| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2012, 10:21
| #1 |
| |  Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien Leider habe ich von Flirtfever eine Mail mit einer Mahnung bekommen. Echt blöd so etwas aufzumachen. Nun ist passiert. Ich betreibe auf dem Rechner Norton Antivirus, welcher das auch wohl bemerkt hat aber der Trojaner war schneller. Ich habe den Rechner mit Norten gescannt und die entsprechenden Funde in Qarantäne gepackt. Viele Dateien (eigene Bilder Gott sei Dank nicht) wurden zu Dateien mit wild klingenden Namen ijfiouhf<dhkfl usw. geändert. Der Inhalt ist bis auf bei einigen Fotos nicht zu öffnen, bzw. muß ich bei besagten Fotos zuvor die Endung .jpg anfügen. Gemäß der Anleitung einige Daten .... ich hoffe ich hab´s richtig gemacht und ihr könnt mir helfen. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:35 on 06/06/2012 (Thomas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read tmactmon.sys
Unable to read tmcomm.sys
Unable to read tmevtmgr.sys
-=E.O.F=-
OTL Code:
ATTFilter OTL logfile created on: 07.06.2012 08:02:01 - Run 2
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Thomas\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,23% Memory free
6,99 Gb Paging File | 5,01 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,17 Gb Total Space | 166,11 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
Computer Name: XXX-XX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thomas\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\lms.exe (Intel Corporation)
PRC - C:\Programme\Dell V715w\ezprint.exe ()
PRC - C:\Programme\Dell V715w\dleemon.exe ()
PRC - C:\Windows\System32\dleecoms.exe ( )
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
========== Modules (No Company Name) ==========
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()
MOD - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll ()
MOD - C:\Windows\System32\wxvault.dll ()
MOD - C:\Programme\Dell V715w\ezprint.exe ()
MOD - C:\Programme\Dell V715w\dleemon.exe ()
MOD - C:\Programme\Dell V715w\dleedrs.dll ()
MOD - C:\Programme\Dell V715w\dleescw.dll ()
MOD - C:\Programme\Dell V715w\DLEEcfg.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Dell V715w\epoemdll.dll ()
MOD - C:\Programme\Dell V715w\epstring.dll ()
MOD - C:\Programme\Dell V715w\epwizres.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\dleedatr.dll ()
MOD - C:\Windows\System32\DLEEsmr.dll ()
MOD - C:\Programme\Dell V715w\iptk.dll ()
MOD - C:\Programme\Dell V715w\epwizard.dll ()
MOD - C:\Programme\Dell V715w\customui.dll ()
MOD - C:\Programme\Dell V715w\epfunct.dll ()
MOD - C:\Programme\Dell V715w\eputil.dll ()
MOD - C:\Programme\Dell V715w\imagutil.dll ()
MOD - C:\Programme\Dell V715w\dleecaps.dll ()
MOD - C:\Programme\Dell V715w\dleecnv4.dll ()
MOD - C:\Programme\Dell V715w\dleeptp.dll ()
MOD - C:\Windows\System32\DLEEsm.dll ()
MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ShellfireVPN2Service) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe (Sun Microsystems, Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (svcGenericHost) -- C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (tmlisten) -- C:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\lms.exe (Intel Corporation)
SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (dlee_device) -- C:\Windows\System32\dleecoms.exe ( )
SRV - (dleeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (TmPfw) -- C:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120606.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120606.020\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120531.001_a08\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120606.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1207010.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1207010.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NAV\1207010.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1207010.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1207010.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1207010.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (tmactmon) -- C:\Windows\System32\DRIVERS\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\Windows\System32\DRIVERS\tmcomm.sys ()
DRV - (TmFilter) -- C:\Programme\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- c:\Programme\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Programme\Trend Micro\Client Server Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {BEE6CACE-7152-4522-9A21-1BF52765C7A9}
IE - HKLM\..\SearchScopes\{BEE6CACE-7152-4522-9A21-1BF52765C7A9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BEE6CACE-7152-4522-9A21-1BF52765C7A9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=UlBmqtAAJbWsI_3TDIuq-h1Vu5k?q={searchTerms}
IE - HKCU\..\SearchScopes\{E3AD18D8-D2EC-400E-8BC5-6CA8BFC1CB61}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012.06.06 08:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012.06.06 08:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.27 16:58:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.30 12:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.11 12:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010.09.29 08:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.09.29 08:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.08 16:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\cpjd74v2.default\extensions
[2012.05.30 12:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.30 12:21:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.03 16:17:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.03 16:17:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.03 16:17:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.03 16:17:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.03 16:17:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.03 16:17:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell V715w Fax Server] C:\Program Files\Dell V715w\fm3032.exe ()
O4 - HKLM..\Run: [dleemon.exe] C:\Program Files\Dell V715w\dleemon.exe ()
