Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.03.2012, 14:13   #1
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Frage

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Moin Leute!

Ich heißte Tom, und bin neu hier. Ich hatte neulich das Problem mit dem Trojaner, der vorgibt vom Bundeskriminalamt zu sein und 100€ fordert, um den PC zu entsperren.

Das (akute) Problem bin ich losgeworden indem ich mich unter einem anderen Konto angemeldet habe und Malwarbytes Anti-Malware laufen lies, das dann das Schadprogramm gelöscht hat.

Ich weiß bereits,
1.) dass ich selbst schuld bin wenn ich auf Pornoseiten rumsurfe,etc;
2.) dass mein PC erst dann wirklich zuverlässig virenfrei sein wird, wenn ich formatiere und das System neu aufsetze.
Diesbezüglich brauche ich also keine Ratschläge.

Meine Hauptfrage:
Was mich stattdessen umtreibt ist: Wie sichere ich meine Daten??
Ich habe ca. 100GB, davon
- 40GB Musik,
- 20-30GB Filme
- Viele wichtige Dokumente (pdf, doc, docx, xls, xlsx, txt)
- Diverses Krimskrams
Besonders wichtig ist es mir natürlich die "wichtigen Dokumente" (Promotion etc) zu sichern, aber auch meine Musik und die Filme will ich nicht einfach so verlieren.

Probleme
- Ich habe zwar eine externe HD, aber wenn ich die anschließe laufe ich ja Gefahr, diese auch zu infizieren
- Ich weiß nicht ob der Virus/Trojaner sich nur über .exe dateien weiterverbreitet, oder auch Filme und MP3s oder noch schlimmer, Büro-Dokumente (.doc, ods, etc.) infizieren
- Ich nutze die DropBox intensiv. Hat diese eine Virus-Sicherung eingebaut? Habe ich vielleicht bereits die PCs von Freunden und Kollegen infiziert?

Lösungswege
Mögliche Optionen für das Backup vor der Neuinstallation sind für mich:
- Über Ubuntu/Linux oder so booten (was wahrscheinlich kompliziert ist, noch nie gemacht), dann die externe HD anschließen und die Daten darauf überspielen (Habe gehört dass Viren sich eher unter Windows verbreiten)
- Bei Dropbox für 20US$ für einen Monat 100GB Webspace zu mieten, dort alles draufladen -> PC plattmachen -> Daten wieder von der Dropbox runterladen
- Mit dem Super-Hammer-Checker-Anti-Virus-Kit (welches?) mein System wieder sauber bekommen ohne es neu aufzusetzen.

Mein System:
Windows 7, 64 Bit.

Ich freue mich auf Eure Hilfe und danke schon mal!

Liebe Grüße,


Euer Tom

Logfile
Ich habe keine Logfile erstellt, weil ich bereits für mich akzeptiert habe dass ich höchstwahrscheinlich neu installieren müssen werde muss und die Fragen ja eher konzeptioneller Natur sind. Wenn es von Eurer Seite jedoch als unbedingt notwendig erachtet wird, hole ich dies nach. Dafür schon mal prophylaktisch die Frage: Wo endet denn Schritt 3? Also gilt das was nach "Bitte" steht nur für 32-Bit Systeme oder auch für mich?

Subforum
Wo kann man denn eigentlich das gewünschte Sub-Forum einstellen?

Alt 19.03.2012, 10:47   #2
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Hallo und Herzlich Willkommen!

Zitat:
Meine Hauptfrage:
Was mich stattdessen umtreibt ist: Wie sichere ich meine Daten??
Tipps & Rat:


Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung


-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7


Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira
__________________

__________________

Alt 21.03.2012, 11:13   #3
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Hi Kira!

Vielen Dank für die schnelle Antwort!!

Habe gerade leider nicht die Zeit, aber werde demnächst alles erledigen wie empfohlen.

Zwei Fragen habe ich noch:
1) Wie siehts denn mit meinem Vorschlag bzgl. der Dropbox aus? Meinungen dazu?
2) Ich habe Malwarebytes Antimalware laufen. Seit Neuestem blockt dieses Programm ständig Skype. Ich kann zwar noch normal skpyen, aber es werden alle paar Minuten Verbindungen zu folgenden IPs gestoppt:
77.74.36.72 (Type: incoming, Port: 13214, Process: skype.exe)
213.163.64.33 (Type: incoming, Port: 13214, Process: skype.exe)

Weiß jemand zu welchem (Schad-?)Programm das gehört?

Vielen Dank schon mal!

Beste Grüße,

Tom
__________________

Alt 22.03.2012, 07:38   #4
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Zitat:
Zitat von Tomy Beitrag anzeigen
Zwei Fragen habe ich noch:
1) Wie siehts denn mit meinem Vorschlag bzgl. der Dropbox aus? Meinungen dazu?
lies genau durch, dann weißt die "logische Antwort" darauf:
Zitat:
Fazit: Dropbox ist durch seine Technik und hervorragende Bedienbarkeit ein ideales Tool zur Synchronisation von Daten mehrerer PCs oder zum Austausch mit Anderen. Der Zugang per Webseite setzt dem Tool das Sahnehäubchen auf.
ich lasse meine Daten nie über Netz und "fremde Anbietern" sozusagen "frei" .."Daten an einen Server weitergeben"

Zitat:
Zitat von Tomy Beitrag anzeigen
2) Ich habe Malwarebytes Antimalware laufen. Seit Neuestem blockt dieses Programm ständig Skype. Ich kann zwar noch normal skpyen, aber es werden alle paar Minuten Verbindungen zu folgenden IPs gestoppt:
77.74.36.72 (Type: incoming, Port: 13214, Process: skype.exe)
213.163.64.33 (Type: incoming, Port: 13214, Process: skype.exe)

Weiß jemand zu welchem (Schad-?)Programm das gehört?
entweder setz dein System sofort neu auf, oder sorge dafür (es kostet wiederum Zeit!), das mit unserer Hilfe es v. Schädlinge befreit wird!
Tagelange hin & her schreiben hier hilft nicht wirklich! Ohne Diagnose und Details, was genau bei Dir läuft, kann Dir keiner sagen was da los ist

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 22.03.2012, 09:34   #5
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Moin Kira!

