\smb.sys
66560 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
12800 bytes
Created: 02.11.2006 09:58
Modified: 02.11.2006 10:45
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
126464 bytes
Created: 12.12.2011 14:08
Modified: 17.08.2010 14:32
Company: Microsoft Corporation
----------
Key: srv
ImagePath: System32\DRIVERS\srv.sys
C:\Windows\System32\DRIVERS\srv.sys
304640 bytes
Created: 12.12.2011 14:09
Modified: 18.02.2011 14:31
Company: Microsoft Corporation
----------
Key: srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\Windows\System32\DRIVERS\srv2.sys
146432 bytes
Created: 12.12.2011 14:08
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\Windows\System32\DRIVERS\srvnet.sys
102400 bytes
Created: 12.12.2011 14:08
Modified: 29.04.2011 13:49
Company: Microsoft Corporation
----------
Key: sscdbus
ImagePath: system32\DRIVERS\sscdbus.sys
C:\Windows\system32\DRIVERS\sscdbus.sys
87936 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: sscdmdfl
ImagePath: system32\DRIVERS\sscdmdfl.sys
C:\Windows\system32\DRIVERS\sscdmdfl.sys
14976 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: sscdmdm
ImagePath: system32\DRIVERS\sscdmdm.sys
C:\Windows\system32\DRIVERS\sscdmdm.sys
114304 bytes
Created: 10.02.2009 17:12
Modified: 22.02.2008 15:33
Company: MCCI Corporation
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\Windows\system32\DRIVERS\ssmdrv.sys
21248 bytes
Created: 02.09.2008 13:13
Modified: 08.11.2007 18:03
Company: AVIRA GmbH
----------
Key: swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\Windows\system32\DRIVERS\swenum.sys
15288 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:41
Company: Microsoft Corporation
----------
Key: Symc8xx
ImagePath: \SystemRoot\system32\drivers\symc8xx.sys
C:\Windows\system32\drivers\symc8xx.sys
35944 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: Sym_hi
ImagePath: \SystemRoot\system32\drivers\sym_hi.sys
C:\Windows\system32\drivers\sym_hi.sys
31848 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:49
Company: LSI Logic
----------
Key: Sym_u3
ImagePath: \SystemRoot\system32\drivers\sym_u3.sys
C:\Windows\system32\drivers\sym_u3.sys
34920 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: LSI Logic
----------
Key: Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\Windows\System32\drivers\tcpip.sys
898952 bytes
Created: 12.12.2011 14:05
Modified: 16.06.2010 16:59
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip.sys
C:\Windows\system32\DRIVERS\tcpip.sys
898952 bytes
Created: 12.12.2011 14:05
Modified: 16.06.2010 16:59
Company: Microsoft Corporation
----------
Key: tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\Windows\System32\drivers\tcpipreg.sys
30208 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\Windows\system32\drivers\tdpipe.sys
17920 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\Windows\system32\drivers\tdtcp.sys
29184 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\Windows\system32\DRIVERS\tdx.sys
71680 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: TermDD
ImagePath: system32\DRIVERS\termdd.sys
C:\Windows\system32\DRIVERS\termdd.sys
54328 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: TrustedInstaller
ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
39424 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\Windows\System32\DRIVERS\tssecsrv.sys
23552 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:01
Company: Microsoft Corporation
----------
Key: tunmp
ImagePath: system32\DRIVERS\tunmp.sys
C:\Windows\system32\DRIVERS\tunmp.sys
15360 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:55
Company: Microsoft Corporation
----------
Key: tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\Windows\system32\DRIVERS\tunnel.sys
25088 bytes
Created: 13.03.2012 08:42
Modified: 18.02.2010 12:52
Company: Microsoft Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys
56936 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\Windows\system32\DRIVERS\udfs.sys
226816 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 06:28
Company: Microsoft Corporation
----------
Key: UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\Windows\system32\UI0Detect.exe
35840 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\Windows\system32\drivers\uliagpkx.sys
58472 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:50
Company: Microsoft Corporation
----------
Key: uliahci
ImagePath: \SystemRoot\system32\drivers\uliahci.sys
C:\Windows\system32\drivers\uliahci.sys
235112 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:51
Company: ULi Electronics Inc.
----------
Key: UlSata
ImagePath: \SystemRoot\system32\drivers\ulsata.sys
C:\Windows\system32\drivers\ulsata.sys
98408 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Promise Technology, Inc.
----------
Key: ulsata2
ImagePath: \SystemRoot\system32\drivers\ulsata2.sys
C:\Windows\system32\drivers\ulsata2.sys
115816 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: Promise Technology, Inc.
----------
Key: umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\Windows\system32\DRIVERS\umbus.sys
34816 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
12352 bytes
Created: 01.07.2010 18:11
Modified: 01.07.2010 18:11
Company: [no info]
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\Windows\System32\Drivers\usbaapl.sys
44544 bytes
Created: 28.09.2012 10:32
Modified: 28.09.2012 10:32
Company: Apple, Inc.
----------
Key: usbaudio
