Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.06.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone Mittermeier :: SIMONESPC [administrator]
06.09.2013 20:06:18
mbar-log-2013-09-06 (20-06-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233377
Time elapsed: 1 hour(s), 18 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\n. -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\L (Backdoor.0Access) -> Delete on reboot.
C:\Windows\Installer\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 1
C:\Windows\System32\services.exe (Rootkit.0Access.S) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.06.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone Mittermeier :: SIMONESPC [administrator]
06.09.2013 21:36:06
mbar-log-2013-09-06 (21-36-06).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233701
Time elapsed: 1 hour(s), 46 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Farbar Service Scanner Version: 05-09-2013
Ran by Simone Mittermeier (administrator) on 06-09-2013 at 23:39:07
Running from "C:\Users\Simone Mittermeier\Desktop"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 12:57] - [2012-03-30 12:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-10 11:45] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 20:34] - [2012-04-24 06:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2013
Ran by Simone Mittermeier (administrator) on SIMONESPC on 06-09-2013 23:43:10
Running from C:\Users\Simone Mittermeier\Desktop
Microsoft Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\dcmsvc\dcmsvc.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
() C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Dropbox, Inc.) C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [dcmsvc] - C:\Program Files\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-07-12] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Simone Mittermeier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=3012_8&babsrc=SP_ss&mntrId=8c191f9200000000000000ff98dbd286
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CAmPr72jqpOxNwNJts2leBkKeWo?q={searchTerms}
SearchScopes: HKCU - {DC299A38-7AC4-45DB-AD3A-8B39358C0E0F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5c03a5ed-ca92-402f-9c8e-70736e670c9c&apn_sauid=DB9100B9-FF28-4C99-89CD-0D105EBB3E6D
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default
FF NewTab: hxxp://search.babylon.com/?affID=112542&tt=3012_8&babsrc=NT_ss&mntrId=8c191f9200000000000000ff98dbd286
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Simone Mittermeier\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF Extension: toolbar_AVIRA-V7 - C:\Users\Simone Mittermeier\AppData\Roaming\Mozilla\Firefox\Profiles\zq6a96uw.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\SIMONE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-06-23] (Juniper Networks)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-02] (Google)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-28] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-06-23] (Juniper Networks)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-01-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-28] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-06 23:38 - 2013-09-06 23:39 - 00002394 _____ C:\Users\Simone Mittermeier\Desktop\FSS.txt
2013-09-06 23:33 - 2013-09-06 23:34 - 00358609 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FSS.exe
2013-09-06 20:06 - 2013-09-06 23:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 20:06 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 20:04 - 2013-09-06 20:04 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005
2013-09-06 20:00 - 2013-09-06 21:28 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar
2013-09-06 20:00 - 2013-09-06 20:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005.exe
2013-09-05 21:52 - 2013-09-05 23:00 - 00000000 ____D C:\Qoobox
2013-09-05 21:51 - 2013-09-06 00:06 - 00000000 ___SD C:\32788R22FWJFW
2013-09-05 21:51 - 2013-09-05 23:00 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:47 - 2013-09-05 21:47 - 05120804 ____R (Swearware) C:\Users\Simone Mittermeier\Desktop\ComboFix.exe
2013-09-05 21:27 - 2013-09-05 21:31 - 00006042 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.zip
2013-09-05 21:24 - 2013-09-05 21:31 - 00008834 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.7z