Danke für die Hinweise. Hier die beiden Logfiles:

OTL Log File: OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22/03/2012 09:24:33 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.28% Memory free
7.80 Gb Paging File | 5.57 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 51.93 Gb Free Space | 22.97% Space Free | Partition Type: NTFS
 
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tommii\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ATService) -- C:\Windows\SysNative\AtService.exe (AuthenTec, Inc.)
SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe ()
SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe ()
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (dlbc_device) -- C:\Windows\SysNative\dlbccoms.exe ( )
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06020000}_0) -- c:\program files\pc-doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (pflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.irinnews.org/|hxxp://www.francksen.com/aktuelles.htm|hxxp://www.nachdenkseiten.de/| hxxp://www.handelsblatt.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.12
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/17 10:25:23 | 000,000,000 | ---D | M]
 
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions
[2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml
[2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5
[2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien
[2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America
[2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2
[2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1
[2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C
[2012/02/21 12:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Cam-Pix
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/22 08:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 00:36:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 15:03:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 15:03:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 15:02:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/21 15:01:01 | 005,158,052 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/21 15:01:01 | 005,109,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/21 15:01:01 | 002,239,042 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/21 15:01:01 | 002,214,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/21 15:01:01 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/21 14:54:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 14:54:22 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll
[2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm
[2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll

< End of report >
         
--- --- ---
[/code]
OTL Extras-Logfile
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22/03/2012 09:24:33 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.28% Memory free
7.80 Gb Paging File | 5.57 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 51.93 Gb Free Space | 22.97% Space Free | Partition Type: NTFS
 
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dell Photo Printer 720" = Dell Photo Printer 720
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.5.1
"Font Creator Program_is1" = Font Creator Program 3.1.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Kali II" = Kali II
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mendeley Desktop" = Mendeley Desktop 0.9.8.2
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.10.2092" = Opera 11.10
"Oxygen Phone Manager II for Nokia phones (Trial)" = Oxygen Phone Manager II for Nokia phones (Trial)
"RA+ V3.03_is1" = FullRA Plus V3.03
"Rapport_msi" = Rapport
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ResNet Wireless Setup" = ResNet Wireless Setup
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.9
"WOLAPI" = Westwood Shared Internet Components
"Wooldridge data_is1" = Wooldridge data (4e)
"XMedia Recode" = XMedia Recode 2.1.4.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/03/2011 03:54:38 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5585
 
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6583
 
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6583
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7582
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7582
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
 
[ Media Center Events ]
Error - 20/02/2010 22:34:54 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 03:34:54 - Fehler beim Herstellen der Internetverbindung.  03:34:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20/02/2010 23:39:29 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 04:39:29 - Fehler beim Herstellen der Internetverbindung.  04:39:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31/03/2010 13:27:40 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 19:27:40 - Fehler beim Herstellen der Internetverbindung.  19:27:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 05:11:41 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:11:41 - Fehler beim Herstellen der Internetverbindung.  11:11:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 06:11:46 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 12:11:46 - Fehler beim Herstellen der Internetverbindung.  12:11:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 07:11:51 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 13:11:51 - Fehler beim Herstellen der Internetverbindung.  13:11:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07/05/2010 10:44:11 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:44:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 28/06/2010 05:47:01 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:47:01 - Fehler beim Herstellen der Internetverbindung.  11:47:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28/06/2010 09:36:50 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 15:36:50 - Fehler beim Herstellen der Internetverbindung.  15:36:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28/06/2010 10:36:56 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:36:55 - Fehler beim Herstellen der Internetverbindung.  16:36:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 10/06/2010 04:46:46 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2438
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 04/10/2010 07:17:38 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21/12/2010 07:15:13 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19/03/2011 06:56:06 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28/03/2011 03:58:32 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18/05/2011 09:17:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11/08/2011 18:54:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20/03/2012 15:30:46 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 20/03/2012 15:32:21 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description = 
 
Error - 20/03/2012 18:47:13 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen 
Status gemeldet: 0
 
Error - 21/03/2012 04:23:56 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21/03/2012 04:24:14 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 21/03/2012 04:25:29 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description = 
 
Error - 21/03/2012 09:01:43 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen 
Status gemeldet: 0
 
Error - 21/03/2012 09:54:23 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21/03/2012 09:54:34 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 21/03/2012 09:55:53 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