ImagePath: system32\drivers\usbaudio.sys
C:\Windows\system32\drivers\usbaudio.sys
73088 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\Windows\system32\DRIVERS\usbccgp.sys
73216 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\Windows\system32\drivers\usbcir.sys
68608 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\Windows\system32\DRIVERS\usbehci.sys
39424 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\Windows\system32\DRIVERS\usbhub.sys
194560 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbohci
ImagePath: \SystemRoot\system32\drivers\usbohci.sys
C:\Windows\system32\drivers\usbohci.sys
19456 bytes
Created: 02.11.2006 09:55
Modified: 02.11.2006 09:55
Company: Microsoft Corporation
----------
Key: usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\Windows\system32\DRIVERS\usbprint.sys
18944 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:14
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\Windows\system32\DRIVERS\usbscan.sys
35328 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 07:14
Company: Microsoft Corporation
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\Windows\system32\drivers\usbser.sys
28160 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 15.09.2008 07:56
Modified: 15.09.2008 07:56
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\Windows\system32\DRIVERS\USBSTOR.SYS
55296 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: system32\DRIVERS\usbuhci.sys
C:\Windows\system32\DRIVERS\usbuhci.sys
23552 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------
Key: vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\Windows\System32\vds.exe
382976 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\Windows\system32\DRIVERS\vgapnp.sys
26112 bytes
Created: 02.11.2006 11:25
Modified: 02.11.2006 09:53
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\Windows\System32\drivers\vga.sys
25088 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:52
Company: Microsoft Corporation
----------
Key: viaagp
ImagePath: \SystemRoot\system32\drivers\viaagp.sys
C:\Windows\system32\drivers\viaagp.sys
54376 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: ViaC7
ImagePath: \SystemRoot\system32\drivers\viac7.sys
C:\Windows\system32\drivers\viac7.sys
39424 bytes
Created: 02.11.2006 09:30
Modified: 02.11.2006 09:30
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys
20152 bytes
Created: 02.11.2006 09:51
Modified: 10.09.2007 12:13
Company: VIA Technologies, Inc.
----------
Key: volmgr
ImagePath: system32\drivers\volmgr.sys
C:\Windows\system32\drivers\volmgr.sys
52792 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\Windows\System32\drivers\volmgrx.sys
294456 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: volsnap
ImagePath: system32\drivers\volsnap.sys
C:\Windows\system32\drivers\volsnap.sys
227896 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:42
Company: Microsoft Corporation
----------
Key: vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\Windows\system32\drivers\vsmraid.sys
112232 bytes
Created: 02.11.2006 08:36
Modified: 02.11.2006 10:50
Company: VIA Technologies Inc.,Ltd
----------
Key: VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1054720 bytes
Created: 30.05.2008 14:27
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\Windows\system32\DRIVERS\VX1000.sys
1956096 bytes
Created: 26.06.2009 16:21
Modified: 26.06.2009 16:21
Company: Microsoft Corporation
----------
Key: WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\Windows\system32\drivers\wacompen.sys
20608 bytes
Created: 02.11.2006 09:52
Modified: 02.11.2006 09:52
Company: Microsoft Corporation
----------
Key: Wanarp
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\system32\DRIVERS\wanarp.sys
62464 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Wanarpv6
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\system32\DRIVERS\wanarp.sys
62464 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: \SystemRoot\system32\drivers\wd.sys
C:\Windows\system32\drivers\wd.sys
19560 bytes
Created: 02.11.2006 09:54
Modified: 02.11.2006 10:49
Company: Microsoft Corporation
----------
Key: Wdf01000
ImagePath: system32\drivers\Wdf01000.sys
C:\Windows\system32\drivers\Wdf01000.sys
503864 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:43
Company: Microsoft Corporation
----------
Key: WmiAcpi
ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys
C:\Windows\system32\drivers\wmiacpi.sys
11264 bytes
Created: 02.11.2006 09:35
Modified: 02.11.2006 09:35
Company: Microsoft Corporation
----------
Key: wmiApSrv
ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
137728 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
896512 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 07:04
Company: Microsoft Corporation
----------
Key: WPFFontCache_v0400
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: ws2ifsl
ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys
C:\Windows\system32\drivers\ws2ifsl.sys
15872 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 06:56
Company: Microsoft Corporation
----------
Key: WSearch
ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created: 22.08.2008 02:01
Modified: 27.05.2008 06:18
Company: Microsoft Corporation
----------
Key: WUDFRd
ImagePath: system32\DRIVERS\WUDFRd.sys
C:\Windows\system32\DRIVERS\WUDFRd.sys
83328 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 06:53
Company: Microsoft Corporation
----------