O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V715w\ezprint.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk = File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{470AAA67-D01A-4D58-9A6C-0B7113A3186B}: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF602E85-80D6-47A3-A3EF-D13CF767AA45}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30F26AB-1AC0-47FD-B07E-C1C17EFE65A2}: DhcpNameServer = 193.254.160.1 10.74.83.22
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5106b649-cb07-11df-a7eb-f04da220596b}\Shell - "" = AutoRun
O33 - MountPoints2\{5106b649-cb07-11df-a7eb-f04da220596b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.07 08:02:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.07 07:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.07 07:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.07 00:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012.06.07 00:47:33 | 000,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll
[2012.06.07 00:47:33 | 000,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll
[2012.06.07 00:47:33 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll
[2012.06.07 00:47:33 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll
[2012.06.07 00:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
[2012.06.06 14:22:57 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.06 11:02:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.06.06 11:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 11:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 11:02:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.06 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.06 08:38:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Tific
[2012.06.06 08:38:09 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Symantec
[2012.05.30 12:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.30 12:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.10 02:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.10 02:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.10 02:34:53 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.10 02:34:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.07 08:10:46 | 005,242,880 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat
[2012.06.07 08:02:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.07 08:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.07 07:56:14 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.07 07:31:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210427559-2325688478-3496669231-1000UA.job
[2012.06.07 07:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.07 05:31:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210427559-2325688478-3496669231-1000Core.job
[2012.06.07 01:04:32 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 01:04:32 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 00:56:16 | 000,626,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.07 00:56:16 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.07 00:56:15 | 001,528,070 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.06.07 00:56:15 | 000,664,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.07 00:56:15 | 000,133,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.07 00:50:02 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012.06.07 00:49:34 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\AppData\Local\WavXMapDrive.bat
[2012.06.07 00:49:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.07 00:49:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.06.07 00:49:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 00:49:00 | 2816,679,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.07 00:48:07 | 002,304,379 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2012.06.06 23:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.06.06 23:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.06.06 15:02:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.06 15:02:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.06 11:02:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000002.regtrans-ms
[2012.06.06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000001.regtrans-ms
[2012.06.06 08:36:12 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TM.blf
[2012.06.06 07:35:38 | 000,096,090 | ---- | M] () -- C:\ProgramData\vGtpTgrGsqjJupajyf
[2012.06.05 08:29:38 | 001,473,366 | ---- | M] () -- C:\Users\Thomas\Desktop\ONgUVoLvQelyjdfXaJ
[2012.05.31 15:44:50 | 000,089,097 | ---- | M] () -- C:\Users\Thomas\Desktop\OrpaELxteDgrVUEnJusl
[2012.05.31 08:42:36 | 004,125,522 | ---- | M] () -- C:\Users\Thomas\Desktop\ynUtasvOxdAEqJgD
[2012.05.31 08:42:03 | 000,002,766 | ---- | M] () -- C:\Users\Thomas\Documents\lsDsxVdNgNOAyLo
[2012.05.31 08:38:01 | 001,915,801 | ---- | M] () -- C:\Users\Thomas\Desktop\ONgsGGtXaapqjyAvQQJ
[2012.05.30 15:20:18 | 000,675,790 | ---- | M] () -- C:\ProgramData\XaNOxtyAQvXTyjdV
[2012.05.24 15:15:45 | 000,018,875 | ---- | M] () -- C:\Users\Thomas\Desktop\qqjuvvQdfUVeDDenEEn
[2012.05.10 03:24:49 | 000,297,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.09 12:43:02 | 000,031,124 | ---- | M] () -- C:\Users\Thomas\Desktop\nELEsDDedfVdvQu
[2012.05.08 16:21:12 | 000,027,672 | ---- | M] () -- C:\Users\Thomas\Documents\tatt0_1tmail127130343f08043d;jsessionid=E0D16C95DA5B8892BC180415EADE0B80-n2.pdf
[2012.05.08 16:18:36 | 000,027,672 | ---- | M] () -- C:\Users\Thomas\Documents\tatt0_1tmail12838efdb1869af4;jsessionid=607255C2D90A6AF3B465DB20D6D66581-n1.pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.07 07:56:13 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.06 23:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.06.06 23:31:34 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.06.06 23:31:33 | 000,573,440 | ---- | C] () -- C:\Users\Thomas\Desktop\Bonanza.mp3
[2012.06.06 14:22:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 11:02:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 08:36:12 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000002.regtrans-ms
[2012.06.06 08:36:12 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000001.regtrans-ms