Installierte Programme:
Code:
ATTFilter
 7-Zip 9.20 (x64 edition)	Igor Pavlov	10/05/2011	4.53MB	9.20.00.0
Adobe AIR	Adobe Systems Incorporated	31/05/2011		2.6.0.19140
Adobe Community Help	Adobe Systems Incorporated.	11/03/2012		3.4.980
Adobe Download Assistant	Adobe Systems Incorporated	11/03/2012		1.0.6
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	22/08/2011	6.00MB	10.3.183.5
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	01/02/2012	6.00MB	11.1.102.55
Adobe Flash Professional CS5.5	Adobe Systems Incorporated	11/03/2012	2,086MB	11.5
Adobe Premiere Pro	Adobe Systems, Inc.	20/12/2009		7.0
Adobe Reader 9.4.6 - Deutsch	Adobe Systems Incorporated	24/09/2011	218MB	9.4.6
Anzeige am Bildschirm		13/01/2010		5.32.00
Apple Application Support	Apple Inc.	01/12/2010	52.8MB	1.4.1
Apple Mobile Device Support	Apple Inc.	01/12/2010	22.3MB	3.3.0.69
Apple Software Update	Apple Inc.	09/11/2009	2.16MB	2.1.1.116
Audacity 1.3.12 (Unicode)	Audacity Team	16/05/2011	32.6MB	
Avira Free Antivirus	Avira	19/02/2012	104.9MB	12.0.0.898
Bonjour	Apple Inc.	01/12/2010	1.15MB	2.0.4.0
CCleaner	Piriform	21/03/2012		3.16
Conexant 20561 SmartAudio HD	Conexant	03/11/2009		4.92.10.0
ConvertHelper 2.2	DownloadHelper	03/03/2010		
Dell Photo Printer 720	Dell, Inc.	07/11/2009		
DivX Codec	DivX, Inc.	05/02/2010		6.9.1
DivX Converter	DivX, Inc.	05/02/2010		7.1.0
DivX Player	DivX, Inc.	05/02/2010		7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	05/02/2010		
DivX Plus Web Player	DivX,Inc.	05/02/2010		2.0.0
Dropbox	Dropbox, Inc.	22/02/2012		1.2.52
DVD Shrink 3.2 deutsch (DeCSS-frei)	DVD Shrink	12/02/2010		
EndNote X3	Thomson Reuters	26/05/2010	52.0MB	13.0.1.4261
ffdshow [rev 3154] [2009-12-09]		01/06/2010	16.6MB	1.0
FileZilla Client 3.5.1	FileZilla Project	30/09/2011	16.6MB	3.5.1
Font Creator Program 3.1.3		24/05/2011		
FreePDF (Remove only)		16/11/2009		
FullRA Plus V3.03	N3tRunn3r	29/12/2010		Plus
Google Earth	Google	19/01/2012	92.7MB	6.1.0.5001
GPL Ghostscript 8.70		16/11/2009		
Integrated Camera	Sonix	04/11/2009		5.8.53003.0
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	05/07/2011	54.3MB	8.15.10.1872
Intel(R) Management Engine Interface	Intel Corporation	04/11/2009		
Intel(R) PROSet/Wireless WiFi Software	Intel Corporation	04/11/2009	88.5MB	13.00.0000
iTunes	Apple Inc.	16/01/2011	145.7MB	10.1.1.4
Japanese Fonts Support For Adobe Reader 9	Adobe Systems Incorporated	12/03/2011	16.5MB	9.0.0
Java(TM) 6 Update 22	Oracle	18/10/2011	97.1MB	6.0.220
Java(TM) 6 Update 26	Sun Microsystems, Inc.	04/11/2009	97.7MB	6.0.260
K-Lite Codec Pack 5.9.0 (Full)		04/05/2010	2.40MB	5.9.0
Kali II		29/12/2010		
Lenovo Fingerprint Software	AuthenTec, Inc.	04/11/2009	33.0MB	3.3.0.56
Lenovo System Interface Driver		04/11/2009		1.01
Lenovo ThinkVantage Toolbox	PC-Doctor, Inc.	27/05/2010		6.0.5514.55
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	14/03/2012	17.4MB	1.60.1.1000
Mendeley Desktop 0.9.8.2	Mendeley Ltd.	23/03/2011		0.9.8.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18/11/2010	38.8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	18/11/2010	2.94MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	16/09/2011	7.95MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	27/05/2010	0.50MB	2.0.4024.1
Microsoft Office Ultimate 2007	Microsoft Corporation	09/02/2012		12.0.6612.1000
Microsoft Silverlight	Microsoft Corporation	19/02/2012	220MB	4.1.10111.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	28/11/2009	0.25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28/11/2009	0.25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15/06/2011	0.29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	04/11/2009	0.82MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	14/04/2011	0.57MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	13/01/2010	0.21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28/11/2009	0.20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	14/04/2011	0.77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	14/04/2011	0.58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	13/01/2010	0.77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	18/10/2011	0.23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15/06/2011	0.77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	03/11/2009	0.58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03/11/2010	0.58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15/06/2011	0.59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	19/10/2011	16.5MB	10.0.40219
MiKTeX 2.8	MiKTeX.org	15/04/2011		2.8
Mozilla Firefox 7.0 (x86 de)	Mozilla	27/09/2011	35.3MB	7.0
Mozilla Thunderbird 10.0.2 (x86 en-US)	Mozilla	21/02/2012	39.6MB	10.0.2
mp3-2-wav converter 1.14		05/06/2011		
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14/02/2010	1.28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	14/02/2010	1.33MB	4.20.9876.0
Nokia Connectivity Cable Driver	Nokia	19/04/2011	3.85MB	7.1.36.0
Nokia PC Suite	Nokia	19/04/2011		7.1.60.0
OpenOffice.org 3.3	OpenOffice.org	18/10/2011	415MB	3.3.9567
Opera 11.10	Opera Software ASA	26/04/2011		11.10.2092
Oxygen Phone Manager II for Nokia phones (Trial)	Oxygen Software	29/12/2010		
PASW Statistics 18	SPSS Inc.	20/05/2010	592MB	18.0.0
PC Connectivity Solution	Nokia	26/12/2010	19.8MB	10.50.2.0
QuickTime	Apple Inc.	16/01/2011	73.7MB	7.69.80.9
Rapport	Trusteer	02/05/2011		3.5.1008.42
RedMon - Redirection Port Monitor		16/11/2009		
ResearchSoft Direct Export Helper		26/05/2010		
ResNet Wireless Setup		22/10/2010		
RICOH R5U8xx Media Driver ver.3.62.02	RICOH	04/11/2009		3.62.02
Shrew Soft VPN Client		10/11/2009		
Skype Click to Call	Skype Technologies S.A.	19/03/2012	12.5MB	5.9.9216
Skype™ 5.8	Skype Technologies S.A.	19/03/2012	19.0MB	5.8.158
Snagit 10	TechSmith Corporation	16/05/2011	68.7MB	10.0.0
System Update	Lenovo	07/07/2011	11.8MB	4.00.0048
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	15/04/2011		Version 1.0 Stable RC1
ThinkPad FullScreen Magnifier		13/01/2010		2.10
ThinkPad Modem Adapter	Conexant Systems	04/11/2009		7.80.5.0
ThinkPad Power Management Driver		04/11/2009		1.55
ThinkPad Power Manager		04/11/2009		3.05
ThinkPad UltraNav Driver	ALPS ELECTRIC CO., LTD.	12/01/2010		7.202.1616.206
ThinkVantage Active Protection System	Lenovo	04/11/2009	15.6MB	1.70
ThinkVantage Fingerprint Software 5.8	UPEK Inc.	19/10/2010	68.2MB	5.8.2.4462
ThinkVantage System Update		08/07/2011		
Unlocker 1.9.1	Cedrick Collomb	14/03/2012		1.9.1
VLC media player 1.1.9	VideoLAN	06/05/2011		1.1.9
Westwood Shared Internet Components		29/12/2010		
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	27/05/2010	10.0MB	6.500.3165.0
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56)	AuthenTec Inc.	04/11/2009		07/07/2009 8.1.2.56
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)	Nokia	19/04/2011		06/09/2010 7.01.0.8
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)	Nokia	19/04/2011		10/07/2010 4.6
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	26/12/2010		08/22/2008 7.0.0.0
Wooldridge data (4e)		07/11/2009		
XMedia Recode 2.1.4.8	Sebastian Dörfler	20/12/2009		2.1.4.8
         