2013-09-05 08:59 - 2013-09-05 08:59 - 01110476 _____ C:\Users\Simone Mittermeier\Downloads\7z920.exe
2013-09-05 08:59 - 2013-09-05 08:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-05 08:51 - 2013-09-05 08:51 - 00415444 _____ C:\Users\Simone Mittermeier\Desktop\Ereignisse.txt
2013-09-05 08:43 - 2013-09-05 08:43 - 00003691 _____ C:\Users\Simone Mittermeier\Desktop\Gmer.txt
2013-09-05 08:00 - 2013-09-05 08:00 - 00377856 _____ C:\Users\Simone Mittermeier\Desktop\gecq6mwv.exe
2013-09-05 07:57 - 2013-09-05 07:57 - 00377856 _____ C:\Users\Simone Mittermeier\Downloads\m4g671x9.exe
2013-09-05 07:52 - 2013-09-05 07:53 - 00022192 _____ C:\Users\Simone Mittermeier\Desktop\Addition.txt
2013-09-05 07:52 - 2013-09-05 07:52 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\HGB IFRS
2013-09-05 07:50 - 2013-09-05 07:50 - 00000000 ____D C:\FRST
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:40 - 2013-09-05 07:41 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-08-29 21:37 - 2013-08-29 21:38 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-29 09:36 - 2013-09-05 21:08 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-09-05 21:08 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-28 22:37 - 2013-09-05 21:08 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:37 - 2013-08-28 22:36 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:37 - 2013-08-28 22:36 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 20:47 - 2013-08-26 21:11 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-20 23:48 - 2013-08-22 22:54 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-18 22:06 - 2013-08-18 22:08 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:04 - 2013-08-18 22:08 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk
==================== One Month Modified Files and Folders =======
2013-09-06 23:42 - 2013-09-06 23:42 - 01081729 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FRST.exe
2013-09-06 23:42 - 2013-02-21 19:17 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 23:39 - 2013-09-06 23:38 - 00002394 _____ C:\Users\Simone Mittermeier\Desktop\FSS.txt
2013-09-06 23:34 - 2013-09-06 23:33 - 00358609 _____ (Farbar) C:\Users\Simone Mittermeier\Desktop\FSS.exe
2013-09-06 23:31 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 23:23 - 2012-11-10 13:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 23:09 - 2010-01-01 20:17 - 01504762 _____ C:\Windows\WindowsUpdate.log
2013-09-06 22:42 - 2013-02-21 19:17 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 21:38 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:38 - 2009-07-14 06:34 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:33 - 2012-01-24 19:37 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Dropbox
2013-09-06 21:32 - 2012-01-24 19:39 - 00000000 ___RD C:\Users\Simone Mittermeier\Dropbox
2013-09-06 21:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 21:30 - 2009-07-14 06:39 - 00154433 _____ C:\Windows\setupact.log
2013-09-06 21:29 - 2010-12-21 22:42 - 00177450 _____ C:\Windows\PFRO.log
2013-09-06 21:28 - 2013-09-06 20:00 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar
2013-09-06 20:06 - 2013-09-06 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 20:04 - 2013-09-06 20:04 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005
2013-09-06 20:00 - 2013-09-06 20:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Simone Mittermeier\Desktop\mbar-1.07.0.1005.exe
2013-09-06 00:06 - 2013-09-05 21:51 - 00000000 ___SD C:\32788R22FWJFW
2013-09-05 23:41 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 23:00 - 2013-09-05 21:52 - 00000000 ____D C:\Qoobox
2013-09-05 23:00 - 2013-09-05 21:51 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:51 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Bewerbungsmist
2013-09-05 21:49 - 2012-06-04 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-05 21:49 - 2012-06-04 22:34 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-09-05 21:47 - 2013-09-05 21:47 - 05120804 ____R (Swearware) C:\Users\Simone Mittermeier\Desktop\ComboFix.exe
2013-09-05 21:31 - 2013-09-05 21:27 - 00006042 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.zip
2013-09-05 21:31 - 2013-09-05 21:24 - 00008834 _____ C:\Users\Simone Mittermeier\Desktop\Logfile.7z
2013-09-05 21:28 - 2010-01-03 17:04 - 00000000 ____D C:\Program Files\Filzip
