| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanercheckWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.11.2012, 19:15
| #1 |
 |  Trojanercheck Hallo  ich hatte die VErmutung, dass ich einen Trojaner hatte,da ich gehackt wurde in einem Mmorpg Habe deshalb Malwarebytes laufen lassen und einen Virus gefunden,den ich aber -nicht wie im Forum gesagt - bereits gelöscht habe. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Habe bereits alle Themen aus der Anleitug durchgearbeitet. Also mit Defogger ,Otl und gmer. Hier sind die Logs. Gruß, Valeri. OTL Extras logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{194F92B6-5166-4CCE-B424-82F81A9B8244}" = rport=445 | protocol=6 | dir=out | app=system | "{1EAF7512-CA7B-4B0C-83B3-1FC3ED3834C8}" = lport=445 | protocol=6 | dir=in | app=system | "{218282BC-EDB8-4CE9-8EB6-0ED6C576C2FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{332C4088-4DC5-4FF6-9B55-A228DAEE8AD0}" = rport=137 | protocol=17 | dir=out | app=system | "{348163CE-C4A9-419C-B26A-AD24A41D6AFA}" = lport=138 | protocol=17 | dir=in | app=system | "{35413F42-EF64-4FEA-B445-0DA1201556A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3B55D995-5A9E-4EAB-9437-97368F15D7F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3EDF00F2-5F06-49E4-853B-ABF25A0B1663}" = rport=139 | protocol=6 | dir=out | app=system | "{432A998C-8CA0-42CA-A2EC-74FF4674F577}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4D75F68C-D28B-4AA2-AA72-174525F830D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70ADE8F8-E574-4256-B4FD-85F4D85969C3}" = rport=138 | protocol=17 | dir=out | app=system | "{94379A23-5DEC-48F8-AA6E-F4005298247C}" = lport=137 | protocol=17 | dir=in | app=system | "{963FC632-8086-4880-8F69-F20B323F2EAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A8EE19EF-7890-4207-A45F-3B1AFBFD35FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B27F1B80-ECED-4BD7-8D6F-5AF33DC40078}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B90CCFEC-19C3-46FF-B9B0-7EFC7CB1CDBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C50B511C-12CC-4DDB-9999-5C1FE09D5631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C9B0B8AE-4F87-4411-BC2D-E5E91C47E05D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D13DC87C-EB50-4FEA-AEAE-96A0C22384EA}" = lport=139 | protocol=6 | dir=in | app=system | "{D46F93D8-C4B9-4F7D-829C-D1264136E8FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E3BFA921-AB32-4384-92EA-B10FC755C560}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F1642DF5-A5EC-446F-AF92-563CA8A23A76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18A2094A-1C32-42D7-9649-27EDCED3D2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{281674EF-A129-4112-8936-1626D7116287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2C94AD6C-9A9E-4714-9B97-07FC39D502DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{339AF70A-F258-4A26-BBE3-ADB20A2706D9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{378E34B6-63BC-4C5F-BB25-1B72A3D09365}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43651962-42DF-44BC-A917-482C7466FD7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{51472ECD-41F5-4F17-BC9F-AE50428AAAE3}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{51D65E47-3CB8-42AC-8B06-1400486D3D71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{566DB6B8-5AD4-4D88-9A20-DE1D99EDD477}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B76AE97B-F48E-4618-AEF7-200B14CD1F03}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B7EB5C4D-2A6B-4EC4-8660-26CA116E5341}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "{C8651226-F3C8-4E8C-97DC-673F1E55179C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{D257A0C3-99EC-4462-B579-EFA36C4EDFD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D5165636-A1C5-4D75-ADE3-CB7AC06980E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{D9E9E2C4-35AF-4A9F-9D2C-7B30757608AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{E145C08F-9385-433A-8F3C-492AD40CF22F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{E3B6CE2C-B7A2-4D04-B196-8021A84B044D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E6FE9665-9D13-4C21-A885-AD355D16D06A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E843DD68-C316-437F-8841-41F991CFB5A4}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "TCP Query User{2AE3B932-FA19-48E9-BFC8-18657973F741}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A6CF1B7F-066B-4A9F-B344-BEAD5E91C404}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "TCP Query User{AAFFFE36-818F-460C-BFE3-6345CC9740F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C18FD6AC-FAF0-4AE9-B95F-22CF0DEDC565}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{104CC787-157D-4896-80A3-34AA0DD98274}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "UDP Query User{27C6005C-5917-4697-9871-840BCFC13840}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4E6F7B5E-D7EF-488B-9AF6-C09A190192A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E1113EB5-3C6D-4D09-B4A8-A858E62D7E4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0331FC5B-948B-8AC2-66FC-0D812EE03C47}" = ccc-core-static "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{143C595E-6E6A-D847-8D5D-B17192C13028}" = CCC Help Italian "{1784BBBA-2820-AE9B-041C-29F1F536911F}" = CCC Help English "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4EC85AD2-5AAE-0F7D-97A2-906F094FBC2C}" = Catalyst Control Center Graphics Full New "{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding "{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64FDAF43-0317-91AF-DCC0-8FF63FA1C262}" = Catalyst Control Center Graphics Light "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CC3CCF-DEFE-6E46-FF24-EEDE75355195}" = CCC Help Spanish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8C97A120-7300-9FDB-CD8F-E035741A1156}" = ccc-core-preinstall "{8D58AC2A-6952-CCDE-14B6-505D263BE5F0}" = CCC Help Dutch "{8D58B4D9-3F0F-BFF8-498E-627059551AE5}" = Catalyst Control Center Localization All "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8F8DC6F6-B93E-78E9-4F16-5E5AE6589EBD}" = CCC Help Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C08E956F-97FC-26E3-4523-06A7743480CA}" = Skins "{C24A79B5-4FC9-EF28-A11D-4B378B618F18}" = CCC Help Korean "{C26968D9-FA2D-10E0-79AC-9714A769EC40}" = CCC Help German "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C59D305B-4E19-A823-714D-5A393E19B898}" = CCC Help French "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CA2D75F9-19F0-74F5-2C4C-0E37C198FC6A}" = CCC Help Chinese Standard "{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3 "{CDF2602A-D09F-18CC-AC6E-216124FC975B}" = Catalyst Control Center Core Implementation "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45BEFCD-72A1-042C-D484-7F39EAC2CCD9}" = CCC Help Japanese "{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB61BE4A-1E09-CA85-F03C-A78C357CA743}" = CCC