************************************************************
01:15:24: Scanning -----VXD ENTRIES-----

************************************************************
01:15:24: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : SDWinLogon
DLLName: SDWinLogon.dll
SDWinLogon.dll - this reference has been removed [file not found to scan]
----------

************************************************************
01:16:10: Scanning ----- CONTEXTMENUHANDLERS -----
Key: SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path: C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll
129080 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:06
Company: Safer-Networking Ltd.
----------

************************************************************
01:16:11: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0561EC90-CE54-4f0c-9C55-E226110A740C}
File: [CLSID does not appear to reference a file]

************************************************************
01:16:11: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
BHO: mscoree.dll
C:\Windows\system32\mscoree.dll
297808 bytes
Created: 13.12.2011 03:20
Modified: 08.11.2009 10:55
Company: Microsoft Corporation
----------
Key: {2EECD738-5844-4a99-B4B6-146BF802613B}
BHO: C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
270960 bytes
Created: 14.08.2011 13:24
Modified: 14.08.2011 13:24
Company: Babylon BHO
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
3214392 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:06
Company: Safer-Networking Ltd.
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2427968 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google Germany GmbH
----------
Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
BHO: "C:\Program Files\Microsoft\BingBar\BingExt.dll"
C:\Program Files\Microsoft\BingBar\BingExt.dll
1219152 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------

************************************************************
01:16:14: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
01:16:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
01:16:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
01:16:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL]
File: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
146432 bytes
Created: 26.10.2007 15:09
Modified: 26.10.2007 15:09
Company: Google
----------

************************************************************
01:16:15: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
01:16:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 02.11.2006 13:50
Modified: 30.05.2008 21:23
Company: [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\30982A~1.207\SSSCHE~1.EXE
272528 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
--------------------

************************************************************
01:16:16: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Ron
[C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 29.12.2007 17:55
Modified: 29.12.2007 17:55
Company: [no info]
----------
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
97680 bytes
Created: 26.02.2009 15:24
Modified: 26.02.2009 15:24
Company: Microsoft Corporation
----------
Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - links to C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE
C:\PROGRA~1\klickTel\TELEFO~1\kstart32.EXE
464896 bytes
Created: 24.11.2009 12:04
Modified: 03.07.2009 11:58
Company: telegate MEDIA AG
----------
--------------------

