| |
| |||||||
Log-Analyse und Auswertung: Backup nach Trojaner Bundeskriminalamt der 100Eur erpresstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.03.2012, 14:13
| #1 |
 |  Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Moin Leute! Ich heißte Tom, und bin neu hier. Ich hatte neulich das Problem mit dem Trojaner, der vorgibt vom Bundeskriminalamt zu sein und 100€ fordert, um den PC zu entsperren. Das (akute) Problem bin ich losgeworden indem ich mich unter einem anderen Konto angemeldet habe und Malwarbytes Anti-Malware laufen lies, das dann das Schadprogramm gelöscht hat. Ich weiß bereits, 1.) dass ich selbst schuld bin wenn ich auf Pornoseiten rumsurfe,etc; 2.) dass mein PC erst dann wirklich zuverlässig virenfrei sein wird, wenn ich formatiere und das System neu aufsetze. Diesbezüglich brauche ich also keine Ratschläge. Meine Hauptfrage: Was mich stattdessen umtreibt ist: Wie sichere ich meine Daten?? Ich habe ca. 100GB, davon - 40GB Musik, - 20-30GB Filme - Viele wichtige Dokumente (pdf, doc, docx, xls, xlsx, txt) - Diverses Krimskrams Besonders wichtig ist es mir natürlich die "wichtigen Dokumente" (Promotion etc) zu sichern, aber auch meine Musik und die Filme will ich nicht einfach so verlieren. Probleme - Ich habe zwar eine externe HD, aber wenn ich die anschließe laufe ich ja Gefahr, diese auch zu infizieren - Ich weiß nicht ob der Virus/Trojaner sich nur über .exe dateien weiterverbreitet, oder auch Filme und MP3s oder noch schlimmer, Büro-Dokumente (.doc, ods, etc.) infizieren - Ich nutze die DropBox intensiv. Hat diese eine Virus-Sicherung eingebaut? Habe ich vielleicht bereits die PCs von Freunden und Kollegen infiziert? Lösungswege Mögliche Optionen für das Backup vor der Neuinstallation sind für mich: - Über Ubuntu/Linux oder so booten (was wahrscheinlich kompliziert ist, noch nie gemacht), dann die externe HD anschließen und die Daten darauf überspielen (Habe gehört dass Viren sich eher unter Windows verbreiten) - Bei Dropbox für 20US$ für einen Monat 100GB Webspace zu mieten, dort alles draufladen -> PC plattmachen -> Daten wieder von der Dropbox runterladen - Mit dem Super-Hammer-Checker-Anti-Virus-Kit (welches?) mein System wieder sauber bekommen ohne es neu aufzusetzen. Mein System: Windows 7, 64 Bit. Ich freue mich auf Eure Hilfe und danke schon mal! Liebe Grüße, Euer Tom Logfile Ich habe keine Logfile erstellt, weil ich bereits für mich akzeptiert habe dass ich höchstwahrscheinlich neu installieren müssen werde muss und die Fragen ja eher konzeptioneller Natur sind. Wenn es von Eurer Seite jedoch als unbedingt notwendig erachtet wird, hole ich dies nach. Dafür schon mal prophylaktisch die Frage: Wo endet denn Schritt 3? Also gilt das was nach "Bitte" steht nur für 32-Bit Systeme oder auch für mich? Subforum Wo kann man denn eigentlich das gewünschte Sub-Forum einstellen? |
|
19.03.2012, 10:47
| #2 | |
| /// Helfer-Team    |  Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Hallo und Herzlich Willkommen!
__________________ Zitat:
➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung ➋ -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 ➌ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira
__________________ |
|
21.03.2012, 11:13
| #3 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Hi Kira!