Danke für den Hinweis mit der Dropbox. Ich habe meine Frage aber vielleicht nicht ganz klar formuliert: Mir geht es nicht darum, ob meine Daten "frei" gelassen, also von anderen Leuten einsehbar sind (ich glaube darauf spieltest Du an), sondern ob es Virensicher ist, d.h. ein geeigneter Ort für ein Back Up, der "sicheren", von Dir oben benannten Dateitypen. (also avi oder jpg oder so).

Ich bin gerade schockiert, dass .doc und .pdf auch als "ausführbare" Dateien gelten..was mach ich denn nun, das sind ja die wirklich wichtigen Sachen!


Alt 22.03.2012, 10:29   #6
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://www.irinnews.org/|http://www.francksen.com/aktuelles.htm|http://www.nachdenkseiten.de/| http://www.handelsblatt.com/"
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell - "" = AutoRun
O33 - MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
[2012/03/22 08:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 00:36:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 15:02:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
deinstalliere:
Zitat:
Java(TM) 6 Update 26
4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________
--> Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst

Alt 22.03.2012, 10:49   #7
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Hier schon mal die Logfile von dem Fix.
Ich arbeite schon mal die anderen Punkte ab.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.irinnews.org/|hxxp://www.francksen.com/aktuelles.htm|hxxp://www.nachdenkseiten.de/| hxxp://www.handelsblatt.com/" removed from browser.startup.homepage
Prefs.js: search@searchsettings.com:1.2.2 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309001-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309001-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309001-f3db-11e0-9089-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309017-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34309017-f3db-11e0-9089-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34309017-f3db-11e0-9089-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989bec-f3de-11e0-90bd-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44989c33-f3de-11e0-90bd-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d99bfa1-dd35-11e0-bcc0-00226815042a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb06f52-f92e-11de-8fe0-00226815042a}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tommii\Desktop\cmd.bat deleted successfully.
C:\Users\Tommii\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: blubb
->Temp folder emptied: 967921 bytes
->Temporary Internet Files folder emptied: 1054608 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44162779 bytes
->Flash cache emptied: 57111 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 70406 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Public
 
User: Tommii
->Temp folder emptied: 226062769 bytes
->Temporary Internet Files folder emptied: 49310196 bytes
->Java cache emptied: 30763735 bytes
->FireFox cache emptied: 228347161 bytes
->Opera cache emptied: 13684730 bytes
->Flash cache emptied: 84215 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 309226447 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 3971594196 bytes
 
Total Files Cleaned = 4,650.00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_103829

Files\Folders moved on Reboot...
C:\Users\Tommii\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Update: SuperAntiSpyware sucht seit 30 min, bisher nur cookies gefunden (die tun ja nix, oder?)

LogFile SuperAntiSpyWare

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/22/2012 at 01:58 PM

Application Version : 5.0.1146

Core Rules Database Version : 8365
Trace Rules Database Version: 6177

Scan type       : Complete Scan
Total Scan Time : 02:43:06

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 674
Memory threats detected   : 0
Registry items scanned    : 67738
Registry threats detected : 0
File items scanned        : 125533
File threats detected     : 112

Adware.Tracking Cookie
	bc.youporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
	macromedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
	media.mtvnservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
	static.youporn.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4H976EAZ ]
	.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	media.mtvnservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.microsoftwindows.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	www.burstnet.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adserver.adtechus.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.bluestreak.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.dynamic.media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	adserver.nordprovider.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.ehg-upcchellomedia.hitbox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	adsrv1.admediate.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.dynamic.media.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	.adrevolver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y4XDUETU.DEFAULT\COOKIES.SQLITE ]
	C:\DOKUMENTE UND EINSTELLUNGEN\TOMMII\COOKIES\TOMMII@2O7[2].TXT [ /2O7 ]

Heur.Agent/Gen-FakeSkype
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000310.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000317.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000318.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000330.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000331.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000353.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000357.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000361.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000362.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000366.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000462.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000465.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000466.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000470.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000471.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000479.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000481.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000483.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000484.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C31C0B8-4889-4F0D-A176-987083F30CE1}\RP1\A0000486.DLL

Trojan.Agent/Gen-Autorun[Swisyn]
	ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-KEYHOSTS.AUTO.UPDATE.EXE
	C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP
	ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-Q3ARENA KEY SERVER.EXE

Trojan.Agent/Gen-Krpytik
	ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP )/INF_THPS3_NOCD.EXE
	C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP
         
Log des ESET Onlinescanners:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7a1bb7f390b3f9418638373b2f3b7045
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 06:44:36
# local_time=2012-03-22 07:44:36 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13506246 13506246 0 0
# compatibility_mode=3073 16777214 0 7 22273260 22273260 0 0
# compatibility_mode=5893 16776573 100 94 21758 84057311 0 0
# compatibility_mode=8192 67108863 100 0 4722 4722 0 0
# scanned=326624
# found=5
# cleaned=5
# scan_time=14415
C:\Dokumente und Einstellungen\Tommii\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KFPHOURH\pdfforgeToolbar[1].msi	probably a variant of Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\blubb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\blubb\Desktop\QuickStores.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\blubb\Downloads\Unlocker1.9.1.exe	Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C
         
Avira Antivir und Malwarebytes Antimalware habe ich wieder aktiviert.

Jetzt läuft OTL.