************************************************************
01:16:17: Scanning ----- SCHEDULED TASKS -----
Taskname: {291ADD4D-0E9B-4351-B9AD-952063F19422}
File: c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\firefox.exe
917400 bytes
Created: 19.01.2013 00:53
Modified: 19.01.2013 00:53
Company: Mozilla Corporation
Parameters: Skype for Windows
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {457B8049-2925-4140-93C1-9E2EF7B89B54}
----------
Taskname: {86EC80DD-C1C5-4381-B140-4ACC7D7D8650}
----------
Taskname: {B453A9D9-7772-402D-8F1D-A5EC4F67EC2B}
File: C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
-R- 17418928 bytes
Created: 13.07.2012 12:33
Modified: 13.07.2012 12:33
Company: Skype Technologies S.A.
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 07.06.2012 23:08
Modified: 17.01.2013 19:30
Company: Adobe Systems Incorporated
Schedule: At 01:30:00 every day
Next Run Time: 22.01.2013 01:30:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: Check for updates (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
3487240 bytes
Created: 22.01.2013 01:09
Modified: 13.11.2012 14:08
Company: Safer-Networking Ltd.
Parameters: /autoupdate /silent /autoclose
Schedule: At logon
Next Run Time:
Status: Running
Creator: Spybot - Search & Destroy 2
Comments: This task will regularly check for software updates, and install any available updates, to ensure you are well-protected.
----------
Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core
File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
Parameters: /c /nocrashserver
Schedule: At 23:50:00 every day
Next Run Time: 22.01.2013 23:50:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird.
----------
Taskname: FacebookUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA
File: C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
138096 bytes
Created: 01.10.2011 22:40
Modified: 11.07.2012 22:45
Company: Facebook Inc.
Parameters: /ua /installsource scheduler
Schedule: At 23:50:00 every day
Next Run Time: 22.01.2013 02:50:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Facebook-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Facebook-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Facebook-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 22.01.2013 01:35:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
136176 bytes
Created: 27.05.2010 21:34
Modified: 27.05.2010 21:34
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 01:35:00 every day
Next Run Time: 22.01.2013 01:35:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core
File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
Parameters: /c
Schedule: At 19:01:00 every day
Next Run Time: 22.01.2013 19:01:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA
File: C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 16.09.2008 12:32
Modified: 16.09.2008 12:32
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 19:01:00 every day
Next Run Time: 22.01.2013 02:01:00
Status: Ready
Creator: Ron
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: Refresh immunization (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
3653656 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
Parameters: /immunize /silent /autoclose
Schedule: At 00:30:00 every Mittwoch of every week, starting 22.01.2013
Next Run Time: 23.01.2013 00:30:00
Status: Ready
Creator: Spybot - Search & Destroy 2
Comments: This task will update your immunization, keeping your browsers protected against known malware sites, cookies and more.
----------
Taskname: Scan the system (Spybot - Search & Destroy)
File: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
3906584 bytes
Created: 22.01.2013 01:08
Modified: 13.11.2012 14:07
Company: Safer-Networking Ltd.
Parameters: /scan /cleanclose
Schedule: At 00:30:00 on day 1 of month 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, starting 22.01.2013
Next Run Time: 01.02.2013 00:30:00
Status: Ready
Creator: Spybot - Search & Destroy 2
Comments: A full system scan is recommended once per month.
----------
Taskname: User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12800 bytes
Created: 30.05.2008 14:22
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
Parameters: sync
Schedule: Multiple schedule times
Next Run Time: 22.01.2013 01:20:00
Status: Ready
Creator: Ron
Comments: Updates out-of-date system feeds.
----------

************************************************************
01:16:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
01:16:31: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.VP40
File: vp4vfw.dll
vp4vfw.dll - [file not found to scan]
----------
Value: vidc.VP60
File: vp6vfw.dll
C:\Windows\system32\vp6vfw.dll
-S- 425984 bytes
Created: 15.12.2003 16:11
Modified: 15.12.2003 16:11
Company: On2.com
----------
Value: vidc.VP50
File: vp5vfw.dll
vp5vfw.dll - [file not found to scan]
----------
Value: vidc.VP61
File: vp6vfw.dll
C:\Windows\system32\vp6vfw.dll - file already scanned
----------
Value: VIDC.ACDV
File: ACDV.dll
C:\Windows\system32\ACDV.dll
462848 bytes
Created: 20.06.2005 13:56
Modified: 20.06.2005 13:56
Company: ACD Systems
----------
Value: msacm.divxa32
File: divxa32.acm
C:\Windows\system32\divxa32.acm
287744 bytes
Created: 08.06.2007 13:39
Modified: 08.06.2007 13:39
Company: Kristal Studio
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\Windows\system32\ff_vfw.dll
7680 bytes
Created: 12.06.2008 19:36
Modified: 12.06.2008 19:36
Company: [no info]
----------
Value: vidc.DIVX
File: DivX.dll
C:\Windows\system32\DivX.dll
684032 bytes
Created: 21.11.2008 22:45
Modified: 21.11.2008 22:45
Company: DivX, Inc.
----------
Value: vidc.yv12
File: DivX.dll
C:\Windows\system32\DivX.dll - file already scanned
----------