__________________Vielen Dank für die schnelle Antwort!! Habe gerade leider nicht die Zeit, aber werde demnächst alles erledigen wie empfohlen. Zwei Fragen habe ich noch: 1) Wie siehts denn mit meinem Vorschlag bzgl. der Dropbox aus? Meinungen dazu? 2) Ich habe Malwarebytes Antimalware laufen. Seit Neuestem blockt dieses Programm ständig Skype. Ich kann zwar noch normal skpyen, aber es werden alle paar Minuten Verbindungen zu folgenden IPs gestoppt: 77.74.36.72 (Type: incoming, Port: 13214, Process: skype.exe) 213.163.64.33 (Type: incoming, Port: 13214, Process: skype.exe) Weiß jemand zu welchem (Schad-?)Programm das gehört? Vielen Dank schon mal! Beste Grüße, Tom |
|
22.03.2012, 07:38
| #4 | ||||
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresstZitat:
Zitat:
Zitat:
Tagelange hin & her schreiben hier hilft nicht wirklich! Ohne Diagnose und Details, was genau bei Dir läuft, kann Dir keiner sagen was da los ist 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
22.03.2012, 09:34
| #5 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Moin Kira! Danke für die Hinweise. Hier die beiden Logfiles: OTL Log File: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22/03/2012 09:24:33 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tommii\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.28% Memory free 7.80 Gb Paging File | 5.57 Gb Available in Paging File | 71.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226.11 Gb Total Space | 51.93 Gb Free Space | 22.97% Space Free | Partition Type: NTFS Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tommii\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll () MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ATService) -- C:\Windows\SysNative\AtService.exe (AuthenTec, Inc.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe () SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (dlbc_device) -- C:\Windows\SysNative\dlbccoms.exe ( ) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06020000}_0) -- c:\program files\pc-doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS () DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (pflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.irinnews.org/|hxxp://www.francksen.com/aktuelles.htm|hxxp://www.nachdenkseiten.de/| hxxp://www.handelsblatt.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.12 FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M] [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions [2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org [2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml [2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell - "" = AutoRun O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5 [2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien [2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America [2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2 [2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1 [2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C [2012/02/21 12:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Cam-Pix ========== Files - Modified Within 30 Days ========== [2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/22 08:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/22 00:36:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/21 15:03:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/21 15:03:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/21 15:02:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/03/21 15:01:01 | 005,158,052 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/03/21 15:01:01 | 005,109,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/03/21 15:01:01 | 002,239,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/03/21 15:01:01 | 002,214,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/03/21 15:01:01 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/03/21 14:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/21 14:54:22 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys [2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll [2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm [2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI [2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll < End of report > [/code] OTL Extras-Logfile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22/03/2012 09:24:33 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.28% Memory free
7.80 Gb Paging File | 5.57 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 51.93 Gb Free Space | 22.97% Space Free | Partition Type: NTFS
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dell Photo Printer 720" = Dell Photo Printer 720
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.5.1
"Font Creator Program_is1" = Font Creator Program 3.1.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Kali II" = Kali II
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mendeley Desktop" = Mendeley Desktop 0.9.8.2
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.10.2092" = Opera 11.10
"Oxygen Phone Manager II for Nokia phones (Trial)" = Oxygen Phone Manager II for Nokia phones (Trial)
"RA+ V3.03_is1" = FullRA Plus V3.03
"Rapport_msi" = Rapport
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ResNet Wireless Setup" = ResNet Wireless Setup
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.9
"WOLAPI" = Westwood Shared Internet Components
"Wooldridge data_is1" = Wooldridge data (4e)
"XMedia Recode" = XMedia Recode 2.1.4.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/03/2011 03:54:38 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5585
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6583
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6583
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7582
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7582
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
[ Media Center Events ]
Error - 20/02/2010 22:34:54 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 03:34:54 - Fehler beim Herstellen der Internetverbindung. 03:34:54
- Serververbindung konnte nicht hergestellt werden..
Error - 20/02/2010 23:39:29 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 04:39:29 - Fehler beim Herstellen der Internetverbindung. 04:39:29
- Serververbindung konnte nicht hergestellt werden..
Error - 31/03/2010 13:27:40 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 19:27:40 - Fehler beim Herstellen der Internetverbindung. 19:27:40
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 05:11:41 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:11:41 - Fehler beim Herstellen der Internetverbindung. 11:11:41
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 06:11:46 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 12:11:46 - Fehler beim Herstellen der Internetverbindung. 12:11:46
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 07:11:51 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 13:11:51 - Fehler beim Herstellen der Internetverbindung. 13:11:51
- Serververbindung konnte nicht hergestellt werden..
Error - 07/05/2010 10:44:11 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:44:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 28/06/2010 05:47:01 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:47:01 - Fehler beim Herstellen der Internetverbindung. 11:47:01
- Serververbindung konnte nicht hergestellt werden..
Error - 28/06/2010 09:36:50 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 15:36:50 - Fehler beim Herstellen der Internetverbindung. 15:36:50
- Serververbindung konnte nicht hergestellt werden..
Error - 28/06/2010 10:36:56 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:36:55 - Fehler beim Herstellen der Internetverbindung. 16:36:55
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 10/06/2010 04:46:46 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2438
seconds with 960 seconds of active time. This session ended with a crash.
