| Pechvogel44 | 18.08.2012 13:16 |
Live Security Platinum - Malwarebites löscht schadhafte libs nicht
Liebe Trojaner-Board-Gemeinde,
ich hatte mir den Live Security Platinum eingefangen. Die dazugehörige EXE hab ich gelöscht, aber Malwarebites findet immer noch libs, die eigentlich gelöscht werden sollten (z. B.:" C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot."), die nach dem Neustart aber immer noch da sind.
Antivir findet gar nix (hat den Live Security Platinum auch nicht erkannt:( )
Nun meine Fragen:
- Was sind das für Libs? Hängen die mit Live Security Platinum zusammen?
- Muss ich mir Sorgen machen? Was muss ich tun, um die loszuwerden?
- Ist mein Rechner soweit sauber?
Schon mal 1000 Dank für Eure Hilfe.
Letzter Malwarebytes-Lauf Code:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
***** :: ACE [limited]
Protection: Disabled
17.08.2012 17:29:20
mbam-log-2012-08-17 (17-29-20).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353159
Time elapsed: 1 hour(s), 23 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\AG12FULL.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\OGG.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBIS.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISENC.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISFILE.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.
(end)
Voretzter Malwarebytes-Lauf Code:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
***** :: ACE [limited]
Protection: Disabled
17.08.2012 09:13:04
mbam-log-2012-08-17 (09-13-04).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353446
Time elapsed: 1 hour(s), 16 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\AG12FULL.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\OGG.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBIS.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISENC.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISFILE.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.
(end)
OTL Logfile: Code:
OTL logfile created on: 11.08.2012 13:22:29 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 56,15% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,10 Gb Total Space | 230,62 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Drive E: | 290,97 Gb Total Space | 50,99 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
Computer Name: ACE | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.09 23:07:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.08.08 20:41:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.18 22:26:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.18 22:26:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.04.17 07:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.15 15:50:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 21:35:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.26 17:58:42 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012.05.20 13:27:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.20 13:26:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.20 13:26:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.20 13:26:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.20 13:26:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.20 13:26:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.02 20:46:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.18 22:26:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.18 22:26:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.04.23 10:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.18 22:26:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.18 22:26:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.16 19:42:06 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.26 08:17:04 | 000,245,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.12.07 13:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{02320607-53B7-43D2-ACE1-8C7FB09F71E8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62707
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62707
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.12 21:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.10 19:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.10 19:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010.10.16 15:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Extensions
[2010.10.16 15:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.29 12:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions
[2011.08.30 21:49:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 12:07:38 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\plugin@yontoo.com
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions
[2010.12.28 14:46:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.01 22:18:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.16 15:37:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\plugin@yontoo.com
[2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\conduit.xml
[2010.11.03 20:53:19 | 000,001,196 | ---- | M] () -- C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\winamp-search.xml
[2012.03.29 12:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 12:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.12 21:57:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.29 12:21:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.03.12 21:57:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 21:57:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.12 21:57:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 21:57:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 21:57:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 21:57:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-7IDC5.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk = File not found
F3:64bit: - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 WinNT: Load - (C:\Users\ADMIN.Ace\AppData\Roaming\CEB8E\lvvm.exe) - File not found
F3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 WinNT: Load - (C:\Users\ADMIN.Ace\AppData\Roaming\CEB8E\lvvm.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF837FD0-1A65-4B8C-8C4C-667202EE7D06}: DhcpNameServer = 213.191.92.86 62.109.123.7
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-826733488-1499186410-3467009736-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.08 21:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.08 20:54:17 | 000,000,000 | ---D | C] -- C:\Users\ADMIN.Ace\AppData\Roaming\Malwarebytes
[2012.08.08 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 20:54:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.04 12:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC92180D040D00001731F875F002
[2005.07.04 17:35:43 | 000,155,648 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.11 13:01:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 12:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 11:39:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 11:38:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 11:38:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 11:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 11:31:05 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 09:43:00 | 000,711,240 | ---- | M] () -- C:\Windows\is-7IDC5.exe
[2012.08.11 09:43:00 | 000,012,842 | ---- | M] () -- C:\Windows\is-7IDC5.msg
[2012.08.11 09:43:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 09:43:00 | 000,000,429 | ---- | M] () -- C:\Windows\is-7IDC5.lst
