Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 13.06.2012, 14:23   #1
flodiB
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



Hallo,

seit gestern wird, sobald eine Verbindung zum Internet hergestellt ist, durch die bekannte Mitteilung "Bundespolizei hat Rechner blockiert, 100€ zahlen etc." der Laptop blockiert. Taskmanager und abgesicherter Modus funktionieren nicht.

Hier das Anti-Malware-Schnellscan log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
fdinges :: GRAUPEL [Administrator]

12.06.2012 22:30:46
mbam-log-2012-06-12 (22-30-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200350
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\fdinges\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk (Rogue.SysinternalsAntivirus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Habe auch einen OTL-Scan durchlaufen lassen mit folgenden Benutzerdefinierten Scans/fixes (hier aus dem Forum):

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
OTL logs im Anhang. Wie sollte ich vorgehen?

Danke im Vorraus und mit freundlichen Grüßen, F

Alt 14.06.2012, 08:00   #2
kira
/// Helfer-Team
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



Hallo und Herzlich Willkommen!

► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere?
Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..

damit das nochmal nicht passiert, wie vermeide ich Datenverlust:
Da sieht man wieder einmal wie wichtig ist, um die regelmäßige Sicherung (wichtigen Daten) zu kümmern
Denk daran: dein Hauptsystem ist doch kein Lagerhalle!
Wichtige Daten Regelmäßig sichern, am besten 2x an verschiedenen Orten!
- Externe Geräte (Festplatte USB-Stick etc) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
E-Mail-Anhang - Öffne keine E-Mail-Anhänge (Attachments), wenn du den Absender nicht kennst!
-> Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen. Mailprogramm grundsätzlich so einstellen

► die Logs von OTL als Text oder ZIP-Datei bitte anhängen!

gruß
kira
__________________

__________________

Alt 14.06.2012, 10:11   #3
flodiB
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



Hallo,

soweit ich sehe, wurden (noch?) keine Dateien verschlüsselt. Wie eingangs erwähnt, verdeckt eine große Meldung von der "Polizei" alles, sobald eine Internetverbindung zustande kommt. Im Offlinebetrieb scheinen ansonsten keine optisch erkennbaren Schadwirkungen aufzutreten.
Im Anhang nochmals die OTL-logs.

Dank und Gruß, F
__________________

Alt 14.06.2012, 13:58   #4
kira
/// Helfer-Team
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