2013-09-05 21:08 - 2013-08-29 09:36 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 21:08 - 2013-08-28 22:37 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 21:08 - 2013-08-28 22:37 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-05 08:59 - 2013-09-05 08:59 - 01110476 _____ C:\Users\Simone Mittermeier\Downloads\7z920.exe
2013-09-05 08:59 - 2013-09-05 08:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-05 08:51 - 2013-09-05 08:51 - 00415444 _____ C:\Users\Simone Mittermeier\Desktop\Ereignisse.txt
2013-09-05 08:43 - 2013-09-05 08:43 - 00003691 _____ C:\Users\Simone Mittermeier\Desktop\Gmer.txt
2013-09-05 08:00 - 2013-09-05 08:00 - 00377856 _____ C:\Users\Simone Mittermeier\Desktop\gecq6mwv.exe
2013-09-05 07:57 - 2013-09-05 07:57 - 00377856 _____ C:\Users\Simone Mittermeier\Downloads\m4g671x9.exe
2013-09-05 07:53 - 2013-09-05 07:52 - 00022192 _____ C:\Users\Simone Mittermeier\Desktop\Addition.txt
2013-09-05 07:52 - 2013-09-05 07:52 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\HGB IFRS
2013-09-05 07:50 - 2013-09-05 07:50 - 00000000 ____D C:\FRST
2013-09-05 07:42 - 2013-09-05 07:42 - 00000498 _____ C:\Users\Simone Mittermeier\Desktop\defogger_disable.log
2013-09-05 07:42 - 2013-09-05 07:42 - 00000000 _____ C:\Users\Simone Mittermeier\defogger_reenable
2013-09-05 07:42 - 2010-01-01 20:30 - 00000000 ____D C:\Users\Simone Mittermeier
2013-09-05 07:41 - 2013-09-05 07:40 - 00050477 _____ C:\Users\Simone Mittermeier\Desktop\Defogger.exe
2013-09-05 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-31 00:03 - 2010-01-01 20:38 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Simone
2013-08-29 21:38 - 2013-08-29 21:37 - 117500804 _____ C:\Users\Simone Mittermeier\Desktop\Bewerbungsunterlagen_Simone Pöppell.tiff
2013-08-28 22:43 - 2013-08-28 22:43 - 00000000 ____D C:\Users\Simone Mittermeier\AppData\Roaming\Avira
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\ProgramData\APN
2013-08-28 22:38 - 2013-08-28 22:38 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-28 22:37 - 2013-08-28 22:37 - 00002020 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-28 22:36 - 2013-08-28 22:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-28 22:36 - 2013-08-28 22:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-28 22:36 - 2013-08-28 22:36 - 00000000 ____D C:\Program Files\Avira
2013-08-28 22:36 - 2012-06-03 22:02 - 00000000 ____D C:\ProgramData\Avira
2013-08-28 22:02 - 2013-08-28 22:02 - 02092792 _____ C:\Users\Simone Mittermeier\Downloads\avira_free_antivirus.exe
2013-08-26 21:11 - 2013-08-26 20:47 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\versuch (1)
2013-08-24 21:39 - 2013-08-24 21:39 - 00146624 _____ C:\Windows\Minidump\082413-29827-01.dmp
2013-08-24 21:39 - 2011-10-25 15:07 - 00000000 ____D C:\Windows\Minidump
2013-08-24 21:38 - 2011-10-25 15:07 - 282722380 _____ C:\Windows\MEMORY.DMP
2013-08-22 22:54 - 2013-08-20 23:48 - 00099986 _____ C:\Users\Simone Mittermeier\Desktop\Lebenslauf_Absolventenbuch.odt
2013-08-22 19:23 - 2012-11-10 13:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 19:23 - 2011-06-23 21:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 16:42 - 2010-01-01 20:30 - 01498332 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 22:08 - 2013-08-18 22:06 - 00009216 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.xls
2013-08-18 22:08 - 2013-08-18 22:04 - 00009624 _____ C:\Users\Simone Mittermeier\Desktop\Bargeldkasse.ods
2013-08-13 15:05 - 2013-08-13 15:05 - 00001024 _____ C:\Users\Simone Mittermeier\Desktop\Kontoauszug - Verknüpfung.lnk
2013-08-09 09:45 - 2013-08-06 15:56 - 00000000 ____D C:\Users\Simone Mittermeier\Desktop\Oma
2013-08-07 04:22 - 2010-01-01 20:43 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
ZeroAccess:
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}
C:\Users\Simone Mittermeier\AppData\Local\{f3abe20d-85fb-9ef0-2c44-a74c093f178f}\@
Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\ExecCmd.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\nsExec.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\NSISdl.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\System.dll
C:\Users\SIMONE~1\AppData\Local\Temp\nsu35B4.tmp\UserInfo.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-04 13:47
==================== End Of Log ============================
--- --- ---
--- --- ---