[2012.06.06 08:36:12 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TM.blf
[2012.05.08 16:21:12 | 000,027,672 | ---- | C] () -- C:\Users\Thomas\Documents\tatt0_1tmail127130343f08043d;jsessionid=E0D16C95DA5B8892BC180415EADE0B80-n2.pdf
[2012.05.08 16:18:36 | 000,027,672 | ---- | C] () -- C:\Users\Thomas\Documents\tatt0_1tmail12838efdb1869af4;jsessionid=607255C2D90A6AF3B465DB20D6D66581-n1.pdf
[2011.11.09 16:15:01 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.07.07 13:49:31 | 000,126,976 | ---- | C] () -- C:\Windows\System32\THBIni20.dll
[2011.07.07 13:46:21 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MC4MInt.dll
[2011.06.07 01:21:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 01:21:23 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2011.03.25 08:08:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.16 01:12:29 | 000,053,760 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.07 19:23:26 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2010.11.07 19:23:22 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.07 19:23:19 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.11.07 19:22:36 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.11.07 19:22:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2010.11.07 19:21:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.07 19:21:55 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.07 19:21:53 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2010.11.07 19:21:08 | 000,006,233 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.11.05 00:52:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 21:13:24 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.09.28 21:13:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2010.09.28 21:13:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.09.28 18:08:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleevs.dll
[2010.09.28 18:08:35 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dleecoin.dll
[2010.09.28 18:08:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dleegcfg.dll
[2010.09.28 18:08:23 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleecui.dll
[2010.09.28 18:08:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleecuir.dll
[2010.09.28 18:07:33 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEEoem.dll
[2010.09.28 18:07:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEEPMON.DLL
[2010.09.28 18:07:33 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEEFXPU.DLL
[2010.09.28 18:07:26 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEEwupd.dll
[2010.09.28 18:07:26 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEEwupd.exe
[2010.09.28 18:05:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleeinpa.dll
[2010.09.28 18:05:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\DLEEhcp.dll
[2010.09.28 18:05:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEEinst.dll
[2010.09.28 18:05:31 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleeserv.dll
[2010.09.28 18:05:31 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleeusb1.dll
[2010.09.28 18:05:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleepmui.dll
[2010.09.28 18:05:31 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleeiesc.dll
[2010.09.28 18:05:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dleelmpm.dll
[2010.09.28 18:05:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleeih.exe
[2010.09.28 18:05:30 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleeins.dll
[2010.09.28 18:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleeinsb.dll
[2010.09.28 18:05:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dleeinsr.dll
[2010.09.28 18:05:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleejswr.dll
[2010.09.28 18:05:29 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleehbn3.dll
[2010.09.28 18:05:29 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleecoms.exe
[2010.09.28 18:05:29 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleecu.dll
[2010.09.28 18:05:29 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleegrd.dll
[2010.09.28 18:05:29 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleecub.dll
[2010.09.28 18:05:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleecur.dll
[2010.09.28 18:05:28 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleecomc.dll
[2010.09.28 18:05:28 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleecfg.exe
[2010.09.28 18:05:28 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleecomm.dll
[2010.09.28 18:05:28 | 000,086,183 | ---- | C] () -- C:\Windows\System32\DLEEcfg.dll
[2010.09.28 18:04:52 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEEsm.dll
[2010.09.28 18:04:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEEsmr.dll
[2010.09.28 17:38:55 | 002,304,379 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2010.09.28 15:54:49 | 000,065,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.28 15:54:48 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\WavXMapDrive.bat
[2010.09.25 19:36:10 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010.09.25 19:36:10 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.25 19:36:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010.09.25 09:55:49 | 001,528,070 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.25 09:50:36 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010.09.25 09:44:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== LOP Check ==========
[2011.08.30 17:41:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ASCOMP Software
[2012.06.06 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AVM
[2010.09.28 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Broadcom
[2011.11.09 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Chipcardmaster
[2010.09.28 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DataDesign
[2012.06.07 00:50:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.06.06 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FileZilla
[2011.10.04 08:37:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Firstload
[2012.06.06 07:46:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FRITZ!