► Frage dich, wieso hast Du nicht schon dein System aufgrüstet?!:
Zitat:
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
für Win 7 das Service Pack 1 (SP1) fehlt:
das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
PRC - C:\Users\fdinges\AppData\Local\Temp\tpl_0_c.exe (CJSC "Computing Forces")
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE367DE367
IE - HKCU\..\SearchScopes\{7C4A917A-9823-417F-95EC-0568F5395340}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{8C17D108-83A8-478E-996B-17C94B29D836}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{A0450A88-FE11-4C99-A853-F4C6EB8CD579}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{E2E8939D-64BE-4FF3-A2AF-AC4CF902CA51}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKCU..\Run: [] C:\Users\fdinges\AppData\Local\Temp\tpl_0_c.exe (CJSC "Computing Forces")
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\Shell - "" = AutoRun
O33 - MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
[2012.06.13 13:29:48 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 12:29:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 01:17:52 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\izehegur.dll
[2010.08.25 23:15:52 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\inanawifu.dll
[2010.08.25 19:11:52 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isojogumaj.dll
[2010.08.25 15:09:54 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\asiyefulugawopik.dll
[2010.08.25 09:25:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\utetulob.dll
[2010.08.24 23:15:35 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agohucucaqi.dll
[2010.08.24 21:13:56 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ucapinuk.dll
[2010.08.24 19:11:35 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\equnijuduli.dll
[2010.08.24 15:55:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uhamowap.dll
[2010.08.24 13:43:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\exuviyifanivago.dll
[2010.08.24 09:37:35 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\omusuqeboqutun.dll
[2010.08.24 00:55:56 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\etukimakigeji.dll
[2010.08.23 22:35:56 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\epovurov.dll
[2010.08.23 20:32:07 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\iheyohuyaga.dll
[2010.08.23 17:57:44 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ikajozugitixezo.dll
[2010.08.23 15:35:02 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\akexihuvuwoxuta.dll
[2010.08.23 09:30:52 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agumotetacoy.dll
[2010.08.22 20:16:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\idaruzonahukozi.dll
[2010.08.22 18:00:15 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ufazanonulurupoh.dll
[2010.08.22 17:05:50 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agazoyipoxazi.dll
[2010.08.22 09:14:37 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agoyazamilabefog.dll
[2010.08.22 00:26:55 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ejopejid.dll
[2010.08.21 09:48:02 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ugenukonej.dll
[2010.08.20 22:28:33 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\omiqububukukaseg.dll
[2010.08.20 09:47:18 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\efomegedekos.dll
[2010.08.20 02:16:36 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eguvegohekeva.dll
[2010.08.20 00:14:37 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eheqokaq.dll
[2010.08.19 22:12:36 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\asegamep.dll
[2010.08.19 20:11:00 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eluhaxovabuyud.dll
[2010.08.19 17:39:00 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uvununev.dll
[2010.08.19 15:37:21 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\apogevus.dll
[2010.08.19 09:04:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\oyedigib.dll
[2010.08.18 23:23:59 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ekiyorad.dll
[2010.08.18 21:21:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ijofotizi.dll
[2010.08.18 19:19:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\adesojolonizoki.dll
[2010.08.18 16:39:51 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\avehoducexuc.dll
[2010.08.18 13:53:48 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ujurowijehul.dll
[2010.08.18 10:49:48 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\itohoriq.dll
[2010.08.17 23:53:04 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\irusuqeb.dll
[2010.08.17 18:59:31 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\acekesuharucu.dll
[2010.08.17 16:59:00 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\awemanew.dll
[2010.08.17 14:55:00 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ubekucur.dll
[2010.08.17 12:29:42 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\iqucuqep.dll
[2010.08.17 09:20:51 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ivareciy.dll
[2010.08.16 23:49:55 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obocolayizajova.dll
[2010.08.16 21:47:55 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\itihufajelehe.dll
[2010.08.16 19:11:58 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isagosixaxet.dll
[2010.08.16 17:10:20 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\urefiqemaqawepe.dll
[2010.08.16 14:53:47 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\efukezakoboxa.dll
[2010.08.16 11:44:57 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ifejemil.dll
[2010.08.15 23:36:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\akixoqoya.dll
[2010.08.15 17:22:49 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\epobuworucato.dll
[2010.08.15 12:30:48 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uriyeciferab.dll
[2010.08.15 10:30:22 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\udavoyohovojamaz.dll
[2010.08.15 02:34:04 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\imewuvubo.dll
[2010.08.15 01:06:45 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ezonatuqica.dll
[2010.08.14 22:52:45 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isagosixaxeteted.dll
[2010.08.14 20:50:24 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\apuzabulam.dll
[2010.08.14 18:32:24 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\amedohugili.dll
[2010.08.14 09:18:03 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\erolidemawixor.dll
[2010.08.13 19:21:19 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\izavanuzafavina.dll
[2010.08.13 17:09:32 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ujoxafuj.dll
[2010.08.13 12:26:02 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\adejoxodo.dll
[2010.08.13 10:25:40 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\upixewugonajero.dll
[2010.08.12 22:44:22 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\evobasus.dll
[2010.08.12 20:42:01 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agoburimuqujuz.dll
[2010.08.12 18:40:01 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\avibozeyesog.dll
[2010.08.12 16:39:54 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\upaxadap.dll
[2010.08.12 00:30:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ihudebib.dll
[2010.08.11 22:29:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ezurusaneyulexah.dll
[2010.08.11 20:40:31 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\orapimoxihuvuwo.dll
[2010.08.11 18:15:01 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\urekekeg.dll
[2010.08.10 10:42:53 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uluzoverax.dll
[2010.08.09 13:39:21 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\oweyopubop.dll
[2010.08.08 19:11:18 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ozufikavup.dll
[2010.08.08 17:08:57 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\inufehoriqo.dll
[2010.08.07 23:33:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obolecugofudoca.dll
[2010.08.07 22:09:31 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ipokaqibiyov.dll
[2010.08.07 15:29:31 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\adudoqen.dll
[2010.08.07 13:27:45 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ekecimayobiq.dll
[2010.08.07 11:28:16 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ebixiyalogujage.dll
[2010.08.06 22:02:32 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ozahecehenuhe.dll
[2010.08.06 20:00:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\anotikunodijipat.dll
[2010.08.06 17:58:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ozicadicuv.dll
[2010.08.06 15:56:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uvevozuj.dll
[2010.08.06 13:55:03 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\adoxodokake.dll
[2010.08.06 12:18:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ifiyivoqubub.dll
[2010.08.06 10:16:29 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\alubafojo.dll
[2010.08.06 02:23:41 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ofazomuf.dll
[2010.08.05 22:19:22 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\evimusige.dll
[2010.08.05 20:17:54 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ajewelohawuro.dll
[2010.08.05 19:14:05 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ofupaxim.dll
[2010.08.05 14:37:57 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\awegokidonot.dll
[2010.08.05 12:40:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\useyedoh.dll
[2010.08.05 08:38:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owovetidaciroj.dll
[2010.08.04 22:37:29 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ekuripeciluvun.dll
[2010.08.04 22:31:02 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\izavifohahur.dll
[2010.08.04 20:29:03 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ikacupodo.dll
[2010.08.04 17:38:46 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\edasavadebiberer.dll
[2010.08.04 11:38:54 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\usonaxeh.dll
[2010.08.03 23:34:21 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\enomiboludosayer.dll
[2010.08.03 21:29:01 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\okesoyaqoxisi.dll
[2010.08.03 19:27:25 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ecocuyaj.dll
[2010.08.03 17:25:34 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\oboyiwif.dll
[2010.08.02 00:06:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owebuqav.dll
[2010.08.01 22:05:52 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\elumecusuramujo.dll
[2010.08.01 21:32:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isujorec.dll
[2010.08.01 17:27:50 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\upajuzakaxodemad.dll