Hier das Log von OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22/03/2012 19:56:57 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.55% Memory free
7.80 Gb Paging File | 5.82 Gb Available in Paging File | 74.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 57.98 Gb Free Space | 25.64% Space Free | Partition Type: NTFS
 
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 05:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/09/05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009/05/21 12:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/03/13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/23 05:44:20 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/10/15 15:50:08 | 002,505,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService)
SRV:64bit: - [2009/10/15 15:50:00 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2009/10/15 15:49:54 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2009/10/01 06:00:50 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/08/24 13:43:54 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/12 23:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/07/12 23:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009/06/29 13:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2007/02/07 16:27:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbccoms.exe -- (dlbc_device)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 13:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 12:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/20 22:21:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/04/28 13:34:54 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/30 13:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 13:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV:64bit: - [2010/03/10 07:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/01/14 08:48:14 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/11/24 11:46:18 | 000,180,784 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/23 07:32:22 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/09 03:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/09/01 01:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/08/24 13:43:54 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 13:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 13:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/06/11 17:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (pflt)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/24 18:08:06 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2008/05/12 18:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/04/28 13:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 13:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/09/08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/22 11:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
 
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions
[2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml
[2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/22 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/22 15:25:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe
[2012/03/22 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/22 11:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/22 11:12:18 | 015,495,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe
[2012/03/22 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/22 10:59:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/22 10:54:47 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/22 10:54:47 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/22 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/22 10:53:10 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe
[2012/03/22 10:52:54 | 017,255,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe
[2012/03/22 10:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/22 10:38:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5
[2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien
[2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America
[2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2
[2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1
[2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/22 15:25:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe
[2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 15:14:55 | 005,215,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/22 15:14:55 | 005,167,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/22 15:14:55 | 002,266,060 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/22 15:14:55 | 002,241,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/22 15:14:55 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/22 15:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/22 15:07:16 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 11:13:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/22 11:12:30 | 015,495,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe
[2012/03/22 11:06:44 | 000,066,822 | ---- | M] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg
[2012/03/22 10:59:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/22 10:59:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/22 10:54:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/22 10:54:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/22 10:53:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe
[2012/03/22 10:53:00 | 017,255,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe
[2012/03/22 10:51:30 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll
[2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012/03/22 11:13:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/22 11:06:40 | 000,066,822 | ---- | C] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg
[2012/03/22 10:51:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/22 10:51:30 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm
[2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
 
========== LOP Check ==========
 
[2011/05/17 08:28:15 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Audacity
[2010/07/28 07:54:35 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\BitComet
[2009/11/05 09:46:39 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\CachedFiles
[2012/03/12 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/01 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/14 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\DeepBurner
[2012/03/22 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Dropbox
[2010/06/01 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\EndNote
[2011/10/02 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\FileZilla
[2010/09/07 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Geuh
[2010/08/21 12:10:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\GrabPro
[2009/11/11 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gretl
[2009/11/08 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gtk-2.0
[2010/08/27 23:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Kyfere
[2011/07/27 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Nokia
[2009/11/05 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\OpenOffice.org
[2011/07/04 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Opera
[2010/10/13 23:06:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Orbit
[2011/04/20 22:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\PC Suite
[2010/08/21 12:12:31 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\ProgSense
[2010/05/26 11:22:45 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Stata10
[2010/09/01 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Thunderbird
[2010/12/06 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Trusteer
[2010/05/28 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Update
[2012/01/31 16:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/13 20:41:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 23.03.2012, 03:36   #8
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Hier das Log von OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22/03/2012 19:56:57 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.55% Memory free
7.80 Gb Paging File | 5.82 Gb Available in Paging File | 74.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 57.98 Gb Free Space | 25.64% Space Free | Partition Type: NTFS
 
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 05:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/09/05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009/05/21 12:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/03/13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/23 05:44:20 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/10/15 15:50:08 | 002,505,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\AtService.exe -- (ATService)
SRV:64bit: - [2009/10/15 15:50:00 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)
SRV:64bit: - [2009/10/15 15:49:54 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)
SRV:64bit: - [2009/10/01 06:00:50 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/08/24 13:43:54 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/12 23:55:02 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/07/12 23:51:08 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009/06/29 13:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2007/02/07 16:27:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbccoms.exe -- (dlbc_device)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 13:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/18 13:01:04 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/09 03:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 12:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 12:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/20 22:21:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/04/28 13:34:54 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/30 13:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 13:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV:64bit: - [2010/03/10 07:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/01/14 08:48:14 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/11/24 11:46:18 | 000,180,784 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/23 07:32:22 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/09 03:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/09/01 01:44:16 | 000,551,936 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/08/24 13:43:54 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/29 13:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 13:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/06/11 17:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009/01/16 08:58:26 | 000,020,480 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (pflt)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/24 18:08:06 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2008/05/12 18:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/04/28 13:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 13:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/09/08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 DA 3C 76 21 FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/28 16:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/03/22 11:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/22 14:44:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/22 10:51:30 | 000,000,000 | ---D | M]
 