[2010.09.28 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.03.01 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0
[2010.09.28 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Lexware
[2010.09.29 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.06.06 07:46:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ShellfireVPN
[2012.06.06 09:02:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer
[2010.09.29 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2012.06.06 08:38:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Tific
[2010.10.11 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\V715w
[2010.09.28 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Wave Systems Corp
[2009.07.14 06:53:46 | 000,029,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extra Code:
ATTFilter OTL Extras logfile created on: 07.06.2012 08:02:01 - Run 2
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Thomas\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,23% Memory free
6,99 Gb Paging File | 5,01 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,17 Gb Total Space | 166,11 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
Computer Name: XXX-XX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B120CFF-01E7-4B89-92B7-94E68AE33E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D20F3E9-58CA-4CCF-8D27-DD194B66672C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2805C530-24FC-4E13-823D-50AD9A8235D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31A271EA-0A23-40C5-BBE9-90890BC50020}" = lport=2869 | protocol=6 | dir=in | app=system |
"{334C543B-4BB8-4D87-93E2-F46A7C10E612}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{344CBED9-F0DE-4DF2-8EF5-5A9A532FF8DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{352C4D6F-74D8-4336-B446-7BB849FA6902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{360CBC26-4D46-4357-8B4A-5EA9676CCCFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44D7983D-412A-4BCC-A552-A24A76FFF9C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C49AD1A-789C-44DC-A4A6-17A859E70768}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{559F4E5A-A149-4CFA-86B0-F49DDCD1E4EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AEF0EF3-2D0F-4D43-9B4F-76B274A20BFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5B72F240-ECAD-4B7C-9C6B-8512830D7993}" = rport=445 | protocol=6 | dir=out | app=system |
"{699C7F7D-1087-4810-B8DF-03A3230721D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{736D75CA-21A1-4C2D-B5B2-FB1E0041FC2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C18D60C-F0CB-4714-82DF-12593B1B0D91}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E85D291-3EC8-4BEF-A3B7-896A3A161705}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F9B18C8-F91A-4D8D-907B-8EF8874692B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FCD263B-0310-4292-A052-7C98D78CE555}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{85357D7C-1A2D-493D-BEAC-08179BB89202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85B9D517-52AF-4168-8653-E1CCB0ED2229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FAC1BA6-D557-481F-A8FB-EB08E38F7C25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A40D6C39-329B-47E1-9565-C8F570FC4CE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB77C690-DD85-4721-A440-8FE6B05B6174}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ACA11BE4-D9E8-41FC-A63A-E8460ACF629D}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 |
"{AFE987CA-F5BA-4ED1-A8CD-7B666D8C17A3}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{B23382B2-2F9D-4F2A-9ACE-53B4F0D2E16C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B4ACE35E-02FC-4865-8C1D-6354C77AE933}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD3557FB-4D92-4CDF-B5E1-8D90B2225FC5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C59260CB-E0CE-42CF-9FAA-147421C0ABA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C992EB60-7D20-451E-BAAB-2AA8AEB08513}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA2A528F-9B9D-4F49-9702-6151FD4762D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DB132CB3-17E9-45BA-ADD4-D38FF6C3C6E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0146761-4DB0-4DDF-9D4A-F7250F863043}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECE213F1-E324-4470-BE9D-4FF45E9D592C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F35EE158-9C24-46CD-814D-93E368EDCE1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6D181A6-CCAB-4672-861F-F8E2EF287426}" = rport=138 | protocol=17 | dir=out | app=system |
"{FED8751A-DC49-4843-8B58-1E9334C1B0BF}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049B8AB2-F6BD-4790-B1AF-62275DD66115}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{089946BD-4FB4-4CB4-A9BF-532C1EE26369}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A392EEE-995A-45DC-9328-FBD662DC1240}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{109A2F64-28A6-426B-8B2D-93E0C594491F}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe |
"{142626E5-6BBD-4BEB-B482-C96FB6B64C7D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{199838AA-8EC9-49B5-933B-82D6E76D62CB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1A3A9D43-5ADC-46BB-B463-7FD84B7E4DD7}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{1DB409A2-2692-4702-A8FD-0F187C4A86AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{237A549F-A523-423A-ADEE-1D855BD92CAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28B68E4F-6872-48C9-8929-85A0D5B3056D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2960EC1D-1DAF-4B81-B6A1-1056041E6DFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A2FF871-E495-4F4E-B14D-84F8B66B3F7F}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{31C17E19-8024-4411-B2CF-CB3781D4870E}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{32B3A168-166D-472F-B378-192094A5831C}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{3414EA29-062D-4E69-B156-45AA7CA0F3D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A5913C2-FF0C-4E5D-A744-7BCD3918AE7B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{3DCAB81B-2723-4343-968E-2C3F6484D6F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40D51085-E3DB-429E-8862-6861F87D1BC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46D52C3F-8D2D-4088-8E30-27B48CD534D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46F2D16B-FDAF-4AA2-8D01-842EA6656549}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4A9E55A7-8B2D-4EDA-AC27-2106643E91D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BE3660D-D026-418E-87D4-D740D2F1142F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F9BF8FC-D38D-4494-BDD5-920A4E5DDC5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51FF29E4-3887-4A3A-8A6D-5405542B6B6B}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{5D71A9AA-9CCB-4A9A-8C7E-8BB8D3D76677}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{69F875F5-F079-416D-92C2-2B3FB378D84F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{70DAE55D-2B75-44FA-9C70-0BAB30F088D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{765DDDDF-8DEC-41C4-92FB-D852986E6190}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7A31F1A2-5ABF-426D-B9AD-7CFF08F0EE1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{871D8F48-3F4A-4E13-AD12-20BBE2E1EC11}" = protocol=6 | dir=in | app=c:\program files\dell v715w\dleefax.exe |