Error - 04/10/2010 07:17:38 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/12/2010 07:15:13 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19/03/2011 06:56:06 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28/03/2011 03:58:32 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18/05/2011 09:17:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/08/2011 18:54:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20/03/2012 15:30:46 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 20/03/2012 15:32:21 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description =
Error - 20/03/2012 18:47:13 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 21/03/2012 04:23:56 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 21/03/2012 04:24:14 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 21/03/2012 04:25:29 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description =
Error - 21/03/2012 09:01:43 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 21/03/2012 09:54:23 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 21/03/2012 09:54:34 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 21/03/2012 09:55:53 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description =
< End of report >
Installierte Programme: Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 10/05/2011 4.53MB 9.20.00.0 Adobe AIR Adobe Systems Incorporated 31/05/2011 2.6.0.19140 Adobe Community Help Adobe Systems Incorporated. 11/03/2012 3.4.980 Adobe Download Assistant Adobe Systems Incorporated 11/03/2012 1.0.6 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 22/08/2011 6.00MB 10.3.183.5 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 01/02/2012 6.00MB 11.1.102.55 Adobe Flash Professional CS5.5 Adobe Systems Incorporated 11/03/2012 2,086MB 11.5 Adobe Premiere Pro Adobe Systems, Inc. 20/12/2009 7.0 Adobe Reader 9.4.6 - Deutsch Adobe Systems Incorporated 24/09/2011 218MB 9.4.6 Anzeige am Bildschirm 13/01/2010 5.32.00 Apple Application Support Apple Inc. 01/12/2010 52.8MB 1.4.1 Apple Mobile Device Support Apple Inc. 01/12/2010 22.3MB 3.3.0.69 Apple Software Update Apple Inc. 09/11/2009 2.16MB 2.1.1.116 Audacity 1.3.12 (Unicode) Audacity Team 16/05/2011 32.6MB Avira Free Antivirus Avira 19/02/2012 104.9MB 12.0.0.898 Bonjour Apple Inc. 01/12/2010 1.15MB 2.0.4.0 CCleaner Piriform 21/03/2012 3.16 Conexant 20561 SmartAudio HD Conexant 03/11/2009 4.92.10.0 ConvertHelper 2.2 DownloadHelper 03/03/2010 Dell Photo Printer 720 Dell, Inc. 07/11/2009 DivX Codec DivX, Inc. 05/02/2010 6.9.1 DivX Converter DivX, Inc. 05/02/2010 7.1.0 DivX Player DivX, Inc. 05/02/2010 7.2.0 DivX Plus DirectShow Filters DivX, Inc. 05/02/2010 DivX Plus Web Player DivX,Inc. 05/02/2010 2.0.0 Dropbox Dropbox, Inc. 22/02/2012 1.2.52 DVD Shrink 3.2 deutsch (DeCSS-frei) DVD Shrink 12/02/2010 EndNote X3 Thomson Reuters 26/05/2010 52.0MB 13.0.1.4261 ffdshow [rev 3154] [2009-12-09] 01/06/2010 16.6MB 1.0 FileZilla Client 3.5.1 FileZilla Project 30/09/2011 16.6MB 3.5.1 Font Creator Program 3.1.3 24/05/2011 FreePDF (Remove only) 16/11/2009 FullRA Plus V3.03 N3tRunn3r 29/12/2010 Plus Google Earth Google 19/01/2012 92.7MB 6.1.0.5001 GPL Ghostscript 8.70 16/11/2009 Integrated Camera Sonix 04/11/2009 5.8.53003.0 Intel(R) Graphics Media Accelerator Driver Intel Corporation 05/07/2011 54.3MB 8.15.10.1872 Intel(R) Management Engine Interface Intel Corporation 04/11/2009 Intel(R) PROSet/Wireless WiFi Software Intel Corporation 04/11/2009 88.5MB 13.00.0000 iTunes Apple Inc. 16/01/2011 145.7MB 10.1.1.4 Japanese Fonts Support For Adobe Reader 9 Adobe Systems Incorporated 12/03/2011 16.5MB 9.0.0 Java(TM) 6 Update 22 Oracle 18/10/2011 97.1MB 6.0.220 Java(TM) 6 Update 26 Sun Microsystems, Inc. 04/11/2009 97.7MB 6.0.260 K-Lite Codec Pack 5.9.0 (Full) 04/05/2010 2.40MB 5.9.0 Kali II 29/12/2010 Lenovo Fingerprint Software AuthenTec, Inc. 04/11/2009 33.0MB 3.3.0.56 Lenovo System Interface Driver 04/11/2009 1.01 Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 27/05/2010 6.0.5514.55 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14/03/2012 17.4MB 1.60.1.1000 Mendeley Desktop 0.9.8.2 Mendeley Ltd. 23/03/2011 0.9.8.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18/11/2010 38.8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18/11/2010 2.94MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 16/09/2011 7.95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 27/05/2010 0.50MB 2.0.4024.1 Microsoft Office Ultimate 2007 Microsoft Corporation 09/02/2012 12.0.6612.1000 Microsoft Silverlight Microsoft Corporation 19/02/2012 220MB 4.1.10111.