[2010.08.01 13:25:27 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\aceyayiyohuyaga.dll
[2010.08.01 10:17:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ucopafiqemaqawe.dll
[2010.08.01 00:53:30 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\opadacibi.dll
[2010.07.31 22:51:33 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ebuheseh.dll
[2010.07.31 02:12:25 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ipowigesife.dll
[2010.07.30 17:03:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ohopidit.dll
[2010.07.30 14:41:30 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ahupixoxiwakev.dll
[2010.07.30 08:36:55 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isigapogaxeyu.dll
[2010.07.29 22:53:59 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uhutucejaqa.dll
[2010.07.29 20:51:40 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ubekulejarivewav.dll
[2010.07.29 18:49:40 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ixuvaxikuf.dll
[2010.07.29 16:48:08 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\odabazovecebezu.dll
[2010.07.29 08:55:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uyutiwuvubo.dll
[2010.07.28 23:23:41 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\esacitaludejemi.dll
[2010.07.28 21:21:43 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ahowulev.dll
[2010.07.28 19:19:41 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ujurukur.dll
[2010.07.28 14:56:01 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\imozefijocifal.dll
[2010.07.28 12:53:42 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\umexebuxe.dll
[2010.07.28 10:51:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ucadiyuregadaga.dll
[2010.07.28 08:49:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ebatofoke.dll
[2010.07.27 23:45:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\opayesub.dll
[2010.07.27 21:43:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\erajakucur.dll
[2010.07.27 17:17:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\isanayucu.dll
[2010.07.27 15:15:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\okeqaqoj.dll
[2010.07.27 11:01:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\iyozetij.dll
[2010.07.27 08:59:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\atenusohomatum.dll
[2010.07.27 00:44:00 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uhojataz.dll
[2010.07.27 00:39:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\adeqolezibahaqe.dll
[2010.07.26 22:37:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uwexevoy.dll
[2010.07.26 20:35:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ekarofibo.dll
[2010.07.26 18:33:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owavivam.dll
[2010.07.26 11:17:41 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\izuqeyuhasaj.dll
[2010.07.26 00:07:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uwiyufom.dll
[2010.07.25 22:05:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\erukexug.dll
[2010.07.25 20:03:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obevezuyo.dll
[2010.07.25 18:01:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\upucakenakohod.dll
[2010.07.25 15:59:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obeheqicoxic.dll
[2010.07.25 13:37:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eliqaquzuw.dll
[2010.07.25 11:35:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obofegizutaz.dll
[2010.07.25 00:45:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\akudipotafapi.dll
[2010.07.24 22:43:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\exadenenor.dll
[2010.07.24 20:41:39 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\alohadehip.dll
[2010.07.24 18:17:59 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ukenaroh.dll
[2010.07.24 00:29:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ezawiwifa.dll
[2010.07.23 22:27:41 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eqopofevinuyozew.dll
[2010.07.23 20:25:40 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\idonebag.dll
[2010.07.23 18:24:24 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ogojilesoqa.dll
[2010.07.23 16:21:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uvegevusu.dll
[2010.07.23 14:19:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\emalamuti.dll
[2010.07.23 12:17:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\awofivutamuxu.dll
[2010.07.23 10:15:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\umifunan.dll
[2010.07.22 22:43:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\usojogumaj.dll
[2010.07.22 20:41:38 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ugixumug.dll
[2010.07.22 18:41:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ifaxuluq.dll
[2010.07.22 04:06:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ipohewatebicogic.dll
[2010.07.22 02:04:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ufenisapamotet.dll
[2010.07.22 00:02:29 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uyorokon.dll
[2010.07.21 22:00:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ahupixox.dll
[2010.07.21 19:58:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\opajuzak.dll
[2010.07.21 17:56:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\emidarexowexul.dll
[2010.07.21 15:56:08 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\avokemomopuduy.dll
[2010.07.21 13:43:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\urepiliyo.dll
[2010.07.21 11:41:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\epigerut.dll
[2010.07.21 09:40:59 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\izananoj.dll
[2010.07.20 23:45:35 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\eqixujes.dll
[2010.07.20 17:49:44 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ijitefed.dll
[2010.07.20 15:49:08 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ehimipus.dll
[2010.07.20 10:55:16 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\anekilugoqoralo.dll
[2010.07.20 00:58:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\umihekevasuqeru.dll
[2010.07.19 22:56:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owoqewofeh.dll
[2010.07.19 20:54:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ahahigusu.dll
[2010.07.19 16:52:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ivemokekegasudev.dll
[2010.07.19 14:50:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\obetaxaroyuy.dll
[2010.07.19 00:34:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\apeqehexopak.dll
[2010.07.18 22:32:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\oluzogaz.dll
[2010.07.18 19:38:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uheviqeme.dll
[2010.07.18 17:36:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ijabuhuwonezonus.dll
[2010.07.18 15:34:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ekobeguy.dll
[2010.07.18 13:32:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\iwenebag.dll
[2010.07.18 11:30:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\otuheyekit.dll
[2010.07.17 18:46:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\aturipecil.dll
[2010.07.17 16:44:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\emodusexuyo.dll
[2010.07.17 14:22:09 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\urepiliyojoqo.dll
[2010.07.17 12:20:10 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\agixumugeyajofo.dll
[2010.07.17 10:18:54 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owajefiq.dll
[2010.07.17 01:36:13 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\evozopes.dll
[2010.07.16 23:34:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\itejuqumof.dll
[2010.07.16 20:36:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\urebebag.dll
[2010.07.16 18:34:14 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\aqalolacih.dll
[2010.07.16 16:32:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ipewafonutul.dll
[2010.07.16 00:44:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\apociyop.dll
[2010.07.15 22:42:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\edikowucafo.dll
[2010.07.15 19:54:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\axupabusaxupe.dll
[2010.07.15 17:52:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ipibogebuteboyo.dll
[2010.07.15 11:50:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ewikevasuqeruzo.dll
[2010.07.15 00:54:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\oligilimelumorun.dll
[2010.07.14 22:26:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\elovucuy.dll
[2010.07.14 18:26:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ubucucen.dll
[2010.07.14 11:28:15 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ohukodado.dll
[2010.07.14 01:46:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uhizuxahowiloji.dll
[2010.07.13 23:44:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uzafapititefe.dll
[2010.07.13 21:42:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\omunidopumam.dll
[2010.07.13 18:38:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ajofeqacol.dll
[2010.07.13 16:36:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\afalininozumahoh.dll
[2010.07.13 14:34:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\evadiqadunujan.dll
[2010.07.13 12:32:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\igikonip.dll
[2010.07.13 10:30:35 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uwowunikazubija.dll
[2010.07.13 01:02:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ogijupecejoxodo.dll
[2010.07.12 23:00:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\awanixigotane.dll
[2010.07.12 19:40:11 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\owidacib.dll
[2010.07.12 17:28:12 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\icicudez.dll
[2010.07.12 13:58:15 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ecokivegohekeva.dll
[2010.07.12 10:19:28 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\uragucoboj.dll
[2010.07.12 01:27:31 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\amupopepacupodo.dll
[2010.07.11 23:25:33 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\olaqeniwarehegu.dll
[2010.07.11 21:23:34 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\afasogol.dll
[2010.07.11 18:59:34 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\upulagarobifamav.dll
[2010.07.11 00:27:33 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ituwoniq.dll
[2010.07.10 22:25:33 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ugilepetiyo.dll
[2010.07.10 18:29:34 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\awiwohonev.dll
[2010.07.10 16:27:36 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\efurejadanapiqif.dll
[2010.07.10 12:23:36 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ugorilup.dll
[2010.07.10 10:21:34 | 000,000,000 | ---- | C] () -- C:\Users\fdinges\AppData\Local\ibufakoroxazivaz.dll