************************************************************
01:16:36: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
189897 bytes
Created: 05.10.2010 12:23
Modified: 05.10.2010 12:23
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
C:\Users\Ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
189897 bytes
Created: 05.10.2010 12:23
Modified: 05.10.2010 12:23
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed

************************************************************
01:16:39: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
64000 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96768 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\services.exe
279040 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
229888 bytes
Created: 30.05.2008 14:26
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
314880 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
21504 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskeng.exe
171520 bytes
Created: 12.12.2011 14:07
Modified: 05.11.2010 01:53
Company: Microsoft Corporation
--------------------
C:\Windows\system32\Dwm.exe
81920 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
272528 bytes
Created: 17.06.2011 18:33
Modified: 17.06.2011 18:33
Company: McAfee, Inc.
--------------------
C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE
464896 bytes
Created: 24.11.2009 12:04
Modified: 03.07.2009 11:58
Company: telegate MEDIA AG
--------------------
C:\Windows\system32\igfxsrvc.exe
256536 bytes
Created: 02.01.2008 17:07
Modified: 02.01.2008 17:07
Company: Intel Corporation
--------------------
C:\Windows\ehome\ehmsas.exe
37376 bytes
Created: 30.05.2008 14:23
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
905216 bytes
Created: 23.12.2006 17:04
Modified: 23.12.2006 17:04
Company: Nero AG
--------------------
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created: 22.08.2008 02:01
Modified: 27.05.2008 06:18
Company: Microsoft Corporation
--------------------
C:\Windows\system32\WUDFHost.exe
142336 bytes
Created: 30.05.2008 14:25
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
13019280 bytes
Created: 25.09.2012 16:01
Modified: 25.09.2012 16:01
Company: Microsoft Corporation
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
130560 bytes
Created: 19.09.2008 08:52
Modified: 19.09.2008 08:52
Company:
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
119808 bytes
Created: 03.06.2008 08:02
Modified: 03.06.2008 08:02
Company:
--------------------
C:\Windows\system32\wuauclt.exe
53472 bytes
Created: 12.12.2011 12:33
Modified: 07.08.2009 03:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 4766968
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\conime.exe
69120 bytes
Created: 30.05.2008 14:24
Modified: 19.01.2008 08:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Mozilla Firefox\plugin-container.exe
17304 bytes
Created: 19.01.2013 00:53
Modified: 19.01.2013 00:53
Company: Mozilla Corporation
--------------------
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
1808392 bytes
Created: 17.01.2013 19:30
Modified: 17.01.2013 19:30
Company: Adobe Systems, Inc.
--------------------

************************************************************
01:16:47: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Bing
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Bing
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Sign In
HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01:16:47 22 Jan 2013
Total Scan time: 00:07:09
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
Scan cancelled by User
22.01.2013 01:22:00: restart commenced
************************************************************

Alt 23.01.2013, 15:25   #11
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