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 28/11/2009 0.25MB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28/11/2009 0.25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15/06/2011 0.29MB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 04/11/2009 0.82MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 14/04/2011 0.57MB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 13/01/2010 0.21MB 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28/11/2009 0.20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 14/04/2011 0.77MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14/04/2011 0.58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 13/01/2010 0.77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18/10/2011 0.23MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15/06/2011 0.77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03/11/2009 0.58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03/11/2010 0.58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15/06/2011 0.59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19/10/2011 16.5MB 10.0.40219 MiKTeX 2.8 MiKTeX.org 15/04/2011 2.8 Mozilla Firefox 7.0 (x86 de) Mozilla 27/09/2011 35.3MB 7.0 Mozilla Thunderbird 10.0.2 (x86 en-US) Mozilla 21/02/2012 39.6MB 10.0.2 mp3-2-wav converter 1.14 05/06/2011 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14/02/2010 1.28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14/02/2010 1.33MB 4.20.9876.0 Nokia Connectivity Cable Driver Nokia 19/04/2011 3.85MB 7.1.36.0 Nokia PC Suite Nokia 19/04/2011 7.1.60.0 OpenOffice.org 3.3 OpenOffice.org 18/10/2011 415MB 3.3.9567 Opera 11.10 Opera Software ASA 26/04/2011 11.10.2092 Oxygen Phone Manager II for Nokia phones (Trial) Oxygen Software 29/12/2010 PASW Statistics 18 SPSS Inc. 20/05/2010 592MB 18.0.0 PC Connectivity Solution Nokia 26/12/2010 19.8MB 10.50.2.0 QuickTime Apple Inc. 16/01/2011 73.7MB 7.69.80.9 Rapport Trusteer 02/05/2011 3.5.1008.42 RedMon - Redirection Port Monitor 16/11/2009 ResearchSoft Direct Export Helper 26/05/2010 ResNet Wireless Setup 22/10/2010 RICOH R5U8xx Media Driver ver.3.62.02 RICOH 04/11/2009 3.62.02 Shrew Soft VPN Client 10/11/2009 Skype Click to Call Skype Technologies S.A. 19/03/2012 12.5MB 5.9.9216 Skype™ 5.8 Skype Technologies S.A. 19/03/2012 19.0MB 5.8.158 Snagit 10 TechSmith Corporation 16/05/2011 68.7MB 10.0.0 System Update Lenovo 07/07/2011 11.8MB 4.00.0048 TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 15/04/2011 Version 1.0 Stable RC1 ThinkPad FullScreen Magnifier 13/01/2010 2.10 ThinkPad Modem Adapter Conexant Systems 04/11/2009 7.80.5.0 ThinkPad Power Management Driver 04/11/2009 1.55 ThinkPad Power Manager 04/11/2009 3.05 ThinkPad UltraNav Driver ALPS ELECTRIC CO., LTD. 12/01/2010 7.202.1616.206 ThinkVantage Active Protection System Lenovo 04/11/2009 15.6MB 1.70 ThinkVantage Fingerprint Software 5.8 UPEK Inc. 19/10/2010 68.2MB 5.8.2.4462 ThinkVantage System Update 08/07/2011 Unlocker 1.9.1 Cedrick Collomb 14/03/2012 1.9.1 VLC media player 1.1.9 VideoLAN 06/05/2011 1.1.9 Westwood Shared Internet Components 29/12/2010 Windows Live ID-Anmelde-Assistent Microsoft Corporation 27/05/2010 10.0MB 6.500.3165.0 Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56) AuthenTec Inc. 04/11/2009 07/07/2009 8.1.2.56 Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8) Nokia 19/04/2011 06/09/2010 7.01.0.8 Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) Nokia 19/04/2011 10/07/2010 4.6 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 26/12/2010 08/22/2008 7.0.0.0 Wooldridge data (4e) 07/11/2009 XMedia Recode 2.1.4.8 Sebastian Dörfler 20/12/2009 2.1.4.8 Ich bin gerade schockiert, dass .doc und .pdf auch als "ausführbare" Dateien gelten..was mach ich denn nun, das sind ja die wirklich wichtigen Sachen! |
|
22.03.2012, 10:29
| #6 | ||
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst 1. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://www.irinnews.org/|http://www.francksen.com/aktuelles.htm|http://www.nachdenkseiten.de/| http://www.handelsblatt.com/"
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
[2012/03/22 08:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 00:36:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 15:02:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten! deinstalliere: Zitat:
reinige dein System mit CCleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 7. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 8. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst |
|
22.03.2012, 10:49
| #7 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Hier schon mal die Logfile von dem Fix. Ich arbeite schon mal die anderen Punkte ab. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.irinnews.org/|hxxp://www.francksen.com/aktuelles.htm|hxxp://www.nachdenkseiten.de/| hxxp://www.handelsblatt.com/" removed from browser.startup.homepage
Prefs.js: search@searchsettings.com:1.2.2 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309001-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309001-f3db-11e0-9089-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309017-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309017-f3db-11e0-9089-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tommii\Desktop\cmd.bat deleted successfully.