:Files
C:\Users\fdinges\AppData\Local\Temp\tpl_0_c.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
C:\Users\fdinges\Desktop\1002512675
C:\Users\fdinges\Desktop\1002512675.zip
         
könnten auch von Malware stammen..?

3.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.06.2012, 21:14   #5
flodiB
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



Hallo,
alles wie gewünscht durchgeführt, Störungen scheinen soweit behoben und keine Dateien verschlüsselt

Log vom OTL-fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named tpl_0_c.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C4A917A-9823-417F-95EC-0568F5395340}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C4A917A-9823-417F-95EC-0568F5395340}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C17D108-83A8-478E-996B-17C94B29D836}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C17D108-83A8-478E-996B-17C94B29D836}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0450A88-FE11-4C99-A853-F4C6EB8CD579}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0450A88-FE11-4C99-A853-F4C6EB8CD579}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2E8939D-64BE-4FF3-A2AF-AC4CF902CA51}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2E8939D-64BE-4FF3-A2AF-AC4CF902CA51}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\fdinges\AppData\Local\Temp\tpl_0_c.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{980a784f-a08d-11df-9c9f-00269e87a18f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\SETUP.EXE not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\fdinges\AppData\Local\izehegur.dll moved successfully.
C:\Users\fdinges\AppData\Local\inanawifu.dll moved successfully.
C:\Users\fdinges\AppData\Local\isojogumaj.dll moved successfully.
C:\Users\fdinges\AppData\Local\asiyefulugawopik.dll moved successfully.
C:\Users\fdinges\AppData\Local\utetulob.dll moved successfully.
C:\Users\fdinges\AppData\Local\agohucucaqi.dll moved successfully.
C:\Users\fdinges\AppData\Local\ucapinuk.dll moved successfully.
C:\Users\fdinges\AppData\Local\equnijuduli.dll moved successfully.
C:\Users\fdinges\AppData\Local\uhamowap.dll moved successfully.
C:\Users\fdinges\AppData\Local\exuviyifanivago.dll moved successfully.
C:\Users\fdinges\AppData\Local\omusuqeboqutun.dll moved successfully.
C:\Users\fdinges\AppData\Local\etukimakigeji.dll moved successfully.
C:\Users\fdinges\AppData\Local\epovurov.dll moved successfully.
C:\Users\fdinges\AppData\Local\iheyohuyaga.dll moved successfully.
C:\Users\fdinges\AppData\Local\ikajozugitixezo.dll moved successfully.
C:\Users\fdinges\AppData\Local\akexihuvuwoxuta.dll moved successfully.
C:\Users\fdinges\AppData\Local\agumotetacoy.dll moved successfully.
C:\Users\fdinges\AppData\Local\idaruzonahukozi.dll moved successfully.
C:\Users\fdinges\AppData\Local\ufazanonulurupoh.dll moved successfully.
C:\Users\fdinges\AppData\Local\agazoyipoxazi.dll moved successfully.
C:\Users\fdinges\AppData\Local\agoyazamilabefog.dll moved successfully.
C:\Users\fdinges\AppData\Local\ejopejid.dll moved successfully.
C:\Users\fdinges\AppData\Local\ugenukonej.dll moved successfully.
C:\Users\fdinges\AppData\Local\omiqububukukaseg.dll moved successfully.
C:\Users\fdinges\AppData\Local\efomegedekos.dll moved successfully.
C:\Users\fdinges\AppData\Local\eguvegohekeva.dll moved successfully.
C:\Users\fdinges\AppData\Local\eheqokaq.dll moved successfully.
C:\Users\fdinges\AppData\Local\asegamep.dll moved successfully.
C:\Users\fdinges\AppData\Local\eluhaxovabuyud.dll moved successfully.
C:\Users\fdinges\AppData\Local\uvununev.dll moved successfully.
C:\Users\fdinges\AppData\Local\apogevus.dll moved successfully.
C:\Users\fdinges\AppData\Local\oyedigib.dll moved successfully.
C:\Users\fdinges\AppData\Local\ekiyorad.dll moved successfully.
C:\Users\fdinges\AppData\Local\ijofotizi.dll moved successfully.
C:\Users\fdinges\AppData\Local\adesojolonizoki.dll moved successfully.
C:\Users\fdinges\AppData\Local\avehoducexuc.dll moved successfully.
C:\Users\fdinges\AppData\Local\ujurowijehul.dll moved successfully.
C:\Users\fdinges\AppData\Local\itohoriq.dll moved successfully.
C:\Users\fdinges\AppData\Local\irusuqeb.dll moved successfully.
C:\Users\fdinges\AppData\Local\acekesuharucu.dll moved successfully.
C:\Users\fdinges\AppData\Local\awemanew.dll moved successfully.
C:\Users\fdinges\AppData\Local\ubekucur.dll moved successfully.
C:\Users\fdinges\AppData\Local\iqucuqep.dll moved successfully.
C:\Users\fdinges\AppData\Local\ivareciy.dll moved successfully.
C:\Users\fdinges\AppData\Local\obocolayizajova.dll moved successfully.
C:\Users\fdinges\AppData\Local\itihufajelehe.dll moved successfully.
C:\Users\fdinges\AppData\Local\isagosixaxet.dll moved successfully.
C:\Users\fdinges\AppData\Local\urefiqemaqawepe.dll moved successfully.
C:\Users\fdinges\AppData\Local\efukezakoboxa.dll moved successfully.
C:\Users\fdinges\AppData\Local\ifejemil.dll moved successfully.
C:\Users\fdinges\AppData\Local\akixoqoya.dll moved successfully.
C:\Users\fdinges\AppData\Local\epobuworucato.dll moved successfully.
C:\Users\fdinges\AppData\Local\uriyeciferab.dll moved successfully.
C:\Users\fdinges\AppData\Local\udavoyohovojamaz.dll moved successfully.
C:\Users\fdinges\AppData\Local\imewuvubo.dll moved successfully.
C:\Users\fdinges\AppData\Local\ezonatuqica.dll moved successfully.
C:\Users\fdinges\AppData\Local\isagosixaxeteted.dll moved successfully.
C:\Users\fdinges\AppData\Local\apuzabulam.dll moved successfully.
C:\Users\fdinges\AppData\Local\amedohugili.dll moved successfully.
C:\Users\fdinges\AppData\Local\erolidemawixor.dll moved successfully.
C:\Users\fdinges\AppData\Local\izavanuzafavina.dll moved successfully.
C:\Users\fdinges\AppData\Local\ujoxafuj.dll moved successfully.
C:\Users\fdinges\AppData\Local\adejoxodo.dll moved successfully.
C:\Users\fdinges\AppData\Local\upixewugonajero.dll moved successfully.
C:\Users\fdinges\AppData\Local\evobasus.dll moved successfully.
C:\Users\fdinges\AppData\Local\agoburimuqujuz.dll moved successfully.
C:\Users\fdinges\AppData\Local\avibozeyesog.dll moved successfully.
C:\Users\fdinges\AppData\Local\upaxadap.dll moved successfully.
C:\Users\fdinges\AppData\Local\ihudebib.dll moved successfully.
C:\Users\fdinges\AppData\Local\ezurusaneyulexah.dll moved successfully.
C:\Users\fdinges\AppData\Local\orapimoxihuvuwo.dll moved successfully.
C:\Users\fdinges\AppData\Local\urekekeg.dll moved successfully.
C:\Users\fdinges\AppData\Local\uluzoverax.dll moved successfully.
C:\Users\fdinges\AppData\Local\oweyopubop.dll moved successfully.
C:\Users\fdinges\AppData\Local\ozufikavup.dll moved successfully.
C:\Users\fdinges\AppData\Local\inufehoriqo.dll moved successfully.
C:\Users\fdinges\AppData\Local\obolecugofudoca.dll moved successfully.
C:\Users\fdinges\AppData\Local\ipokaqibiyov.dll moved successfully.
C:\Users\fdinges\AppData\Local\adudoqen.dll moved successfully.
C:\Users\fdinges\AppData\Local\ekecimayobiq.dll moved successfully.
C:\Users\fdinges\AppData\Local\ebixiyalogujage.dll moved successfully.
C:\Users\fdinges\AppData\Local\ozahecehenuhe.dll moved successfully.
C:\Users\fdinges\AppData\Local\anotikunodijipat.dll moved successfully.
C:\Users\fdinges\AppData\Local\ozicadicuv.dll moved successfully.
C:\Users\fdinges\AppData\Local\uvevozuj.dll moved successfully.
C:\Users\fdinges\AppData\Local\adoxodokake.dll moved successfully.
C:\Users\fdinges\AppData\Local\ifiyivoqubub.dll moved successfully.
C:\Users\fdinges\AppData\Local\alubafojo.dll moved successfully.
C:\Users\fdinges\AppData\Local\ofazomuf.dll moved successfully.
C:\Users\fdinges\AppData\Local\evimusige.dll moved successfully.
C:\Users\fdinges\AppData\Local\ajewelohawuro.dll moved successfully.
C:\Users\fdinges\AppData\Local\ofupaxim.dll moved successfully.
C:\Users\fdinges\AppData\Local\awegokidonot.dll moved successfully.
C:\Users\fdinges\AppData\Local\useyedoh.dll moved successfully.
C:\Users\fdinges\AppData\Local\owovetidaciroj.dll moved successfully.
C:\Users\fdinges\AppData\Local\ekuripeciluvun.dll moved successfully.
C:\Users\fdinges\AppData\Local\izavifohahur.dll moved successfully.
C:\Users\fdinges\AppData\Local\ikacupodo.dll moved successfully.
C:\Users\fdinges\AppData\Local\edasavadebiberer.dll moved successfully.
C:\Users\fdinges\AppData\Local\usonaxeh.dll moved successfully.
C:\Users\fdinges\AppData\Local\enomiboludosayer.dll moved successfully.
C:\Users\fdinges\AppData\Local\okesoyaqoxisi.dll moved successfully.
C:\Users\fdinges\AppData\Local\ecocuyaj.dll moved successfully.
C:\Users\fdinges\AppData\Local\oboyiwif.dll moved successfully.
C:\Users\fdinges\AppData\Local\owebuqav.dll moved successfully.
C:\Users\fdinges\AppData\Local\elumecusuramujo.dll moved successfully.
C:\Users\fdinges\AppData\Local\isujorec.dll moved successfully.
C:\Users\fdinges\AppData\Local\upajuzakaxodemad.dll moved successfully.
C:\Users\fdinges\AppData\Local\aceyayiyohuyaga.dll moved successfully.
C:\Users\fdinges\AppData\Local\ucopafiqemaqawe.dll moved successfully.