hi,
ok
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 20:05   #12
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-23.01 - Ron 23.01.2013  15:49:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1012.131 [GMT 1:00]
ausgeführt von:: c:\users\Ron\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\SET52F2.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-23 bis 2013-01-23  ))))))))))))))))))))))))))))))
.
.
2013-01-23 15:01 . 2013-01-23 15:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-23 01:32 . 2013-01-23 01:32	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{52037BC2-EB62-4BD4-B457-542F582907BD}\offreg.dll
2013-01-22 23:01 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{52037BC2-EB62-4BD4-B457-542F582907BD}\mpengine.dll
2013-01-22 14:42 . 2013-01-22 14:42	--------	d-----w-	c:\users\Ron\AppData\Roaming\Malwarebytes
2013-01-22 14:41 . 2013-01-22 14:41	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-22 14:41 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-22 14:41 . 2013-01-22 14:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-22 00:09 . 2013-01-23 10:06	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-01-22 00:08 . 2009-01-25 11:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2013-01-22 00:08 . 2013-01-22 00:09	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-01-22 00:07 . 2013-01-22 00:07	--------	d-----w-	c:\users\Ron\AppData\Roaming\Simply Super Software
2013-01-22 00:06 . 2012-06-15 15:39	169744	----a-w-	c:\windows\system32\ztvunrar36.dll
2013-01-22 00:06 . 2012-06-15 15:35	185616	----a-w-	c:\windows\system32\ztvunrar39.dll
2013-01-22 00:06 . 2012-06-15 15:33	605968	----a-w-	c:\windows\system32\ztv7z.dll
2013-01-22 00:06 . 2012-06-15 15:33	77072	----a-w-	c:\windows\system32\ztvcabinet.dll
2013-01-22 00:06 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2013-01-22 00:06 . 2003-02-02 19:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2013-01-22 00:06 . 2013-01-22 00:07	--------	d-----w-	c:\program files\Trojan Remover
2013-01-22 00:06 . 2013-01-22 00:06	--------	d-----w-	c:\programdata\Simply Super Software
2013-01-06 02:42 . 2013-01-06 02:42	--------	d-----w-	c:\programdata\eMule
2013-01-05 02:09 . 2013-01-05 02:09	--------	d-----w-	c:\users\Ron\AppData\Local\eMule
2013-01-05 02:09 . 2013-01-05 02:09	--------	d-----w-	c:\program files\eMule
2013-01-03 19:25 . 2012-08-21 12:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-03 19:23 . 2013-01-03 19:23	--------	d-----w-	c:\program files\iPod
2013-01-03 19:21 . 2013-01-03 19:25	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-03 19:21 . 2013-01-03 19:25	--------	d-----w-	c:\program files\iTunes
2013-01-03 19:05 . 2013-01-03 19:05	--------	d-----w-	c:\program files\Bonjour
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-03 19:03 . 2013-01-03 19:03	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-03 18:56 . 2013-01-03 18:56	--------	d-----w-	c:\program files\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 18:30 . 2012-06-07 22:08	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 18:30 . 2011-07-19 09:13	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-18 23:53 . 2013-01-18 23:53	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2008-12-13 98304]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-26 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk - c:\program files\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE [2009-11-24 464896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SDSCANNERSERVICE
*NewlyCreated* - SDUPDATESERVICE
*NewlyCreated* - SDWSCSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 18:30]
.
2013-01-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-22 13:08]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 20:34]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 20:34]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002Core.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 11:32]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107019901-2963555605-1873920653-1002UA.job
- c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-16 11:32]
.
2013-01-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-22 13:07]
.
2013-01-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-22 13:07]
.
2013-01-23 c:\windows\Tasks\User_Feed_Synchronization-{CC62F918-1DED-478E-B9BE-576ADBFCA089}.job
- c:\windows\system32\msfeedssync.exe [2008-05-30 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.mybiz.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=111863&tt=290312_bexdll&babsrc=adbartrp&mntrId=7618d20d000000000000001d9222e750&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111863
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7618d20d000000000000001d9222e750
FF - user.js: extensions.BabylonToolbar_i.hardId - 7618d20d000000000000001d9222e750
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Facebook Update - c:\users\Ron\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Everest Poker - c:\program files\Everest Poker\cstart.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-23 16:01
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-01-23  16:05:45
ComboFix-quarantined-files.txt  2013-01-23 15:05
.
Vor Suchlauf: 10 Verzeichnis(se), 144.140.161.024 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 144.083.165.184 Bytes frei
.
- - End Of File - - EE0C71D13EFF486559770918F7696499
         
--- --- ---

Alt 23.01.2013, 20:23   #13
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



hi
HitmanPro - Download - Filepony
lade hitmanpro
doppelklicken, lizenz, testlizenz.
scannen, nichts löschen, klicke weiter, log als xml exportieren und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 20:52   #14
sunsetx1
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