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions
[2010/09/01 19:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions
[2012/01/21 00:17:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/21 08:19:36 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zotero@chnm.gmu.edu
[2012/03/18 00:56:32 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Tommii\AppData\Roaming\mozilla\Firefox\Profiles\hzijvcs8.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/03/20 20:35:32 | 000,002,289 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Mozilla\Firefox\Profiles\hzijvcs8.default\searchplugins\ecosia.xml
[2012/03/20 21:16:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\TOMMII\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZIJVCS8.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommii\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC40725-8CE4-4114-8AB2-276656980B2A}: NameServer = 134.76.10.46,134.76.33.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3432677A-A678-4F53-9EB3-4E4075328A6D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D1B6-4D56-42B6-ABBE-B569D5062C75}: NameServer = 134.76.10.46,134.76.33.21
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 08:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/22 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/22 15:25:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe
[2012/03/22 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/22 11:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/22 11:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/22 11:12:18 | 015,495,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe
[2012/03/22 10:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/22 10:59:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/22 10:59:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/22 10:54:47 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/22 10:54:47 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/22 10:54:47 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/22 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/22 10:53:10 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe
[2012/03/22 10:52:54 | 017,255,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe
[2012/03/22 10:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/22 10:38:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/22 09:25:42 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/15 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/03/15 00:37:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 00:37:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 00:37:41 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 09:59:51 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 09:59:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 09:59:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 09:59:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 09:59:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 09:59:22 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/12 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/12 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/03/12 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/03/12 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5
[2012/03/12 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/03/02 11:51:20 | 000,000,000 | R--D | C] -- C:\Users\Tommii\Desktop\Materialien Attacademien
[2012/03/01 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Captain America
[2012/03/01 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part2
[2012/03/01 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\Harry Potter and Deathly Hallows - Part1
[2012/02/27 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Tommii\Desktop\C
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/22 15:25:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommii\Desktop\esetsmartinstaller_enu.exe
[2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 15:16:09 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 15:14:55 | 005,215,814 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/22 15:14:55 | 005,167,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/22 15:14:55 | 002,266,060 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/22 15:14:55 | 002,241,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/22 15:14:55 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/22 15:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/22 15:07:16 | 3139,461,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 11:13:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/22 11:12:30 | 015,495,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tommii\Desktop\SUPERAntiSpyware.exe
[2012/03/22 11:06:44 | 000,066,822 | ---- | M] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg
[2012/03/22 10:59:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/22 10:59:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/22 10:59:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/22 10:54:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/22 10:54:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/22 10:54:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/22 10:53:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-i586-s.exe
[2012/03/22 10:53:00 | 017,255,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tommii\Desktop\jre-6u31-windows-x64.exe
[2012/03/22 10:51:30 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/22 09:27:04 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/22 09:25:54 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Tommii\Desktop\ccsetup316.exe
[2012/03/22 09:23:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tommii\Desktop\OTL.exe
[2012/03/21 10:34:15 | 000,464,252 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | M] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | M] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:05 | 000,883,840 | ---- | M] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:43 | 000,050,477 | ---- | M] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | M] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:16 | 000,291,800 | ---- | M] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | M] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/15 09:52:31 | 000,448,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 23:16:32 | 000,007,613 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 23:09:52 | 000,006,582 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 23:07:06 | 000,006,583 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 23:07:06 | 000,002,140 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | M] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:35:16 | 000,000,152 | ---- | M] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 15:08:25 | 000,001,148 | ---- | M] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/09 18:45:40 | 041,836,042 | ---- | M] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/29 11:06:08 | 000,003,584 | ---- | M] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | M] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:24:42 | 000,672,256 | ---- | M] () -- C:\Lame_enc.dll
[2012/02/27 21:20:46 | 000,000,580 | ---- | M] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:22:31 | 217,777,963 | ---- | M] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2012/02/23 23:48:39 | 000,000,969 | ---- | M] () -- C:\Users\Tommii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012/03/22 11:13:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/22 11:06:40 | 000,066,822 | ---- | C] () -- C:\Users\Tommii\Desktop\cc_20120322_110631.reg
[2012/03/22 10:51:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/22 10:51:30 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/22 09:27:04 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/21 10:34:15 | 000,464,252 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009a - Trade Revealed TFP.pdf
[2012/03/21 10:28:02 | 000,288,075 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2009 - Trade Revealed TFP.pdf
[2012/03/20 22:40:33 | 000,136,045 | ---- | C] () -- C:\Users\Tommii\Desktop\ciudad_track.png
[2012/03/19 15:52:46 | 000,002,036 | ---- | C] () -- C:\Users\Tommii\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012/03/19 15:52:46 | 000,001,965 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira DE-Cleaner.lnk
[2012/03/19 15:48:01 | 000,883,840 | ---- | C] () -- C:\Users\Tommii\Desktop\Avira-DE-Cleaner.exe
[2012/03/18 13:46:41 | 000,050,477 | ---- | C] () -- C:\Users\Tommii\Desktop\Defogger.exe
[2012/03/17 18:22:27 | 000,303,030 | ---- | C] () -- C:\Users\Tommii\Desktop\Rodrik et al - 2005 - Growth Diagnostics.pdf
[2012/03/16 08:58:14 | 000,291,800 | ---- | C] () -- C:\Users\Tommii\Desktop\Finicelli et al - 2007 - Trade Revealed TFP.pdf
[2012/03/16 08:46:52 | 000,306,811 | ---- | C] () -- C:\Users\Tommii\Desktop\Eaton and Kortum - 2002 - Technology, Geography and Trade.pdf
[2012/03/15 16:27:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/12 23:07:06 | 000,002,140 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.html
[2012/03/12 21:51:10 | 004,212,230 | ---- | C] () -- C:\Users\Tommii\Desktop\Action Script 2.0 Anleitung.pdf
[2012/03/12 21:47:25 | 000,006,582 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator_Szene 1.swf
[2012/03/12 21:17:50 | 000,000,152 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swd
[2012/03/12 20:53:41 | 000,006,583 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.swf
[2012/03/12 15:46:27 | 000,007,613 | ---- | C] () -- C:\Users\Tommii\Desktop\Stata-Code-Generator.fla
[2012/03/12 15:41:28 | 000,001,148 | ---- | C] () -- C:\Users\Tommii\Desktop\Adobe Flash Professional CS5.5.lnk
[2012/03/12 14:57:57 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/29 11:06:02 | 000,003,584 | ---- | C] () -- C:\Users\Tommii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 09:28:06 | 000,001,173 | ---- | C] () -- C:\Users\Tommii\Desktop\Indonesisch-MP3s - Verknüpfung.lnk
[2012/02/27 21:29:13 | 041,836,042 | ---- | C] () -- C:\Users\Tommii\Documents\Recording.mp3
[2012/02/27 21:20:46 | 000,000,580 | ---- | C] () -- C:\Users\Tommii\Desktop\mp3DirectCut.lnk
[2012/02/25 01:20:39 | 217,777,963 | ---- | C] () -- C:\Users\Tommii\Desktop\Die Biosprit-Lüge - Doku komplett.mp4
[2011/10/25 16:20:59 | 000,004,096 | -H-- | C] () -- C:\Users\Tommii\AppData\Local\keyfile3.drm
[2010/12/30 23:52:24 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/21 14:28:07 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2010/06/02 21:13:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/21 09:35:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/05/21 09:35:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
 