C:\Users\fdinges\AppData\Local\opadacibi.dll moved successfully.
C:\Users\fdinges\AppData\Local\ebuheseh.dll moved successfully.
C:\Users\fdinges\AppData\Local\ipowigesife.dll moved successfully.
C:\Users\fdinges\AppData\Local\ohopidit.dll moved successfully.
C:\Users\fdinges\AppData\Local\ahupixoxiwakev.dll moved successfully.
C:\Users\fdinges\AppData\Local\isigapogaxeyu.dll moved successfully.
C:\Users\fdinges\AppData\Local\uhutucejaqa.dll moved successfully.
C:\Users\fdinges\AppData\Local\ubekulejarivewav.dll moved successfully.
C:\Users\fdinges\AppData\Local\ixuvaxikuf.dll moved successfully.
C:\Users\fdinges\AppData\Local\odabazovecebezu.dll moved successfully.
C:\Users\fdinges\AppData\Local\uyutiwuvubo.dll moved successfully.
C:\Users\fdinges\AppData\Local\esacitaludejemi.dll moved successfully.
C:\Users\fdinges\AppData\Local\ahowulev.dll moved successfully.
C:\Users\fdinges\AppData\Local\ujurukur.dll moved successfully.
C:\Users\fdinges\AppData\Local\imozefijocifal.dll moved successfully.
C:\Users\fdinges\AppData\Local\umexebuxe.dll moved successfully.
C:\Users\fdinges\AppData\Local\ucadiyuregadaga.dll moved successfully.
C:\Users\fdinges\AppData\Local\ebatofoke.dll moved successfully.
C:\Users\fdinges\AppData\Local\opayesub.dll moved successfully.
C:\Users\fdinges\AppData\Local\erajakucur.dll moved successfully.
C:\Users\fdinges\AppData\Local\isanayucu.dll moved successfully.
C:\Users\fdinges\AppData\Local\okeqaqoj.dll moved successfully.
C:\Users\fdinges\AppData\Local\iyozetij.dll moved successfully.
C:\Users\fdinges\AppData\Local\atenusohomatum.dll moved successfully.
C:\Users\fdinges\AppData\Local\uhojataz.dll moved successfully.
C:\Users\fdinges\AppData\Local\adeqolezibahaqe.dll moved successfully.
C:\Users\fdinges\AppData\Local\uwexevoy.dll moved successfully.
C:\Users\fdinges\AppData\Local\ekarofibo.dll moved successfully.
C:\Users\fdinges\AppData\Local\owavivam.dll moved successfully.
C:\Users\fdinges\AppData\Local\izuqeyuhasaj.dll moved successfully.
C:\Users\fdinges\AppData\Local\uwiyufom.dll moved successfully.
C:\Users\fdinges\AppData\Local\erukexug.dll moved successfully.
C:\Users\fdinges\AppData\Local\obevezuyo.dll moved successfully.
C:\Users\fdinges\AppData\Local\upucakenakohod.dll moved successfully.
C:\Users\fdinges\AppData\Local\obeheqicoxic.dll moved successfully.
C:\Users\fdinges\AppData\Local\eliqaquzuw.dll moved successfully.
C:\Users\fdinges\AppData\Local\obofegizutaz.dll moved successfully.
C:\Users\fdinges\AppData\Local\akudipotafapi.dll moved successfully.
C:\Users\fdinges\AppData\Local\exadenenor.dll moved successfully.
C:\Users\fdinges\AppData\Local\alohadehip.dll moved successfully.
C:\Users\fdinges\AppData\Local\ukenaroh.dll moved successfully.
C:\Users\fdinges\AppData\Local\ezawiwifa.dll moved successfully.
C:\Users\fdinges\AppData\Local\eqopofevinuyozew.dll moved successfully.
C:\Users\fdinges\AppData\Local\idonebag.dll moved successfully.
C:\Users\fdinges\AppData\Local\ogojilesoqa.dll moved successfully.
C:\Users\fdinges\AppData\Local\uvegevusu.dll moved successfully.
C:\Users\fdinges\AppData\Local\emalamuti.dll moved successfully.
C:\Users\fdinges\AppData\Local\awofivutamuxu.dll moved successfully.
C:\Users\fdinges\AppData\Local\umifunan.dll moved successfully.
C:\Users\fdinges\AppData\Local\usojogumaj.dll moved successfully.
C:\Users\fdinges\AppData\Local\ugixumug.dll moved successfully.
C:\Users\fdinges\AppData\Local\ifaxuluq.dll moved successfully.
C:\Users\fdinges\AppData\Local\ipohewatebicogic.dll moved successfully.
C:\Users\fdinges\AppData\Local\ufenisapamotet.dll moved successfully.
C:\Users\fdinges\AppData\Local\uyorokon.dll moved successfully.
C:\Users\fdinges\AppData\Local\ahupixox.dll moved successfully.
C:\Users\fdinges\AppData\Local\opajuzak.dll moved successfully.
C:\Users\fdinges\AppData\Local\emidarexowexul.dll moved successfully.
C:\Users\fdinges\AppData\Local\avokemomopuduy.dll moved successfully.
C:\Users\fdinges\AppData\Local\urepiliyo.dll moved successfully.
C:\Users\fdinges\AppData\Local\epigerut.dll moved successfully.
C:\Users\fdinges\AppData\Local\izananoj.dll moved successfully.
C:\Users\fdinges\AppData\Local\eqixujes.dll moved successfully.
C:\Users\fdinges\AppData\Local\ijitefed.dll moved successfully.
C:\Users\fdinges\AppData\Local\ehimipus.dll moved successfully.
C:\Users\fdinges\AppData\Local\anekilugoqoralo.dll moved successfully.
C:\Users\fdinges\AppData\Local\umihekevasuqeru.dll moved successfully.
C:\Users\fdinges\AppData\Local\owoqewofeh.dll moved successfully.
C:\Users\fdinges\AppData\Local\ahahigusu.dll moved successfully.
C:\Users\fdinges\AppData\Local\ivemokekegasudev.dll moved successfully.
C:\Users\fdinges\AppData\Local\obetaxaroyuy.dll moved successfully.
C:\Users\fdinges\AppData\Local\apeqehexopak.dll moved successfully.
C:\Users\fdinges\AppData\Local\oluzogaz.dll moved successfully.
C:\Users\fdinges\AppData\Local\uheviqeme.dll moved successfully.
C:\Users\fdinges\AppData\Local\ijabuhuwonezonus.dll moved successfully.
C:\Users\fdinges\AppData\Local\ekobeguy.dll moved successfully.
C:\Users\fdinges\AppData\Local\iwenebag.dll moved successfully.
C:\Users\fdinges\AppData\Local\otuheyekit.dll moved successfully.
C:\Users\fdinges\AppData\Local\aturipecil.dll moved successfully.
C:\Users\fdinges\AppData\Local\emodusexuyo.dll moved successfully.
C:\Users\fdinges\AppData\Local\urepiliyojoqo.dll moved successfully.
C:\Users\fdinges\AppData\Local\agixumugeyajofo.dll moved successfully.
C:\Users\fdinges\AppData\Local\owajefiq.dll moved successfully.
C:\Users\fdinges\AppData\Local\evozopes.dll moved successfully.
C:\Users\fdinges\AppData\Local\itejuqumof.dll moved successfully.
C:\Users\fdinges\AppData\Local\urebebag.dll moved successfully.
C:\Users\fdinges\AppData\Local\aqalolacih.dll moved successfully.
C:\Users\fdinges\AppData\Local\ipewafonutul.dll moved successfully.
C:\Users\fdinges\AppData\Local\apociyop.dll moved successfully.
C:\Users\fdinges\AppData\Local\edikowucafo.dll moved successfully.
C:\Users\fdinges\AppData\Local\axupabusaxupe.dll moved successfully.
C:\Users\fdinges\AppData\Local\ipibogebuteboyo.dll moved successfully.
C:\Users\fdinges\AppData\Local\ewikevasuqeruzo.dll moved successfully.
C:\Users\fdinges\AppData\Local\oligilimelumorun.dll moved successfully.
C:\Users\fdinges\AppData\Local\elovucuy.dll moved successfully.
C:\Users\fdinges\AppData\Local\ubucucen.dll moved successfully.
C:\Users\fdinges\AppData\Local\ohukodado.dll moved successfully.
C:\Users\fdinges\AppData\Local\uhizuxahowiloji.dll moved successfully.
C:\Users\fdinges\AppData\Local\uzafapititefe.dll moved successfully.
C:\Users\fdinges\AppData\Local\omunidopumam.dll moved successfully.
C:\Users\fdinges\AppData\Local\ajofeqacol.dll moved successfully.
C:\Users\fdinges\AppData\Local\afalininozumahoh.dll moved successfully.
C:\Users\fdinges\AppData\Local\evadiqadunujan.dll moved successfully.
C:\Users\fdinges\AppData\Local\igikonip.dll moved successfully.
C:\Users\fdinges\AppData\Local\uwowunikazubija.dll moved successfully.
C:\Users\fdinges\AppData\Local\ogijupecejoxodo.dll moved successfully.
C:\Users\fdinges\AppData\Local\awanixigotane.dll moved successfully.
C:\Users\fdinges\AppData\Local\owidacib.dll moved successfully.
C:\Users\fdinges\AppData\Local\icicudez.dll moved successfully.
C:\Users\fdinges\AppData\Local\ecokivegohekeva.dll moved successfully.
C:\Users\fdinges\AppData\Local\uragucoboj.dll moved successfully.
C:\Users\fdinges\AppData\Local\amupopepacupodo.dll moved successfully.
C:\Users\fdinges\AppData\Local\olaqeniwarehegu.dll moved successfully.
C:\Users\fdinges\AppData\Local\afasogol.dll moved successfully.
C:\Users\fdinges\AppData\Local\upulagarobifamav.dll moved successfully.
C:\Users\fdinges\AppData\Local\ituwoniq.dll moved successfully.
C:\Users\fdinges\AppData\Local\ugilepetiyo.dll moved successfully.
C:\Users\fdinges\AppData\Local\awiwohonev.dll moved successfully.
C:\Users\fdinges\AppData\Local\efurejadanapiqif.dll moved successfully.
C:\Users\fdinges\AppData\Local\ugorilup.dll moved successfully.
C:\Users\fdinges\AppData\Local\ibufakoroxazivaz.dll moved successfully.
========== FILES ==========
File\Folder C:\Users\fdinges\AppData\Local\Temp\tpl_0_c.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\fdinges\Desktop\cmd.bat deleted successfully.
C:\Users\fdinges\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: fdinges
->Temp folder emptied: 791651576 bytes
->Temporary Internet Files folder emptied: 1340998734 bytes
->Java cache emptied: 8974416 bytes
->FireFox cache emptied: 375664280 bytes
->Google Chrome cache emptied: 6592306 bytes
->Flash cache emptied: 113648 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 438816 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533391342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36065736 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.951,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_151550