C:\Users\Tommii\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: blubb
->Temp folder emptied: 967921 bytes
->Temporary Internet Files folder emptied: 1054608 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44162779 bytes
->Flash cache emptied: 57111 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 70406 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Public
User: Tommii
->Temp folder emptied: 226062769 bytes
->Temporary Internet Files folder emptied: 49310196 bytes
->Java cache emptied: 30763735 bytes
->FireFox cache emptied: 228347161 bytes
->Opera cache emptied: 13684730 bytes
->Flash cache emptied: 84215 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 309226447 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 3971594196 bytes
Total Files Cleaned = 4,650.00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_103829
Files\Folders moved on Reboot...
C:\Users\Tommii\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
LogFile SuperAntiSpyWare Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/22/2012 at 01:58 PM
Application Version : 5.0.1146
Core Rules Database Version : 8365
Trace Rules Database Version: 6177
Scan type : Complete Scan
Total Scan Time : 02:43:06
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 67738
Registry threats detected : 0
File items scanned : 125533
File threats detected : 112
Adware.Tracking Cookie
bc.youporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
macromedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
media.mtvnservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
static.youporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
media.mtvnservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.bluestreak.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.dynamic.media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
adserver.nordprovider.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.ehg-upcchellomedia.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
adsrv.admediate.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.tto2.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.dynamic.media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\COOKIES\TOMMII@2O7[2].TXT [ /2O7 ]
Heur.Agent/Gen-FakeSkype
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000310.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000317.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000318.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000353.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000357.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000361.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000362.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000366.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000462.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000465.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000466.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000470.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000471.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000479.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000481.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000483.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000484.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000486.DLL
Trojan.Agent/Gen-Autorun[Swisyn]
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-KEYHOSTS.AUTO.UPDATE.EXE
C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-Q3ARENA KEY SERVER.EXE
Trojan.Agent/Gen-Krpytik
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP )/INF_THPS3_NOCD.EXE
C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7a1bb7f390b3f9418638373b2f3b7045
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 06:44:36
# local_time=2012-03-22 07:44:36 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13506246 13506246 0 0
# compatibility_mode=3073 16777214 0 7 22273260 22273260 0 0
# compatibility_mode=5893 16776573 100 94 21758 84057311 0 0
# compatibility_mode=8192 67108863 100 0 4722 4722 0 0
# scanned=326624
# found=5
# cleaned=5
# scan_time=14415
C:\Dokumente und Einstellungen\Tommii\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KFPHOURH\pdfforgeToolbar[1].msi probably a variant of Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\blubb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\blubb\Desktop\QuickStores.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\blubb\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
Jetzt läuft OTL. Hier das Log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22/03/2012 19:56:57 - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tommii\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.55% Memory free 7.80 Gb Paging File | 5.82 Gb Available in Paging File | 74.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226.11 Gb Total Space | 57.98 Gb Free Space | 25.64% Space Free | Partition Type: NTFS Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/10/11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/09/23 05:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009/09/05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2009/05/21 12:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009/04/14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009/03/13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009/02/02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe ========== Modules (No Company Name) ========== MOD - [2011/09/23 05:44:20 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009/10/15 15:50:08 | 002,505,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService) SRV:64bit: - [2009/10/15 15:50:00 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc) SRV:64bit: - [2009/10/15 15:49:54 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor) SRV:64bit: - [2009/10/01 06:00:50 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2009/08/24 13:43:54 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/12 23:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:64bit: - [2009/07/12 23:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:64bit: - [2009/06/29 13:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2007/02/07 16:27:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbccoms.exe -- (dlbc_device) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 13:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 12:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/20 22:21:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/10/11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011/04/28 13:34:54 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/07/30 13:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010/07/30 13:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0) DRV:64bit: - [2010/03/10 07:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2010/01/14 08:48:14 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009/11/24 11:46:18 | 000,180,784 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009/09/23 07:32:22 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009/09/09 03:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2009/09/01 01:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009/08/24 13:43:54 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/06/30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/06/30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009/06/29 13:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009/06/29 13:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009/06/23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/06/11 17:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (pflt) DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008/06/24 18:08:06 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp) DRV:64bit: - [2008/05/12 18:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2011/04/28 13:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2011/04/28 13:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003/09/08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/22 11:08:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions [2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org [2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml [2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/22 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/03/22 15:25:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe [2012/03/22 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\SUPERAntiSpyware.com [2012/03/22 11:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/03/22 11:12:18 | 015,495,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe [2012/03/22 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/03/22 10:59:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/03/22 10:54:47 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012/03/22 10:54:47 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012/03/22 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/03/22 10:53:10 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe [2012/03/22 