"{9872DAFE-74AA-4094-95FD-3BC673430400}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe |
"{9B373995-6B30-40B7-AEA6-9D61FAE4816B}" = protocol=6 | dir=out | app=system |
"{9C1448AB-2760-4956-A064-830ABEEF7786}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A1447D2B-DFF5-4942-83C4-D0EC360361B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2EE15CC-34F7-434F-B245-421356D4A551}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe |
"{A32ADEED-6009-4DF3-A0C1-0E8B52106CFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A5D6DCA3-9D25-4130-9140-E6C65F06900E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE52C94D-B12D-4478-A89C-8A804BA6313F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7EC7A5F-6558-464A-835C-247BA3F40622}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BA060546-FA7C-4F45-A257-0E42CE5ABA10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF0DD931-4549-4789-B5A2-2B5555DC9CA5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DF1D25E5-6714-4757-8726-F66C5D20CDDC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{DFD70AA2-6CEF-46A2-B88C-F92DBB35200E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E7B65569-708B-47A4-8F9C-9D5701A52785}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{F2ED73D6-E85F-4486-ABE0-15DF30363F60}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{F355B054-8D1C-4A39-895A-0C623608DB75}" = protocol=17 | dir=in | app=c:\program files\dell v715w\dleefax.exe |
"{FF677056-087C-402E-8412-945F0D67CD79}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe |
"{FFD0C3F1-CD24-4B85-B71E-D5492D30B8E4}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"TCP Query User{13657E0A-F6D6-418C-8B80-A307CF56729F}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{1436BE89-89F0-4829-B964-50ED14796C34}C:\program files\ipview pro\ipview pro.exe" = protocol=6 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"TCP Query User{152A99E9-5D03-434A-A5F5-D26EEA866E1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3EFCEB27-41A9-4485-9562-E6B5DA6D45DA}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{58465653-4505-43A1-930B-6E1B8C2EC92B}C:\users\thomas\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C1EECE26-A749-407B-8833-F81486150A3B}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EF79F6A7-FF14-4702-9217-E04D9CBB0437}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4CD6B22E-3669-49E6-8E05-F0BDAFAFFC76}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{63072085-2882-491D-AFD7-9E9A68EF8616}C:\program files\ipview pro\ipview pro.exe" = protocol=17 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"UDP Query User{7E00742D-5A47-4C18-8682-13EF81C44A38}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{888D6CE8-0D75-4399-90C3-7AF6804EE187}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{9ACE4969-C34F-4C7A-AFF8-5A3A27BD4C7F}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E3C96C9B-2143-4EFD-925E-0EA8F4680B9C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{E74691FD-5BD8-48C0-A8D4-DE632E5F75F0}C:\users\thomas\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0921D0A0-5A37-4318-9EDD-6B6EC12E6380}" = Lexware QuickBooks 2008
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BAA40A3-EF6A-4A5D-B124-A1E1B2C67933}" = Prospektservice Online
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{38EBEF35-18E3-4B74-A560-8F80685B9626}" = Lexware QuickBooks plus 2008
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FDA8F6A-E87C-484B-BDE2-12C1BE199149}" = Wave Infrastructure Installer
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BB5DC4-1C72-4306-9005-6B44190DF430}" = Lexware QuickBooks 2008
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{782AE8DA-30DA-44bd-BA9A-9F23B8A4AC79}" = pdfforge Toolbar v5.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C61491-EF2F-4ED8-8E10-FB33E3C6B55A}" = Dell Control Point
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE2A41AD-3BFF-4A0C-A05C-F5B40C5C5E41}" = AXIS Camera Control
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C019A4C7-C791-450C-A5CF-FF95826CD276}" = Lexware QuickBooks 2008
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC322D0B-CC8E-4351-90F2-19275DFFC134}" = Lexware QuickBooks 2008
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{DE2DA32A-F8C7-4E8E-B41D-E5031185CE3F}" = IPView Pro
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Dell V715w" = Dell V715w
"FileZilla Client" = FileZilla Client 3.5.3
"Firstload" = Firstload
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.11.426
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Desktop" = Google Desktop
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{0BAA40A3-EF6A-4A5D-B124-A1E1B2C67933}" = Prospektservice Online
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Meeresrauschen" = Meeresrauschen Screen Saver
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"Secure Eraser_is1" = Secure Eraser v4.0
"ShellfireVPN" = ShellfireVPN 2.1
"TAPI" = AVM TAPI Services for FRITZ!Box
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2012 13:03:48 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
Error - 23.05.2012 13:03:45 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
Error - 23.05.2012 18:37:10 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 24.05.2012 13:03:52 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
Error - 24.05.2012 18:36:52 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 25.05.2012 06:59:38 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: QBW32.exe, Version: 18.10.106.125,
Zeitstempel: 0x4799ce5b Name des fehlerhaften Moduls: Features.dll, Version: 18.10.106.125,
Zeitstempel: 0x4799ce7f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000932b2 ID des fehlerhaften
Prozesses: 0x23e4 Startzeit der fehlerhaften Anwendung: 0x01cd39746711c834 Pfad der
fehlerhaften Anwendung: C:\Program Files\Lexware\QuickBooks\QBW32.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Lexware\QuickBooks\Features.dll Berichtskennung: b82b7411-a658-11e1-b859-001a4f9c1f08
Error - 25.05.2012 13:03:52 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
Error - 27.05.2012 13:00:02 | Computer Name = Thomas-PC | Source = Windows Backup | ID = 4103
Description =
Error - 27.05.2012 13:04:00 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
Error - 28.05.2012 13:03:54 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description =
[ Media Center Events ]
Error - 28.12.2011 03:55:52 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:55:52 - Fehler beim Herstellen der Internetverbindung. 08:55:52
- Serververbindung konnte nicht hergestellt werden..