Code:
ATTFilter
HitmanPro 3.7.0.185
www.hitmanpro.com

   Computer name . . . . : HOME
   Windows . . . . . . . : 6.0.1.6001.X86/2
   User name . . . . . . : HOME\Ron
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-01-23 20:31:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 54s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 59

   Objects scanned . . . : 2.028.322
   Files scanned . . . . : 60.741
   Remnants scanned  . . : 638.394 files / 1.329.187 keys

Malware _____________________________________________________________________

   C:\Users\Ron\Software\Winrar Patch.exe -> Quarantined
      Size . . . . . . . : 91.136 bytes
      Age  . . . . . . . : 1847.3 days (2008-01-03 13:53:21)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : FB349BA4E1E791F212AAFA5EA80A330915B1D0662B42164A3D1E32453DE4C934
    > Ikarus . . . . . . : Backdoor.Pigeon!IK
      Fuzzy  . . . . . . : 114.0


Potential Unwanted Programs _________________________________________________

   C:\Program Files\BabylonToolbar\ (Babylon)
   C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
   HKLM\SOFTWARE\Babylon\ (Babylon)
   HKLM\SOFTWARE\BabylonToolbar\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Classes\b\ (Babylon)
   HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
   HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon)
   HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
   HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
   HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\BabylonToolbar\ (Babylon)
   HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
   HKU\S-1-5-21-1107019901-2963555605-1873920653-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)

Cookies _____________________________________________________________________

   C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\cookies.sqlite:www.youporn.com
   C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cmm6nye8.default\cookies.sqlite:youporn.com
         

Alt 23.01.2013, 20:58   #15
markusg
/// Malware-holic
 
Unerklärlicher Übergriff, Fachleute gesucht! - Standard

Unerklärlicher Übergriff, Fachleute gesucht!



woher stammt:
C:\Users\Ron\Software\Winrar Patch.exe
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Unerklärlicher Übergriff, Fachleute gesucht!
adresse, daten, email, facebook, folge, folgendes, freundin, gesuch, gesucht, handy, messenger, person, problem, übers



Ähnliche Themen: Unerklärlicher Übergriff, Fachleute gesucht!


  1. Unerklärlicher Download Traffic
    Plagegeister aller Art und deren Bekämpfung - 24.07.2015 (1)
  2. Unerklärlicher Spamversand
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (5)
  3. Treiber gesucht...
    Netzwerk und Hardware - 07.03.2010 (1)
  4. Hacker gesucht
    Überwachung, Datenschutz und Spam - 18.01.2010 (4)
  5. unerklärlicher upload
    Plagegeister aller Art und deren Bekämpfung - 03.06.2009 (3)
  6. Trojaner-Übergriff
    Mülltonne - 01.12.2007 (0)
  7. Trojaner gesucht
    Mülltonne - 12.07.2007 (4)
  8. unerklärlicher Datenverkehr
    Log-Analyse und Auswertung - 22.12.2006 (2)
  9. kann ´mal bitte einer der Fachleute einen Blick auf das Log-file werfen?
    Log-Analyse und Auswertung - 25.01.2005 (4)
  10. viel unerklärlicher traffic und ständige portscans
    Log-Analyse und Auswertung - 08.11.2004 (2)
  11. scanner gesucht
    Netzwerk und Hardware - 17.09.2003 (3)
  12. Unerklärlicher Virenbefall
    Plagegeister aller Art und deren Bekämpfung - 29.08.2003 (3)
  13. Foren gesucht
    Netzwerk und Hardware - 28.07.2003 (5)
  14. Bookmarkmanager gesucht
    Netzwerk und Hardware - 18.06.2003 (6)
  15. Seite gesucht
    Netzwerk und Hardware - 17.02.2003 (24)

Zum Thema Unerklärlicher Übergriff, Fachleute gesucht! - Hallo, ich habe folgendes Problem: Habe über facebook messenger gechattet, 2 mal mit der gleichen person(übers Handy). Diese Unterhaltung plus Daten aus meinem email eingang(nicht facebook), wurden per email, von - Unerklärlicher Übergriff, Fachleute gesucht!...
Archiv
Du betrachtest: Unerklärlicher Übergriff, Fachleute gesucht! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.