10:52:54 | 017,255,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe [2012/03/22 10:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/03/22 10:38:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5 [2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien [2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America [2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2 [2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1 [2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C ========== Files - Modified Within 30 Days ========== [2012/03/22 15:25:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe [2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/22 15:14:55 | 005,215,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/03/22 15:14:55 | 005,167,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/03/22 15:14:55 | 002,266,060 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/03/22 15:14:55 | 002,241,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/03/22 15:14:55 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/03/22 15:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/22 15:07:16 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys [2012/03/22 11:13:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/22 11:12:30 | 015,495,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe [2012/03/22 11:06:44 | 000,066,822 | ---- | M] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg [2012/03/22 10:59:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/03/22 10:59:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/03/22 10:54:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012/03/22 10:54:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012/03/22 10:53:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe [2012/03/22 10:53:00 | 017,255,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe [2012/03/22 10:51:30 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll [2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012/03/22 11:13:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/22 11:06:40 | 000,066,822 | ---- | C] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg [2012/03/22 10:51:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/03/22 10:51:30 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm [2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI [2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll ========== LOP Check ========== [2011/05/17 08:28:15 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Audacity [2010/07/28 07:54:35 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\BitComet [2009/11/05 09:46:39 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\CachedFiles [2012/03/12 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/06/01 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/02/14 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\DeepBurner [2012/03/22 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Dropbox [2010/06/01 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\EndNote [2011/10/02 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\FileZilla [2010/09/07 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Geuh [2010/08/21 12:10:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\GrabPro [2009/11/11 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gretl [2009/11/08 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gtk-2.0 [2010/08/27 23:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Kyfere [2011/07/27 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Nokia [2009/11/05 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\OpenOffice.org [2011/07/04 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Opera [2010/10/13 23:06:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Orbit [2011/04/20 22:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\PC Suite [2010/08/21 12:12:31 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\ProgSense [2010/05/26 11:22:45 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Stata10 [2010/09/01 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Thunderbird [2010/12/06 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Trusteer [2010/05/28 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Update [2012/01/31 16:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/02/13 20:41:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
23.03.2012, 03:36
| #8 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Hier das Log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22/03/2012 19:56:57 - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tommii\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.55% Memory free 7.80 Gb Paging File | 5.82 Gb Available in Paging File | 74.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226.11 Gb Total Space | 57.98 Gb Free Space | 25.64% Space Free | Partition Type: NTFS Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/10/11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/09/23 05:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009/09/05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2009/05/21 12:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009/04/14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009/03/13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009/02/02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe ========== Modules (No Company Name) ========== MOD - [2011/09/23 05:44:20 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009/10/15 15:50:08 | 002,505,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService) SRV:64bit: - [2009/10/15 15:50:00 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc) SRV:64bit: - [2009/10/15 15:49:54 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor) SRV:64bit: - [2009/10/01 06:00:50 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2009/08/24 13:43:54 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/12 23:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:64bit: - [2009/07/12 23:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:64bit: - [2009/06/29 13:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2007/02/07 16:27:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbccoms.exe -- (dlbc_device) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 13:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 12:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/20 22:21:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/10/11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011/04/28 13:34:54 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/07/30 13:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010/07/30 13:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0) DRV:64bit: - [2010/03/10 07:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2010/01/14 08:48:14 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009/11/24 11:46:18 | 000,180,784 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009/09/23 07:32:22 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009/09/09 03:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2009/09/01 01:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009/08/24 13:43:54 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/06/30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/06/30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009/06/29 13:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009/06/29 13:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009/06/23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/06/11 17:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (pflt) DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008/06/24 18:08:06 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp) DRV:64bit: - [2008/05/12 18:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2011/04/28 13:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2011/04/28 13:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003/09/08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/22 11:08:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M] [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions [2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions [2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu [2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org [2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml [2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/22 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/03/22 15:25:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe [2012/03/22 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\SUPERAntiSpyware.com [2012/03/22 11:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/03/22 11:12:18 | 015,495,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe [2012/03/22 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/03/22 10:59:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/03/22 10:54:47 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012/03/22 10:54:47 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012/03/22 