========== LOP Check ==========
 
[2011/05/17 08:28:15 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Audacity
[2010/07/28 07:54:35 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\BitComet
[2009/11/05 09:46:39 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\CachedFiles
[2012/03/12 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/01 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/14 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\DeepBurner
[2012/03/22 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Dropbox
[2010/06/01 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\EndNote
[2011/10/02 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\FileZilla
[2010/09/07 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Geuh
[2010/08/21 12:10:36 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\GrabPro
[2009/11/11 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gretl
[2009/11/08 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\gtk-2.0
[2010/08/27 23:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Kyfere
[2011/07/27 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Nokia
[2009/11/05 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\OpenOffice.org
[2011/07/04 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Opera
[2010/10/13 23:06:34 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Orbit
[2011/04/20 22:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\PC Suite
[2010/08/21 12:12:31 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\ProgSense
[2010/05/26 11:22:45 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Stata10
[2010/09/01 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Thunderbird
[2010/12/06 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Trusteer
[2010/05/28 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tommii\AppData\Roaming\Update
[2012/01/31 16:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/13 20:41:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Damn, habe gerade festgestellt, dass ich bei Extra Registry nur "None" angeklickt hatte, deshalb nur eine Log File.Jetzt läufts nochmal.

Wie siehts denn aus? Habe heute praktisch den ganzen Tag die ganzen schritte ausgeführt. Was sagen die ganzen Log-Files??

LG

Tom

Alt 23.03.2012, 07:39   #9
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Vielleicht kannst Du dich ja noch etwas genauer dazu äußern:

Zitat:
Trojan.Agent/Gen-Autorun[Swisyn]
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-KEYHOSTS.AUTO.UPDATE.EXE
C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\Q3ACRK\Q3AKG.ZIP )/TNT-Q3ARENA KEY SERVER.EXE

Trojan.Agent/Gen-Krpytik
ZIP ARCHIVE( C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP )/INF_THPS3_NOCD.EXE
C:\USERS\TOMMII\VOM ALTEN PC\DATES\SPIELE-ZUBEHöR\CRACKS\TONY 3 NO-CD.ZIP
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 23.03.2012, 10:48   #10
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Moin!
Danke zunächst für die flotte Reaktion!

Erst mal hier noch die eine fehlende LogFile:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23/03/2012 03:37:28 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Tommii\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.90 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.19% Memory free
7.80 Gb Paging File | 5.72 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.11 Gb Total Space | 57.84 Gb Free Space | 25.58% Space Free | Partition Type: NTFS
 
Computer Name: TOMMII666 | User Name: Tommii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dell Photo Printer 720" = Dell Photo Printer 720
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.5.1
"Font Creator Program_is1" = Font Creator Program 3.1.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Kali II" = Kali II
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.10.2092" = Opera 11.10
"Oxygen Phone Manager II for Nokia phones (Trial)" = Oxygen Phone Manager II for Nokia phones (Trial)
"RA+ V3.03_is1" = FullRA Plus V3.03
"Rapport_msi" = Rapport
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ResNet Wireless Setup" = ResNet Wireless Setup
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.9
"WOLAPI" = Westwood Shared Internet Components
"Wooldridge data_is1" = Wooldridge data (4e)
"XMedia Recode" = XMedia Recode 2.1.4.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6583
 
Error - 10/03/2011 03:54:39 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6583
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7582
 
Error - 10/03/2011 03:54:40 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7582
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
 
Error - 10/03/2011 03:54:41 | Computer Name = Tommii666 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
 
Error - 10/03/2011 12:38:27 | Computer Name = Tommii666 | Source = RasClient | ID = 20227
Description = 
 
[ Media Center Events ]
Error - 20/02/2010 22:34:54 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 03:34:54 - Fehler beim Herstellen der Internetverbindung.  03:34:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20/02/2010 23:39:29 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 04:39:29 - Fehler beim Herstellen der Internetverbindung.  04:39:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31/03/2010 13:27:40 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 19:27:40 - Fehler beim Herstellen der Internetverbindung.  19:27:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 05:11:41 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:11:41 - Fehler beim Herstellen der Internetverbindung.  11:11:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 06:11:46 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 12:11:46 - Fehler beim Herstellen der Internetverbindung.  12:11:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02/04/2010 07:11:51 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 13:11:51 - Fehler beim Herstellen der Internetverbindung.  13:11:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07/05/2010 10:44:11 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:44:11 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 28/06/2010 05:47:01 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 11:47:01 - Fehler beim Herstellen der Internetverbindung.  11:47:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28/06/2010 09:36:50 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 15:36:50 - Fehler beim Herstellen der Internetverbindung.  15:36:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28/06/2010 10:36:56 | Computer Name = Tommii666 | Source = MCUpdate | ID = 0
Description = 16:36:55 - Fehler beim Herstellen der Internetverbindung.  16:36:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 10/06/2010 04:46:46 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2438
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 04/10/2010 07:17:38 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21/12/2010 07:15:13 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19/03/2011 06:56:06 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28/03/2011 03:58:32 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18/05/2011 09:17:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11/08/2011 18:54:28 | Computer Name = Tommii666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22/03/2012 06:07:29 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen 
Status gemeldet: 0
 
Error - 22/03/2012 06:08:49 | Computer Name = Tommii666 | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 22/03/2012 06:08:49 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22/03/2012 06:09:10 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 22/03/2012 06:10:25 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description = 
 
Error - 22/03/2012 10:06:22 | Computer Name = Tommii666 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen 
Status gemeldet: 0
 
Error - 22/03/2012 10:07:16 | Computer Name = Tommii666 | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 22/03/2012 10:07:16 | Computer Name = Tommii666 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22/03/2012 10:07:29 | Computer Name = Tommii666 | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
 nicht als  Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser  Konfiguration
 nicht gestartet zu sein.
 