Files\Folders moved on Reboot...
C:\Users\fdinges\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Log vom AntiMalware-Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
fdinges :: GRAUPEL [Administrator]

14.06.2012 15:38:47
mbam-log-2012-06-14 (18-19-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 533256
Laufzeit: 2 Stunde(n), 38 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\Spiele\fff-ea185.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Spiele\CALLOFDUTY\Call of Duty\CoDSP.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Spiele\EA Multikeygen\fff-ea185.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06142012_151550\C_Users\fdinges\AppData\Local\Temp\tpl_0_c.exe (Trojan.Inject) -> Keine Aktion durchgeführt.

(Ende)
         
Logs vom OTL-Scan:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 14.06.2012 19:45:04 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\fdinges\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,83% Memory free
6,09 Gb Paging File | 4,36 Gb Available in Paging File | 71,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,37 Gb Total Space | 3,08 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive D: | 116,12 Gb Total Space | 1,29 Gb Free Space | 1,11% Space Free | Partition Type: NTFS
Drive F: | 243,13 Mb Total Space | 235,64 Mb Free Space | 96,92% Space Free | Partition Type: FAT
Drive G: | 251,48 Mb Total Space | 223,86 Mb Free Space | 89,02% Space Free | Partition Type: FAT32
 
Computer Name: GRAUPEL | User Name: fdinges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.13 13:16:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\fdinges\Desktop\OTL.exe
PRC - [2012.06.06 17:37:14 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\fdinges\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.02.18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011.04.28 12:59:46 | 000,460,096 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
PRC - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011.03.04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.08.17 15:34:20 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.08.12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.06 17:37:14 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.10.20 16:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll
MOD - [2010.08.17 15:34:20 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 19:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.08 10:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012.06.06 17:37:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.06 14:03:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011.03.04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.08.22 19:17:22 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010.04.22 15:26:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.05 13:10:11 | 000,161,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011.11.30 18:37:29 | 000,128,264 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011.11.23 09:59:45 | 000,149,768 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011.04.28 12:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011.04.28 12:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.02.25 23:14:26 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.25 23:14:22 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.01 19:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.10.16 14:56:40 | 000,701,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.09.18 02:24:00 | 000,198,144 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1030.sys -- (RDID1030)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.08.10 12:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.27 16:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.29 19:54:14 | 000,269,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE367DE367
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.25 14:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.07 20:07:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 17:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 12:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.25 16:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.11 12:46:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 17:37:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 12:46:32 | 000,000,000 | ---D | M]
 
[2011.05.25 16:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fdinges\AppData\Roaming\mozilla\Extensions
[2011.05.25 16:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fdinges\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.22 01:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fdinges\AppData\Roaming\mozilla\Firefox\Profiles\pffyl3ap.default\extensions
[2012.03.30 14:57:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\fdinges\AppData\Roaming\mozilla\Firefox\Profiles\pffyl3ap.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.22 01:35:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\fdinges\AppData\Roaming\mozilla\Firefox\Profiles\pffyl3ap.default\extensions\ich@maltegoetz.de
[2012.05.31 20:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.31 20:06:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.25 14:29:46 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.01.06 12:04:21 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FDINGES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PFFYL3AP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.06 17:37:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.01 22:00:12 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ConexantAudioPatch] C:\Program Files\ConexantAudioPatch\Audioreset.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Toshiba DetectAC Utility] C:\Program Files (x86)\TOSHIBA\Toshiba DetectAC Utility\DetectAC.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\fdinges\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BD771E8-F701-4472-B29A-5F230E03BCCA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E4D0A9B-E031-4A9E-AA95-C1F522BF0FE1}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 19:34:29 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\fdinges\Desktop\ccsetup319.exe
[2012.06.14 15:15:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.13 13:22:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\fdinges\Desktop\OTL.exe
[2012.06.13 12:34:24 | 056,731,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.06.13 11:05:12 | 000,000,000 | ---D | C] -- C:\Users\fdinges\AppData\Roaming\Panda Security
[2012.06.13 11:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012.06.13 11:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012.06.13 11:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.12 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\fdinges\AppData\Roaming\Malwarebytes
[2012.06.12 22:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 22:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 22:30:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.12 22:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.12 22:29:41 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\fdinges\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 16:41:39 | 000,000,000 | ---D | C] -- C:\Users\fdinges\Desktop\BG-Gruppe
[2012.05.31 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\fdinges\Desktop\1002512675
[2012.05.27 12:47:56 | 000,000,000 | ---D | C] -- C:\Users\fdinges\Documents\Tunngle
[2012.05.16 00:42:29 | 000,000,000 | ---D | C] -- C:\Users\fdinges\AppData\Roaming\Avira
[2012.05.15 23:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.15 23:45:04 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.15 23:45:04 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.15 23:45:04 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.15 23:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.15 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 C:\Users\fdinges\Documents\*.tmp files -> C:\Users\fdinges\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 22:27:24 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\fdinges\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.14 19:37:54 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.14 19:37:04 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\fdinges\Desktop\ccsetup319.exe
[2012.06.14 19:32:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 19:32:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 19:27:23 | 000,002,042 | ---- | M] () -- C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.06.14 19:23:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 19:23:44 | 3092,987,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 19:03:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 13:16:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\fdinges\Desktop\OTL.exe
[2012.06.13 11:02:40 | 000,000,276 | ---- | M] () -- C:\Windows\SysNative\PSUNCpl.dat
[2012.06.12 22:33:37 | 001,682,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.12 22:33:37 | 000,719,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.12 22:33:37 | 000,681,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.12 22:33:37 | 000,154,642 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.12 22:33:37 | 000,131,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 22:30:16 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 14:22:34 | 001,736,172 | ---- | M] () -- C:\Users\fdinges\Desktop\Papalapapppap01.mp3
[2012.06.11 13:59:34 | 000,001,600 | ---- | M] () -- C:\Users\fdinges\Desktop\Frozen Throne - Verknüpfung.lnk
[2012.06.07 00:12:02 | 000,056,496 | ---- | M] () -- C:\Users\fdinges\Desktop\manson_color_test1klein.bmp
[2012.06.03 23:35:34 | 056,731,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.05.31 17:15:46 | 144,619,760 | ---- | M] () -- C:\Users\fdinges\Desktop\1002512675.zip
[2012.05.27 12:55:20 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.05.27 00:57:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.05.26 10:34:58 | 000,001,058 | ---- | M] () -- C:\Users\fdinges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.26 10:34:50 | 000,001,030 | ---- | M] () -- C:\Users\fdinges\Desktop\Dropbox.lnk
[2012.05.17 19:08:22 | 022,678,697 | ---- | M] () -- C:\Users\fdinges\Desktop\Wischmayer - Berlin.wmv
[1 C:\Users\fdinges\Documents\*.tmp files -> C:\Users\fdinges\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 19:37:54 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.13 11:02:40 | 000,000,276 | ---- | C] () -- C:\Windows\SysNative\PSUNCpl.dat
[2012.06.12 22:30:16 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 14:22:33 | 001,736,172 | ---- | C] () -- C:\Users\fdinges\Desktop\Papalapapppap01.mp3
[2012.06.11 13:59:34 | 000,001,600 | ---- | C] () -- C:\Users\fdinges\Desktop\Frozen Throne - Verknüpfung.lnk
[2012.06.07 00:13:08 | 000,056,496 | ---- | C] () -- C:\Users\fdinges\Desktop\manson_color_test1klein.bmp
[2012.05.31 17:12:15 | 144,619,760 | ---- | C] () -- C:\Users\fdinges\Desktop\1002512675.zip
[2012.05.17 19:07:53 | 022,678,697 | ---- | C] () -- C:\Users\fdinges\Desktop\Wischmayer - Berlin.wmv
[2011.03.07 17:43:54 | 000,039,430 | ---- | C] () -- C:\Windows\scunin.dat
[2010.11.24 01:26:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.08.22 19:17:32 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.08.06 00:50:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010.08.05 18:01:13 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== LOP Check ==========
 
[2011.02.12 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Audacity
[2012.05.23 20:42:07 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\BitTorrent
[2010.02.28 00:00:55 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012.06.14 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Dropbox
[2011.08.07 20:52:09 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\MxBoost
[2010.02.25 00:34:05 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\NCH Swift Sound
[2010.06.09 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\OpenOffice.org
[2012.06.13 11:05:12 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Panda Security
[2011.06.02 17:35:43 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\phonostar GmbH
[2012.06.13 00:04:15 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\scdata
[2010.06.12 23:37:47 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Sysinternals Antivirus
[2010.02.25 14:08:53 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Template
[2011.05.25 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Thunderbird
[2010.02.11 19:57:12 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Toshiba
[2012.05.27 12:56:47 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Tunngle
[2010.02.12 18:13:08 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\WildTangent
[2010.03.19 14:34:09 | 000,000,000 | ---D | M] -- C:\Users\fdinges\AppData\Roaming\Youtube Downloader HD
[2012.05.11 00:23:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2012 19:45:06 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\fdinges\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,83% Memory free
6,09 Gb Paging File | 4,36 Gb Available in Paging File | 71,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,37 Gb Total Space | 3,08 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive D: | 116,12 Gb Total Space | 1,29 Gb Free Space | 1,11% Space Free | Partition Type: NTFS
Drive F: | 243,13 Mb Total Space | 235,64 Mb Free Space | 96,92% Space Free | Partition Type: FAT
Drive G: | 251,48 Mb Total Space | 223,86 Mb Free Space | 89,02% Space Free | Partition Type: FAT32
 