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/03/22 10:53:10 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe [2012/03/22 10:52:54 | 017,255,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe [2012/03/22 10:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/03/22 10:38:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5 [2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien [2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America [2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2 [2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1 [2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C ========== Files - Modified Within 30 Days ========== [2012/03/22 15:25:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe [2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/22 15:14:55 | 005,215,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/03/22 15:14:55 | 005,167,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/03/22 15:14:55 | 002,266,060 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/03/22 15:14:55 | 002,241,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/03/22 15:14:55 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/03/22 15:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/22 15:07:16 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys [2012/03/22 11:13:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/22 11:12:30 | 015,495,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe [2012/03/22 11:06:44 | 000,066,822 | ---- | M] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg [2012/03/22 10:59:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/03/22 10:59:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/03/22 10:54:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012/03/22 10:54:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2012/03/22 10:53:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe [2012/03/22 10:53:00 | 017,255,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe [2012/03/22 10:51:30 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe [2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll [2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012/03/22 11:13:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/22 11:06:40 | 000,066,822 | ---- | C] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg [2012/03/22 10:51:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/03/22 10:51:30 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf [2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf [2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png [2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk [2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe [2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe [2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf [2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf [2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf [2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html [2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf [2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf [2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd [2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf [2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla [2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk [2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk [2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3 [2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk [2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4 [2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm [2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI [2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll ========== LOP Check ========== [2011/05/17 08:28:15 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Audacity [2010/07/28 07:54:35 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\BitComet [2009/11/05 09:46:39 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\CachedFiles [2012/03/12 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/06/01 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/02/14 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\DeepBurner [2012/03/22 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Dropbox [2010/06/01 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\EndNote [2011/10/02 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\FileZilla [2010/09/07 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Geuh [2010/08/21 12:10:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\GrabPro [2009/11/11 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gretl [2009/11/08 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gtk-2.0 [2010/08/27 23:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Kyfere [2011/07/27 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Nokia [2009/11/05 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\OpenOffice.org [2011/07/04 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Opera [2010/10/13 23:06:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Orbit [2011/04/20 22:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\PC Suite [2010/08/21 12:12:31 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\ProgSense [2010/05/26 11:22:45 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Stata10 [2010/09/01 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Thunderbird [2010/12/06 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Trusteer [2010/05/28 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Update [2012/01/31 16:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/02/13 20:41:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Damn, habe gerade festgestellt, dass ich bei Extra Registry nur "None" angeklickt hatte, deshalb nur eine Log File.Jetzt läufts nochmal. Wie siehts denn aus? Habe heute praktisch den ganzen Tag die ganzen schritte ausgeführt. Was sagen die ganzen Log-Files?? LG Tom |
|
23.03.2012, 07:39
| #9 | |
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Vielleicht kannst Du dich ja noch etwas genauer dazu äußern: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
23.03.2012, 10:48
| #10 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Moin! Danke zunächst für die flotte Reaktion! Erst mal hier noch die eine fehlende LogFile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23/03/2012 03:37:28 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.90 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.19% Memory free
7.80 Gb Paging File | 5.72 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 57.84 Gb Free Space | 25.58% Space Free | Partition Type: NTFS
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dell Photo Printer 720" = Dell Photo Printer 720
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.5.1
"Font Creator Program_is1" = Font Creator Program 3.1.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Kali II" = Kali II
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.10.2092" = Opera 11.10
"Oxygen Phone Manager II for Nokia phones (Trial)" = Oxygen Phone Manager II for Nokia phones (Trial)
"RA+ V3.03_is1" = FullRA Plus V3.03
"Rapport_msi" = Rapport
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ResNet Wireless Setup" = ResNet Wireless Setup
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.9
"WOLAPI" = Westwood Shared Internet Components
"Wooldridge data_is1" = Wooldridge data (4e)
"XMedia Recode" = XMedia Recode 2.1.4.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6583
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6583
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7582
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7582
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
Error - 10/03/2011 12:38:27 | Computer Name = Tommii666 | Source = RasClient | ID = 20227
Description =
[ Media Center Events ]
Error - 20/02/2010 22:34:54 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 03:34:54 - Fehler beim Herstellen der Internetverbindung. 03:34:54
- Serververbindung konnte nicht hergestellt werden..
Error - 20/02/2010 23:39:29 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 04:39:29 - Fehler beim Herstellen der Internetverbindung. 04:39:29
- Serververbindung konnte nicht hergestellt werden..
Error - 31/03/2010 13:27:40 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 19:27:40 - Fehler beim Herstellen der Internetverbindung. 19:27:40
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 05:11:41 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:11:41 - Fehler beim Herstellen der Internetverbindung. 11:11:41
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 06:11:46 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 12:11:46 - Fehler beim Herstellen der Internetverbindung. 12:11:46
- Serververbindung konnte nicht hergestellt werden..
Error - 02/04/2010 07:11:51 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 13:11:51 - Fehler beim Herstellen der Internetverbindung. 13:11:51
- Serververbindung konnte nicht hergestellt werden..