Error - 22/03/2012 10:08:53 | Computer Name = Tommii666 | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


Was meinst Du mit "genauer äußern"?
Ich glaube das sind Programme, mit denen sich Spiele auch ohne CD starten lassen oder so was. Falls ich die überhaupt mal benutzt habe (bin gerade nicht sicher) ist das schon Jahre her..auf diesem System mit Sicherheit noch nicht.

Sonst: Was meinst Du zu den ganzen LogFiles, etc? Ist mein System total durch und durch verseucht, oder kann ich beispielsweise Anwendungen wie Skype, (oder auch Onlinebanking) wieder ausführen ohne mir Sorgen zu machen?

LG

Tomy

Ach ja, soll ich die zitierten Dateien löschen?

Alt 24.03.2012, 07:45   #11
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Zitat:
Zitat von Tomy Beitrag anzeigen
Ich glaube das sind Programme, mit denen sich Spiele auch ohne CD starten lassen oder so was.
genauer gefragt, ob diese Spiele "illegalerweise" auf dein Rechner gelandet sind, oder nicht?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 24.03.2012, 11:05   #12
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Ich nehme mal an, dass "illegal" meint, dass das Programm da ist, ohne dass ich es gewollt hätte (nicht dass der Besitz gegen deutsche Gesetze verstößt)

Also: Ich habe die schon irgendwann mal selbst runtergeladen (oder von Freunden bekommen, keine Ahnung. Auf jeden Fall irgendwie beabsichtigt.)

Was sagen denn die ganzen anderen Log Files?

Schöne Grüße, und schon mal vielen Dank für die Hilfe bisher!!

Tom

Alt 25.03.2012, 07:16   #13
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Zitat:
Zitat von Tomy Beitrag anzeigen
Ich nehme mal an, dass "illegal" meint, dass das Programm da ist, ohne dass ich es gewollt hätte (nicht dass der Besitz gegen deutsche Gesetze verstößt)
Cracks & Keygens holt sich man absichtlich runter, oder ja eben von einem guten Freund geschenkt bekommt...
das Problem ist nur, dass wir "solche" Systeme bereinigen wir nicht, da
es sich um künstliche, also absichtlich herbeigeführte Probleme handelt! Außerdem nach deutschem Recht machst Du dich strafbar! Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:->Worauf musst Du während der Bereinigung achten?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 25.03.2012, 11:21   #14
Tomy
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Moin Kira!

Danke für das Feedback!

Ich wusste gar nicht, dass es illegal ist, wenn man solche Software verwendet, um seine (selbst gekauften!) Spiele eben ohne die nervige CD zu spielen. Aber wie auch immer, ich sagte ja bereits dass die Software nicht mit meinem aktuellen System auf den PC gekommen ist, sondern vom Vorgänger PC. D.h. Die Software wurde vor bestimmt 6-10 Jahren geladen. Sollte also gesetzlich nicht mehr relevant sein.

Den ersten Teil Deiner Argumentation kann ich leider nicht komplett nachvollziehen:

Zitat:
[...] weil ja [...] ein Angreifer erfolgreich in dein System eingedrungen ist.
Genau der Umgang mit diesen Art von Problemen ist doch der Sinn dieses Forums, oder?

Ich hatte ja in meinem ersten Posting geschrieben, dass mir klar ist, dass das System früher oder später neu aufgesetzt werden muss. Aber meine Frage bleibt bestehen:

Wie dringend ist dies denn nun?
Ist mein PC total infiziert?
Und was sagen die ganzen Logfiles aus die ich in 1.5 Tagen Arbeit erstellt habe?

Liebe Grüße,

Tomy

Alt 26.03.2012, 06:27   #15
kira
/// Helfer-Team
 
Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Standard

Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst



Diesem besagten Programm bitte restlos v. PC entfernen, ansonsten wird dein Rechner immer ein Risikofaktor sein. Ansonsten ich sehe nicht mehr verdächtiges

MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst
anti-malware, backup, backups, booten, brauche, bundeskriminalamt, dateien, dropbox, erstellt, frage, gelöscht, infiziert, leute, logfile, musik, neu, neuinstallation, pcs, pdf, problem, probleme, promo, schließen, system, system neu, systeme, trojaner, unbedingt, virus/trojaner, windows, überspielen



Ähnliche Themen: Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst


  1. Nach Hacker-Angriff: TalkTalk wird erpresst, Daten waren nicht verschlüsselt
    Nachrichten - 26.10.2015 (0)
  2. Seuche nach codec download auf Windows 7 PC / Acronis backup bricht ab
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (30)
  3. Nach Acronis True Image Backup Trojaner nicht entfernt!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (1)
  4. Kein RegBack Ordner für Registry Backup nach GVU Infektion
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  5. Probleme nach "Bundeskriminalamt-Trojaner"
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (25)
  6. Neuer GVU-Trojaner erpresst mit vermeintlicher Kinderpornografie
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (6)
  7. Computer gesperrt bei Netzverbindung 100EUR Paysafe
    Log-Analyse und Auswertung - 13.01.2013 (15)
  8. GVU Trojaner nach Backup
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  9. BKA Trojaner Aufforderung 100EUR zu beahlen
    Log-Analyse und Auswertung - 12.04.2012 (22)
  10. BKA/UCash-100EUR-Trojaner (htlm/fakealert AP)
    Log-Analyse und Auswertung - 06.04.2012 (13)
  11. Datenwiederherstellung mit System-Backup nach Virenbefall
    Alles rund um Windows - 13.03.2012 (3)
  12. Bot erpresst Facebook-Nutzer
    Nachrichten - 19.01.2012 (0)
  13. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  14. Trojaner auch nach Backup?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (2)
  15. Trojanerfund nach Backup der Systemplatte
    Plagegeister aller Art und deren Bekämpfung - 15.06.2009 (1)
  16. Backup nach Virus
    Mülltonne - 20.11.2008 (0)
  17. Trojaner nach formatieren (durch Backup)
    Plagegeister aller Art und deren Bekämpfung - 17.05.2008 (2)

Zum Thema Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst - Moin Leute! Ich heißte Tom, und bin neu hier. Ich hatte neulich das Problem mit dem Trojaner, der vorgibt vom Bundeskriminalamt zu sein und 100€ fordert, um den PC zu - Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst...
Archiv
Du betrachtest: Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.