Error - 28.12.2011 03:56:21 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:56:21 - Fehler beim Herstellen der Internetverbindung. 08:56:21
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 00:24:11 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 05:24:11 - Fehler beim Herstellen der Internetverbindung. 05:24:11
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 00:24:19 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 05:24:17 - Fehler beim Herstellen der Internetverbindung. 05:24:17
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 01:24:24 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 06:24:24 - Fehler beim Herstellen der Internetverbindung. 06:24:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 01:24:30 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 06:24:29 - Fehler beim Herstellen der Internetverbindung. 06:24:29
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 02:24:35 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 07:24:35 - Fehler beim Herstellen der Internetverbindung. 07:24:35
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 02:24:41 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 07:24:40 - Fehler beim Herstellen der Internetverbindung. 07:24:40
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 03:25:22 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:25:22 - Fehler beim Herstellen der Internetverbindung. 08:25:22
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2012 03:25:28 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:25:27 - Fehler beim Herstellen der Internetverbindung. 08:25:27
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description =
< End of report >
install Code:
ATTFilter ABBYY FineReader 6.0 Sprint ABBYY Software House 27.09.2010 116,2MB 6.00.2146.41621 Adobe Acrobat X Standard - English, Français, Deutsch Adobe Systems 27.04.2012 2.453MB 10.1.3 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 05.06.2012 6,00MB 11.2.202.235 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 05.06.2012 6,00MB 11.2.202.235 Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 27.04.2012 168,3MB 10.1.3 Apple Application Support Apple Inc. 11.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 12.03.2012 24,2MB 5.1.1.4 Apple Software Update Apple Inc. 05.08.2011 2,38MB 2.1.3.127 ATI Catalyst Control Center 24.09.2010 2.009.1118.1259 AVM FRITZ!fax für FRITZ!Box AVM Berlin 06.06.2012 AVM FRITZ!WLAN AVM Berlin 01.10.2010 AVM TAPI Services for FRITZ!Box AVM Berlin 27.09.2010 AXIS Camera Control 14.12.2010 Bonjour Apple Inc. 11.12.2011 1,02MB 3.0.0.10 CCleaner Piriform 22.05.2012 3.19 Chipcardmaster 6.86 Dr. Olaf Jacobsen 08.11.2011 cyberJack Base Components REINER SCT 27.09.2010 6.9.6 Dell Backup and Recovery Manager Dell Inc. 24.09.2010 1.3 Dell ControlPoint Security Manager Dell Inc. 24.09.2010 1.6.468.86 Dell Security Device Driver Pack Dell Inc. 24.09.2010 1.4.055 Dell Symbolleiste 27.09.2010 1.8.12.0 Dell V715w Dell, Inc. 27.09.2010 Dropbox Dropbox, Inc. 13.03.2012 1.2.52 FileZilla Client 3.5.3 FileZilla Project 11.04.2012 16,6MB 3.5.3 Firstload Firstload.net 06.08.2011 8,79MB Free Video Flip and Rotate version 1.8.11.426 DVDVideoSoft Limited. 03.05.2011 39,2MB funScreenScraping Client Version fun communications GmbH 28.09.2010 2,19MB 1.0.173 funScreenScraping Microsoft Systemdateien fun communications GmbH 27.09.2010 7,62MB 1.0.6 GIMP 2.6.10 The GIMP Team 03.10.2010 108,4MB 2.6.10 Google Chrome Google Inc. 27.09.2010 19.0.1084.52 Google Desktop Google 26.06.2011 5.9.1005.12335 Google Earth Google 17.11.2011 92,7MB 6.1.0.5001 Hauppauge German Help Files and Resources 06.11.2010 Hauppauge WinTV 06.11.2010 Hauppauge WinTV DVB-T EPG Service 06.11.2010 Hauppauge WinTV Infrared Remote 06.11.2010 Hauppauge WinTV Scheduler 06.11.2010 Hauppauge WinTV TV Services 06.11.2010 iCloud Apple Inc. 11.03.2012 24,3MB 1.1.0.40 Intel(R) Control Center Intel Corporation 1.2.1.1007 