Computer Name: GRAUPEL | User Name: fdinges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus
"{59D3F691-179D-4E52-832C-D22B81541AC5}" = Microsoft SQL Server 2008 Setup Support Files 
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant HD Audio
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"RolandRDID0030" = GS-10-Treiber
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2968D40D-3C8D-4374-9E99-DDF403B2CBA9}" = GS-10 Editor
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3e64b754-0e75-46b8-9b14-e5372e859547}" = Nero 9 Lite
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5E30BDEB-9307-11D4-9AE0-006067325E47}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{868F16D9-1A7E-4A15-B268-1A88E77BBB38}" = Toshiba DetectAC Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3620221-A9E3-43AD-BDB9-985C88E85AC1}" = Silent Storm
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"Baldur's Gate" = Baldur's Gate
"BitTorrent" = BitTorrent
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX-Setup
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"FLV Player" = FLV Player 2.0 (build 25)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{2968D40D-3C8D-4374-9E99-DDF403B2CBA9}" = GS-10 Editor
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{868F16D9-1A7E-4A15-B268-1A88E77BBB38}" = Toshiba DetectAC Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"PANZERS - Phase1" = PANZERS - Phase1
"QtiPlot_is1" = QtiPlot 0.9.8.6
"Scribe" = Express Scribe
"Sony Player Plug-in for Windows Media Player" = Sony Player Plug-in for Windows Media Player
"Starcraft" = Starcraft
"Tunngle beta_is1" = Tunngle beta
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"War Front - Turning Point" = War Front - Turning Point
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2012 05:13:50 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 05:13:53 | Computer Name = Graupel | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\deutschlandradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 14.06.2012 05:15:18 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 05:15:18 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 05:15:27 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 05:17:01 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 09:27:15 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 09:27:16 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2012 09:36:19 | Computer Name = Graupel | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2cc    Startzeit: 
01cd4a31eb4b7e20    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 df68e2b9-b625-11e1-9f22-95cee78c7b52  
 
Error - 14.06.2012 09:47:28 | Computer Name = Graupel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 14.06.2012 09:04:18 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 09:04:19 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 09:06:01 | Computer Name = Graupel | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Panda Cloud Antivirus Service" wurde nicht richtig gestartet.
 
Error - 14.06.2012 09:25:44 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 09:25:49 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 13:24:12 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 13:24:19 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 14.06.2012 13:26:31 | Computer Name = Graupel | Source = DCOM | ID = 10005
Description = 
 
Error - 14.06.2012 13:26:31 | Computer Name = Graupel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 14.06.2012 13:26:31 | Computer Name = Graupel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
Liste vom CCleaner:

Code:
ATTFilter
Adobe AIR	Adobe Systems Inc.	27.09.2009		1.5.2.8870
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	05.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	05.05.2012	6,00MB	11.2.202.235
Adobe Photoshop CS3	Adobe Systems Incorporated	21.04.2010	1.085MB	10.0
Adobe Reader 9.5.1 - Deutsch	Adobe Systems Incorporated	10.04.2012	118,5MB	9.5.1
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	29.12.2011		11.6.3.633
Aliens vs. Predator 2		06.12.2011		
Amazon.de	Amazon EU S.a.r.L.	12.11.2009		
Apple Application Support	Apple Inc.	01.04.2010	39,7MB	1.2.1
Apple Software Update	Apple Inc.	01.04.2010	2,16MB	2.1.1.116
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	12.11.2009		1.0.0.10
Audacity 1.3.12	Audacity Team	09.02.2011	32,3MB	
Avira Free Antivirus	Avira	14.05.2012	125,0MB	12.0.0.1125
Baldur's Gate		21.01.2012		
Baldur's Gate(TM) II - Schatten von Amn(TM)		08.01.2012		
BitTorrent	BitTorrent, Inc	07.06.2010		
CCleaner	Piriform	22.05.2012		3.19
CloneDVD2	Elaborate Bytes	04.08.2010		2.9.2.8
Compatibility Pack für 2007 Office System	Microsoft Corporation	11.05.2012	218MB	12.0.6612.1000
Conexant HD Audio	Conexant	30.04.2011		4.98.16.61
DivX-Setup	DivX, LLC	06.01.2012		2.6.1.3
dradio-Recorder Version 3.02.0		01.06.2011		
Dropbox	Dropbox, Inc.	25.05.2012		1.4.7
eBay	eBay Inc.	27.09.2009	0,16MB	1.0.4
Express Scribe	NCH Software	12.06.2012		
FLV Player 2.0 (build 25)	Martijn de Visser	26.08.2010		2.0 (build 25)
Google Toolbar for Internet Explorer	Google Inc.	18.03.2012		7.3.2710.138
GS-10 Editor	BOSS Corporation	12.11.2010	49,9MB	1.10.3007
GS-10-Treiber	Roland Corporation	03.12.2010		
Guitar Pro 5.2	Arobas Music	07.06.2010		
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	12.11.2009	54,3MB	8.15.10.1883
Intel® Matrix Storage Manager	Intel Corporation	12.11.2009		
Java(TM) 6 Update 14	Sun Microsystems, Inc.	27.09.2009	97,5MB	6.0.140
Last.fm 1.5.4.27091	Last.fm	10.11.2010		
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	11.06.2012	18,0MB	1.61.0.1400
McAfee SiteAdvisor	McAfee, Inc.	24.02.2012		3.4.195
McAfee SiteAdvisor	McAfee, Inc.	11.07.2011		3.3.1.133
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.03.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.03.2011	2,94MB	4.0.30319
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	11.05.2012	54,3MB	12.0.6612.1000
Microsoft Office Professional Plus 2010	Microsoft Corporation	03.12.2011		14.0.6029.1000
Microsoft Office Suite Activation Assistant	Microsoft Corporation	27.09.2009	8,37MB	2.9
Microsoft Silverlight	Microsoft Corporation	13.05.2012	50,7MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	27.09.2009	1,72MB	3.1.0000
Microsoft SQL Server 2008	Microsoft Corporation	05.04.2010		
Microsoft SQL Server 2008 Browser	Microsoft Corporation	05.04.2010	8,38MB	10.1.2531.0
Microsoft SQL Server 2008 Native Client	Microsoft Corporation	05.04.2010	7,07MB	10.1.2531.0
Microsoft SQL Server 2008 Setup Support Files 	Microsoft Corporation	05.04.2010	27,5MB	10.1.2531.0
Microsoft SQL Server VSS Writer	Microsoft Corporation	05.04.2010	3,85MB	10.1.2531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	25.02.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	25.02.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	23.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	23.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	08.06.2010	1,71MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	12.11.2009	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.04.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.05.2012	12,3MB	10.0.40219
Microsoft Works	Microsoft Corporation	12.04.2012	1.210MB	9.7.0621
Mozilla Firefox 13.0 (x86 de)	Mozilla	05.06.2012	40,9MB	13.0
Mozilla Maintenance Service	Mozilla	05.06.2012	0,30MB	13.0
Mozilla Thunderbird (3.1.10)	Mozilla	24.05.2011		3.1.10 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	30.08.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.08.2011	1,33MB	4.20.9876.0
Nero 9 Lite	Nero AG	29.08.2011		
Nero BurnLite 10	Nero AG	08.12.2011	56,4MB	10.0.10600
Nero Update	Nero AG	08.12.2011	1,45MB	1.0.10600.28.0
Oblivion	Bethesda Softworks	17.09.2010		1.00.0000
OpenAL		12.05.2011		
OpenOffice.org 3.2	OpenOffice.org	08.06.2010	357MB	3.2.9483
Panda Cloud Antivirus	Panda Security	12.06.2012		1.5.2
PANZERS - Phase1		06.08.2010		
PlayReady PC Runtime amd64	Microsoft Corporation	27.09.2009	2,06MB	1.3.0
Python 2.6.2	Python Software Foundation	30.10.2011	47,4MB	2.6.2150
QtiPlot 0.9.8.6	Ion Vasilief	30.10.2011		
QuickTime	Apple Inc.	02.04.2010	73,8MB	7.66.71.0
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	12.11.2009		6.1.7600.30102
Realtek WLAN Driver	Realtek	12.11.2009	1,54MB	2.00.0006
Rome - Total War - Gold Edition	The Creative Assembly	05.08.2010		1.6
Silent Storm	JoWooD Productions Software AG	02.04.2010		1.2
Skype Click to Call	Skype Technologies S.A.	30.05.2012	13,8MB	5.10.9560
Skype(TM) Launcher	Skype Technologies S.A.	12.11.2009		
Skype™ 5.9	Skype Technologies S.A.	30.05.2012	19,3MB	5.9.115
Sony Player Plug-in for Windows Media Player		24.02.2010		
Starcraft		06.03.2011		
Synaptics Pointing Device Driver	Synaptics Incorporated	12.11.2009		13.1.2.0
Toshiba Assist	TOSHIBA	27.09.2009		3.00.09
TOSHIBA Bulletin Board	TOSHIBA Corporation	12.11.2009		1.0.04.64
TOSHIBA ConfigFree	TOSHIBA Corporation	12.11.2009	73,1MB	8.0.23
Toshiba DetectAC Utility	TOSHIBA	30.04.2011	0,28MB	1.00.0013
TOSHIBA eco Utility	TOSHIBA Corporation	12.11.2009	6,93MB	1.1.10.64
TOSHIBA Extended Tiles for Windows Mobility Center		12.11.2009		
TOSHIBA Face Recognition	TOSHIBA Corporation	12.11.2009		3.1.1.64
TOSHIBA Hardware Setup		12.11.2009		
TOSHIBA HDD Protection	TOSHIBA Corporation	12.11.2009	12,9MB	2.2.0.0
TOSHIBA HDD/SSD Alert	TOSHIBA Corporation	12.11.2009	38,0MB	3.1.64.0
Toshiba Manuals	TOSHIBA	27.09.2009		10.00
Toshiba Online Product Information	TOSHIBA	27.09.2009		2.08.0001
TOSHIBA PC Health Monitor	TOSHIBA Corporation	12.11.2009	27,4MB	1.4.0.64
Toshiba Photo Service - powered by myphotobook	myphotobook GmbH	27.09.2009		1.0.0-663
TOSHIBA Recovery Media Creator	TOSHIBA Corporation	12.11.2009	3,00MB	2.1.0.3 x64
TOSHIBA Recovery Media Creator Reminder	TOSHIBA	27.09.2009	0,45MB	1.00.0019
TOSHIBA ReelTime	TOSHIBA Corporation	12.11.2009		1.0.04.64
TOSHIBA SD Memory Utilities	TOSHIBA	12.11.2009	9,16MB	1.9.1.12
TOSHIBA Service Station	TOSHIBA	12.11.2009		2.1.33
TOSHIBA Supervisor Password		12.11.2009		
TOSHIBA TEMPRO	Toshiba Europe GmbH	30.04.2011	11,3MB	3.35
TOSHIBA USB Sleep and Charge Utility	TOSHIBA Corporation	12.11.2009		1.2.3.0
TOSHIBA Value Added Package	TOSHIBA Corporation	12.11.2009	87,7MB	1.2.25.64
TOSHIBA Web Camera Application	TOSHIBA Corporation	12.11.2009		1.1.1.4
TRORMCLauncher		12.11.2009		
Tunngle beta	Tunngle.net GmbH	26.05.2012	9,49MB	
TuxGuitar	Herac	22.02.2012	10,6MB	1.2
Unterstützungsdateien für Microsoft SQL Server 2008-Setup 	Microsoft Corporation	05.04.2010	30,1MB	10.1.2531.0
VirtualCloneDrive	Elaborate Bytes	04.08.2010		
VLC media player 1.1.4	VideoLAN	05.11.2010		1.1.4
War Front - Turning Point		24.02.2010		
Warhammer 40,000: Dawn Of War - Gold Edition	THQ	25.02.2010	2.687MB	1.51
WildTangent-Spiele	WildTangent	12.11.2009		1.0.0.71
Winamp	Nullsoft, Inc	03.02.2012		5.623 
Winamp Detector Plug-in	Nullsoft, Inc	03.02.2012	75,00KB	1.0.0.1
Windows Live Anmelde-Assistent	Microsoft Corporation	27.09.2009	1,94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	27.09.2009		14.0.8089.0726
Windows Live Sync	Microsoft Corporation	27.09.2009	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	27.09.2009	0,22MB	14.0.8014.1029
WinRAR		24.02.2010
         