[2012.08.02 20:46:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.02 20:46:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.27 20:39:04 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 20:39:04 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 20:39:04 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 20:39:04 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 20:39:04 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 21:26:03 | 000,317,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.11 09:43:00 | 000,711,240 | ---- | C] () -- C:\Windows\is-7IDC5.exe
[2012.08.11 09:43:00 | 000,012,842 | ---- | C] () -- C:\Windows\is-7IDC5.msg
[2012.08.11 09:43:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 09:43:00 | 000,000,429 | ---- | C] () -- C:\Windows\is-7IDC5.lst
[2011.07.14 22:34:06 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2011.04.20 21:05:29 | 000,002,849 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2010.12.28 19:41:23 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.16 15:07:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.06 14:22:11 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2005.07.04 17:35:43 | 001,309,668 | ---- | C] () -- C:\Program Files\Line-In.pdf
[2005.07.04 17:35:43 | 000,138,240 | ---- | C] () -- C:\Program Files\vorbis.dll
[2005.07.04 17:35:43 | 000,064,000 | ---- | C] () -- C:\Program Files\vorbisenc.dll
[2005.07.04 17:35:43 | 000,044,863 | ---- | C] () -- C:\Program Files\German.lng
[2005.07.04 17:35:43 | 000,043,771 | ---- | C] () -- C:\Program Files\Italian.lng
[2005.07.04 17:35:43 | 000,042,533 | ---- | C] () -- C:\Program Files\Spanish.lng
[2005.07.04 17:35:43 | 000,011,776 | ---- | C] () -- C:\Program Files\vorbisfile.dll
[2005.07.04 17:35:43 | 000,009,216 | ---- | C] () -- C:\Program Files\ogg.dll
[2005.07.04 17:35:42 | 000,899,072 | ---- | C] () -- C:\Program Files\audiograbber.exe
[2005.07.04 17:35:42 | 000,178,412 | ---- | C] () -- C:\Program Files\Erste_Schritte.pdf
[2005.07.04 17:35:42 | 000,046,092 | ---- | C] () -- C:\Program Files\French.lng
[2005.07.04 17:35:42 | 000,036,352 | ---- | C] () -- C:\Program Files\ag12full.dll
[2005.07.04 17:35:42 | 000,004,768 | ---- | C] () -- C:\Program Files\audiograbber.ini
[2005.07.04 17:35:42 | 000,000,760 | ---- | C] () -- C:\Program Files\audiograbber.apr
[2005.07.04 17:35:42 | 000,000,386 | ---- | C] () -- C:\Program Files\Auto.Nam
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
< End of report >
--- --- --- Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 16. August 2012 21:44
Es wird nach 4116029 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ACE
Versionsinformationen:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18.07.2012 19:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 08.08.2012 18:41:51
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.05.2012 20:26:32
LUKE.DLL : 12.3.0.15 68304 Bytes 18.05.2012 20:26:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.05.2012 20:26:32
AVREG.DLL : 12.3.0.17 232200 Bytes 18.05.2012 20:26:32
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:36:19
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:52:10
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 22:11:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 22:11:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 22:11:55
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 22:11:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 22:11:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 22:11:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 22:11:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 22:11:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 22:11:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 17:12:38
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 17:12:39
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 18:05:28
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 18:41:47
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 18:41:47
VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 19:21:46
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 20:38:40
VBASE021.VDF : 7.11.39.207 165888 Bytes 14.08.2012 18:38:54
VBASE022.VDF : 7.11.40.9 156160 Bytes 16.08.2012 19:11:50
VBASE023.VDF : 7.11.40.10 2048 Bytes 16.08.2012 19:11:50
VBASE024.VDF : 7.11.40.11 2048 Bytes 16.08.2012 19:11:50
VBASE025.VDF : 7.11.40.12 2048 Bytes 16.08.2012 19:11:50
VBASE026.VDF : 7.11.40.13 2048 Bytes 16.08.2012 19:11:50
VBASE027.VDF : 7.11.40.14 2048 Bytes 16.08.2012 19:11:51
VBASE028.VDF : 7.11.40.15 2048 Bytes 16.08.2012 19:11:51
VBASE029.VDF : 7.11.40.16 2048 Bytes 16.08.2012 19:11:51
VBASE030.VDF : 7.11.40.17 2048 Bytes 16.08.2012 19:11:51
VBASE031.VDF : 7.11.40.18 2048 Bytes 16.08.2012 19:11:51
Engineversion : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 12.07.2012 19:31:37
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 09.08.2012 19:21:50
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 09:16:44
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:20:50
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.24 811381 Bytes 08.08.2012 18:41:49
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 20.07.2012 07:55:38
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 09.08.2012 19:21:50
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 22:11:51
AEGEN.DLL : 8.1.5.34 434548 Bytes 20.07.2012 07:54:08
AEEXP.DLL : 8.1.0.74 86387 Bytes 04.08.2012 07:29:13
AEEMU.DLL : 8.1.3.2 393587 Bytes 12.07.2012 19:31:36
AECORE.DLL : 8.1.27.4 201078 Bytes 08.08.2012 18:41:49
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.05.2012 20:26:31
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.05.2012 20:26:32
AVREP.DLL : 12.3.0.15 179208 Bytes 18.05.2012 20:26:32
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.05.2012 20:26:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.05.2012 20:26:32
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.05.2012 20:26:32
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 18:41:51
NETNT.DLL : 12.3.0.15 17104 Bytes 18.05.2012 20:26:32
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 18:41:46
RCTEXT.DLL : 12.3.0.31 100088 Bytes 08.08.2012 18:41:46
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 16. August 2012 21:44
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'keepass.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'keepass.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeePassPortable.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avnotify.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\Hydrogen\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '3062' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files (x86)\Hydrogen\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'E:\' <Daten>
E:\Downloads\avira_free_antivirus_de(2).exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de(3).exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de(4).exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\Downloads\Various - This Is Psychobilly.part01.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
E:\*****\Zeugs\cdex_151.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Ende des Suchlaufs: Freitag, 17. August 2012 00:05
Benötigte Zeit: 2:21:14 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35629 Verzeichnisse wurden überprüft
2054632 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2054632 Dateien ohne Befall
16205 Archive wurden durchsucht
8 Warnungen
0 Hinweise
629574 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