Intel(R) Network Connections 15.2.89.0 Dell 24.09.2010 15.2.89.0 Intel(R) Rapid Storage Technology Intel Corporation 9.6.0.1014 Intel® Active-Management-Technologie Intel Corporation 24.09.2010 InterVideo FilterSDK for Hauppauge InterVideo Inc. 06.11.2010 IPView Pro 06.07.2011 iTunes Apple Inc. 01.04.2012 156,1MB 10.6.1.7 Java(TM) 6 Update 31 Oracle 24.04.2012 95,1MB 6.0.310 Lexware online banking 4.90 Lexware 27.09.2010 4.90 Lexware QuickBooks plus 2008 Lexware 27.09.2010 18.00 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 05.06.2012 18,0MB 1.61.0.1400 Meeresrauschen Screen Saver 07.02.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.09.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.09.2010 2,94MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation 24.09.2010 6,31MB 14.0.4763.1000 Microsoft PowerPoint Viewer Microsoft Corporation 15.11.2011 148,5MB 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 25.09.2010 14,9MB 3.0.40624.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24.09.2010 1,72MB 3.1.0000 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 25.09.2010 0,61MB 1.0.1215.0 Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 25.09.2010 1,45MB 1.0.1215.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.09.2010 0,34MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.10.2010 0,59MB 9.0.30729 MobileMe Control Panel Apple Inc. 10.12.2011 12,9MB 3.1.8.0 Mozilla Firefox 12.0 (x86 de) Mozilla 29.05.2012 36,3MB 12.0 Mozilla Maintenance Service Mozilla 29.05.2012 0,21MB 12.0 Mozilla Thunderbird 12.0.1 (x86 de) Mozilla 01.05.2012 39,7MB 12.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.09.2010 37,00KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.09.2010 1,33MB 4.20.9876.0 Norton AntiVirus Symantec Corporation 06.10.2010 18.7.1.3 OpenOffice.org 3.2 OpenOffice.org 28.09.2010 363MB 3.2.9502 pdfforge Toolbar v5.1 Spigot, Inc. 17.03.2012 10,9MB 5.1 Picasa 3 Google, Inc. 05.12.2011 3.8 PowerDVD DX CyberLink Corp. 24.09.2010 8.3.5424 Prospektservice Online Deutsche Post AG 02.11.2010 98,2MB 1.00.000 QuickTime Apple Inc. 10.12.2011 73,3MB 7.71.80.42 Roxio Creator DE 10.3 Roxio 24.09.2010 96,7MB 10.3 Secure Eraser v4.0 ASCOMP Software GmbH 02.07.2011 10,5MB ShellfireVPN 2.1 15.09.2011 2.1 Skype™ 5.0 Skype Technologies S.A. 04.11.2010 22,4MB 5.0.152 TeamViewer 6 TeamViewer GmbH 18.11.2011 6.0.11656 Trend Micro Client/Server Security Agent Trend Micro 24.09.2010 12,00KB 3.0.3152 Uninstall 1.0.0.1 03.05.2011 11,2MB VLC media player 1.1.5 VideoLAN 06.08.2011 1.1.5 VTPlus32 für WinTV (German) 06.11.2010 Windows Live Anmelde-Assistent Microsoft Corporation 25.09.2010 1,94MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 24.09.2010 14.0.8089.0726 Windows Live Sync Microsoft Corporation 24.09.2010 2,79MB 14.0.8089.726 Windows Live-Uploadtool Microsoft Corporation 25.09.2010 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 07.10.2010 0,29MB 1.0.0.8 Windows XP Mode Microsoft Corporation 15.07.2011 1.161MB 1.3.7600.16422 Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Dell Inc. 24.09.2010 09/11/2009 1.0.1.6 |
|
07.06.2012, 11:16
| #2 |
| /// Malware-holic   | Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien 1. beachte den hinweis in meiner signatur, sende mir die entsprechende mail zu.
__________________2. öffne malwarebytes, logdateien, poste alle berichte. 3. öffne norton, poste den scan bericht. 4. http://www.trojaner-board.de/115496-...erstellen.html nutze den shadow explorer, evtl. klappt eine wiederherstellung
__________________ |
|
07.06.2012, 13:37
| #3 |
| | Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien Danke für den shadow explorer. Das geht natürlich um halbwegs auf aktuellen Stand zu kommen und schon mal wichtige Dateien zu sichern. Aber gibt es eine Möglichkeit die Dateien zu reparieren (umbenennen und entschlüsseln)? Es sind auch Programteile (vermutlich auch Registry) betroffen, so daß diese jetzt nicht laufen.