Error - 07/05/2010 10:44:11 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:44:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 28/06/2010 05:47:01 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:47:01 - Fehler beim Herstellen der Internetverbindung. 11:47:01
- Serververbindung konnte nicht hergestellt werden..
Error - 28/06/2010 09:36:50 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 15:36:50 - Fehler beim Herstellen der Internetverbindung. 15:36:50
- Serververbindung konnte nicht hergestellt werden..
Error - 28/06/2010 10:36:56 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:36:55 - Fehler beim Herstellen der Internetverbindung. 16:36:55
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 10/06/2010 04:46:46 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2438
seconds with 960 seconds of active time. This session ended with a crash.
Error - 04/10/2010 07:17:38 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/12/2010 07:15:13 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19/03/2011 06:56:06 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28/03/2011 03:58:32 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18/05/2011 09:17:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/08/2011 18:54:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22/03/2012 06:07:29 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 22/03/2012 06:08:49 | Computer Name = Tommii666 | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 22/03/2012 06:08:49 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 22/03/2012 06:09:10 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 22/03/2012 06:10:25 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description =
Error - 22/03/2012 10:06:22 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 22/03/2012 10:07:16 | Computer Name = Tommii666 | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 22/03/2012 10:07:16 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 22/03/2012 10:07:29 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.
Error - 22/03/2012 10:08:53 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description =
< End of report >
Was meinst Du mit "genauer äußern"? Ich glaube das sind Programme, mit denen sich Spiele auch ohne CD starten lassen oder so was. Falls ich die überhaupt mal benutzt habe (bin gerade nicht sicher) ist das schon Jahre her..auf diesem System mit Sicherheit noch nicht. Sonst: Was meinst Du zu den ganzen LogFiles, etc? Ist mein System total durch und durch verseucht, oder kann ich beispielsweise Anwendungen wie Skype, (oder auch Onlinebanking) wieder ausführen ohne mir Sorgen zu machen? LG Tomy Ach ja, soll ich die zitierten Dateien löschen? |
|
24.03.2012, 07:45
| #11 | |
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresstZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
24.03.2012, 11:05
| #12 |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Ich nehme mal an, dass "illegal" meint, dass das Programm da ist, ohne dass ich es gewollt hätte (nicht dass der Besitz gegen deutsche Gesetze verstößt) Also: Ich habe die schon irgendwann mal selbst runtergeladen (oder von Freunden bekommen, keine Ahnung. Auf jeden Fall irgendwie beabsichtigt.) Was sagen denn die ganzen anderen Log Files? Schöne Grüße, und schon mal vielen Dank für die Hilfe bisher!! Tom  |
|
25.03.2012, 06:16
| #13 | |
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresstZitat:
das Problem ist nur, dass wir "solche" Systeme bereinigen wir nicht, da es sich um künstliche, also absichtlich herbeigeführte Probleme handelt! Außerdem nach deutschem Recht machst Du dich strafbar! Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung* Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:->Worauf musst Du während der Bereinigung achten?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
25.03.2012, 10:21
| #14 | |
| | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Moin Kira! Danke für das Feedback! Ich wusste gar nicht, dass es illegal ist, wenn man solche Software verwendet, um seine (selbst gekauften!) Spiele eben ohne die nervige CD zu spielen. Aber wie auch immer, ich sagte ja bereits dass die Software nicht mit meinem aktuellen System auf den PC gekommen ist, sondern vom Vorgänger PC. D.h. Die Software wurde vor bestimmt 6-10 Jahren geladen. Sollte also gesetzlich nicht mehr relevant sein. Den ersten Teil Deiner Argumentation kann ich leider nicht komplett nachvollziehen: Zitat:
Ich hatte ja in meinem ersten Posting geschrieben, dass mir klar ist, dass das System früher oder später neu aufgesetzt werden muss. Aber meine Frage bleibt bestehen: Wie dringend ist dies denn nun? Ist mein PC total infiziert? Und was sagen die ganzen Logfiles aus die ich in 1.5 Tagen Arbeit erstellt habe? Liebe Grüße, Tomy |
|
26.03.2012, 05:27
| #15 |
| /// Helfer-Team | Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst Diesem besagten Programm bitte restlos v. PC entfernen, ansonsten wird dein Rechner immer ein Risikofaktor sein. Ansonsten ich sehe nicht mehr verdächtiges MBR mit aswMBR von Avast prüfen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern. Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread. ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst |
| anti-malware, backup, backups, booten, brauche, bundeskriminalamt, dateien, dropbox, erstellt, frage, gelöscht, infiziert, leute, logfile, musik, neu, neuinstallation, pcs, pdf, problem, probleme, promo, schließen, system, system neu, systeme, trojaner, unbedingt, virus/trojaner, windows, überspielen |
.