Zitat:
Frage dich, wieso hast Du nicht schon dein System aufgrüstet?!
Dazu fällt mir jetzt nichts ein Werde in Zukunft verantwortungsvoller mit meiner Technik umgehen, versprochen!

Zitat:
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:

C:\Users\fdinges\Desktop\1002512675
C:\Users\fdinges\Desktop\1002512675.zip


könnten auch von Malware stammen..?
Nee, das ist vertrauenswürdig.

Dank! und Gruß, F


Alt 14.06.2012, 21:20   #6
kira
/// Helfer-Team
 
Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Standard

Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht



ohje...ohje...
- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren
- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:
Zitat:
C:\Program Files (x86)\Spiele\fff-ea185.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Spiele\CALLOFDUTY\Call of Duty\CoDSP.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Spiele\EA Multikeygen\fff-ea185.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
Denn die die angebotenen Programme und Dateien enthalten schädliche Inhalte - äußerst gefährlicher Malware wie z.b Backdoors und Rootkits
** Du solltest in so einem Fall mal dein Konsummuster überdenken
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne Malware bzw gerackte Software -> Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
__________________
--> Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht

Antwort

Themen zu Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht
100€ zahlen, administrator, antivirus, appdata, autostart, blockiert, code, dateien, dateisystem, explorer, folge, forum, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, internet, laptop, log, malwarebytes, microsoft, rechner, rechner blockiert, recycle.bin, roaming, server, software, speicher, system32, taskmanager, verbindung



Ähnliche Themen: Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht


  1. Internetist vorhanden aber bei Browsern steht Verbindung zu Proxy.....
    Log-Analyse und Auswertung - 04.02.2015 (2)
  2. Wlan Verbindung. Ping Einbrüche sobald ich Browser|LoL|Steam|multiplayer öffne
    Netzwerk und Hardware - 11.05.2014 (1)
  3. PUP.optional.opencandy gefunden und Internet Verbindung blockiert
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (15)
  4. Polizei Trojaner, PC gesperrt, sobald Verbindung zum Internet besteht
    Log-Analyse und Auswertung - 21.01.2013 (7)
  5. Bundespolizei Trojaner sperrt den PC (desktop) sobald ich ihn anmache
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (26)
  6. Virus eingefangen - sobald PC ins Internet will kommt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  7. GVU Trojaner sperrt das System sobald der Rechner am Internet hängt.
    Log-Analyse und Auswertung - 05.07.2012 (1)
  8. BKA/GEMA-Trojaner: angebliche Suisa Meldung blockiert meinen Bildschirm sobald online
    Log-Analyse und Auswertung - 17.06.2012 (3)
  9. Sobald Verbindung mit Internet Meldung Windows Virenverseucht und 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (1)
  10. Die Bundespolizei ... steht auch bei mir vor der Tür.!
    Log-Analyse und Auswertung - 05.07.2011 (11)
  11. Internet funktioniert nicht mehr obwohl verbindung steht.
    Alles rund um Windows - 25.03.2011 (7)
  12. Trojaner-Alarm sobald ich mit Internet verbunden bin!
    Plagegeister aller Art und deren Bekämpfung - 02.05.2010 (4)
  13. Internet sehr launisch, obwohl Verbindung steht...
    Log-Analyse und Auswertung - 22.12.2009 (1)
  14. Browser funktionieren nicht - aber Verbindung steht
    Log-Analyse und Auswertung - 14.07.2009 (1)
  15. Mein Internet bricht ab, Wlan verbindung steht nochh
    Netzwerk und Hardware - 14.03.2009 (1)
  16. Internet funktioniert nicht,aber Verbindung mit ICQ und anderen Messenger steht
    Plagegeister aller Art und deren Bekämpfung - 13.07.2008 (3)
  17. I-Net-Verbindung steht, aber findet keine Seite
    Plagegeister aller Art und deren Bekämpfung - 30.12.2004 (8)

Zum Thema Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht - Hallo, seit gestern wird, sobald eine Verbindung zum Internet hergestellt ist, durch die bekannte Mitteilung "Bundespolizei hat Rechner blockiert, 100€ zahlen etc." der Laptop blockiert. Taskmanager und abgesicherter Modus funktionieren - Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht...
Archiv
Du betrachtest: Bundespolizei-Trojaner blockiert PC, sobald Internet-Verbindung steht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.