__________________Wer sagt mir nun das der Tojaner nun weg ist? Die besagte Mail habe ich bei Euch eingeschickt. Log Datei Malwarebytes (nachdem schon Norten drüber war) Code:
ATTFilter
2012/06/06 11:03:20 +0200 THOMAS-PC Thomas MESSAGE Starting protection
2012/06/06 11:03:21 +0200 THOMAS-PC Thomas MESSAGE Executing scheduled update: Daily
2012/06/06 11:03:23 +0200 THOMAS-PC Thomas MESSAGE Database already up-to-date
2012/06/06 11:03:23 +0200 THOMAS-PC Thomas MESSAGE Protection started successfully
2012/06/06 11:03:26 +0200 THOMAS-PC Thomas MESSAGE Starting IP protection
2012/06/06 11:03:28 +0200 THOMAS-PC Thomas MESSAGE IP Protection started successfully
2012/06/06 11:55:55 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert QUARANTINE
2012/06/06 11:55:55 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:55:55 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:57:34 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:57:34 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:57:34 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:57:46 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:57:57 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:58:14 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:58:18 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:58:53 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 11:59:19 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 11:59:22 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 11:59:23 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 11:59:23 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 12:04:27 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 12:04:29 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 13:08:15 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 13:08:17 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 14:13:57 +0200 THOMAS-PC Thomas IP-BLOCK 194.54.80.182 (Type: outgoing, Port: 52051, Process: teamviewer_service.exe)
2012/06/06 14:13:57 +0200 THOMAS-PC Thomas IP-BLOCK 194.54.80.182 (Type: outgoing, Port: 52052, Process: teamviewer_service.exe)
2012/06/06 14:17:06 +0200 THOMAS-PC Thomas DETECTION c:\users\thomas\downloads\decrypthelper-0.5.3(1).exe Trojan.FakeAlert ALLOW
2012/06/06 14:17:07 +0200 THOMAS-PC Thomas DETECTION c:\users\thomas\downloads\decrypthelper-0.5.3.exe Trojan.FakeAlert DENY
2012/06/06 14:21:15 +0200 THOMAS-PC Thomas MESSAGE Starting protection
2012/06/06 14:21:20 +0200 THOMAS-PC Thomas MESSAGE Protection started successfully
2012/06/06 14:21:24 +0200 THOMAS-PC Thomas MESSAGE Starting IP protection
2012/06/06 14:21:25 +0200 THOMAS-PC Thomas MESSAGE IP Protection started successfully
2012/06/06 16:11:01 +0200 THOMAS-PC Thomas MESSAGE Starting protection
2012/06/06 16:11:04 +0200 THOMAS-PC Thomas MESSAGE Protection started successfully
2012/06/06 16:11:07 +0200 THOMAS-PC Thomas MESSAGE Starting IP protection
2012/06/06 16:11:08 +0200 THOMAS-PC Thomas MESSAGE IP Protection started successfully
2012/06/06 17:04:42 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 17:04:51 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 17:04:51 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 17:04:51 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 18:40:22 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 19:00:33 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 19:52:10 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 20:34:05 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 20:48:05 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 20:53:05 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:14:43 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:14:43 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:14:46 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:14:46 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:14:46 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:28:36 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:28:36 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:28:39 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:28:39 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 21:28:39 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 22:30:11 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 23:27:36 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 23:31:59 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 23:35:13 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
2012/06/06 23:38:58 +0200 THOMAS-PC Thomas DETECTION C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe Trojan.FakeAlert ALLOW
Code:
ATTFilter Kategorie:Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 07.06.2012 08:16,Hoch,otl (2).exe (otl (2).exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\downloads\otl (2).exe 06.06.2012 23:39,Hoch,otl.exe (otl.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\desktop\otl.exe 05.06.2012 13:57,Hoch,nav5bd9.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav5bd9.tmp 05.06.2012 13:54,Hoch,navf0fe.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navf0fe.tmp 05.06.2012 13:37,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\inbox 05.06.2012 13:25,Hoch,nav7ac1.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav7ac1.tmp 05.06.2012 13:25,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxx-1.de\trash 05.06.2012 13:23,Hoch,nav2474.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav2474.tmp 05.06.2012 13:22,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxx-1.de\inbox 29.05.2012 06:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 22.05.2012 04:42,Hoch,nav83d4.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav83d4.tmp 22.05.2012 04:40,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash 22.05.2012 04:40,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash 22.05.2012 04:20,Hoch,nav9bf7.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav9bf7.tmp 22.05.2012 04:20,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxxx-1.de\inbox 22.05.2012 04:20,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxxx-1.de\inbox 22.05.2012 02:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 14.05.2012 23:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 07.05.2012 20:03,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 22.04.2012 15:17,Hoch,Downloader.Dromedan erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\inbox 22.04.2012 15:15,Hoch,navb667.tmp (Downloader.Dromedan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navb667.tmp 22.04.2012 15:01,Hoch,navb656.tmp (Downloader.Dromedan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navb656.tmp 22.04.2012 14:59,Hoch,Downloader.Dromedan erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash 16.08.2011 18:01,Hoch,notepad.exe (Trojan.Gen.2) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\notepad.exe |
|
| Themen zu Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien |
| antivirus, bebloh, bho, bonjour, branding, desktop, device driver, error, fehler, firefox, flash player, google, google earth, helper, home, hängen, install.exe, intranet, logfile, mahnung, mozilla, msiinstaller, object, pdfforge toolbar, plug-in, registry, richtlinie, searchscopes, security, server, software, stick, symantec, taskhost.exe, thomas, trojaner, umbenannt, verschlüsselt, version=1.0, windows, windows xp |
Linear-Darstellung