Help Swedish "{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2D2B19D-F3D0-AAE7-E94C-72435EBC8663}" = ccc-utility "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{E838C67D-6D64-A995-F8D0-4F397D278635}" = CCC Help Portuguese "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE383F29-6C0D-EF89-C8A1-CCD87349A2E3}" = Catalyst Control Center Graphics Full Existing "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) "2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent "Anti-Twin 2012-08-25 17.22.56" = Anti-Twin (Installation 25.08.2012) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "avast" = avast! Free Antivirus "Avira AntiVir Desktop" = Avira Free Antivirus "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "Defraggler" = Defraggler "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free MP3 Cutter and Editor_is1" = Free MP3 Cutter and Editor 2.6 "Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1017 "HECI" = Intel(R) Management Engine Interface "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 3.0.80 (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NosTale(DE)_is1" = Nostale(DE) "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OnScreenDisplay" = Anzeige am Bildschirm "Origin" = Origin "PhotoScape" = PhotoScape "PokerStars.eu" = PokerStars.eu "Power Management Driver" = ThinkPad Power Management Driver "Prio" = Prio "Recuva" = Recuva "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sandboxie" = Sandboxie 3.74 (32-bit) "TeamViewer 7" = TeamViewer 7 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Tunatic" = Tunatic "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 2.0.3 "VMware_Player" = VMware Player "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Kalydo App Nostale" = Nostale "KalydoPlayer" = Kalydo Player 4.09.00 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.05.2012 04:52:18 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 04:55:49 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 04:55:50 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 14:51:06 | Computer Name = HIlo-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 694 Startzeit: 01cd2aa6b6b61679 Endzeit: 4774 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 06.05.2012 21:17:26 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 21:21:16 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 21:21:17 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:15:03 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ NetLimiter 3 Events ] Error - 15.10.2012 10:23:03 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 15.10.2012 10:29:23 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 19.10.2012 09:18:47 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 07:12:05 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 11:09:32 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 21.10.2012 04:58:41 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 07:42:18 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 09:24:40 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 23:34:27 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 31.10.2012 10:21:53 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired [ OSession Events ] Error - 18.04.2011 13:08:28 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 3198 seconds with 1620 seconds of active time. This session ended with a crash. Error - 18.04.2011 13:13:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 282 seconds with 240 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:48:19 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 1677 seconds with 420 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:54:37 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 351 seconds with 300 seconds of active time. This session ended with a crash. Error - 20.04.2011 06:57:20 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 156 seconds with 120 seconds of active time. This session ended with a crash. Error - 20.04.2011 07:27:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 309 seconds with 240 seconds of active time. This session ended with a crash. Error - 22.04.2011 07:26:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:31:09 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 197 seconds with 180 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:42:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 25.04.2011 14:46:48 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 756 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 03.11.2012 12:49:57 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfvfs02.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.11.2012 12:51:23 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "avast! Antivirus" ist von folgendem Dienst abhängig: aswMonFlt. Dieser Dienst ist eventuell nicht installiert. Error - 03.11.2012 12:52:24 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ATITool sfdrv01 sfvfs02 uGuru Error - 03.11.2012 12:53:17 | Computer Name = HIlo-PC | Source = DCOM | ID = 10016 Description = < End of report > OTL logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 17:46:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 10:07:02 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () -- C:\Programme\Prio\prio_svc.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 13:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) -- C:\Programme\NetLimiter 3\nlsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.08.05 16:47:52 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe PRC - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.12.05 03:38:04 | 001,242,112 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_imgproc220.dll MOD - [2010.12.05 03:38:02 | 002,010,624 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_core220.dll MOD - [2010.08.05 16:48:04 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2012.10.31 12:36:02 | 009,012,224 | ---- | M] () [Auto | Stopped] -- C:\Programme\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.30 01:51:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 11:29:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Programme\Prio\prio_svc.exe -- (prio_svc) SRV - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc) SRV - [2010.02.05 06:43:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor) SRV - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391) DRV - File not found [Unknown (0) | Boot | Unknown] -- -- (Winflash) DRV - File not found [Kernel | Boot | Stopped] -- system32\Drivers\uGuru.sys -- (uGuru) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd) DRV - [2012.11.03 17:56:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice) DRV - [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cpuidlep.sys -- (cpuidlep) DRV - [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.02 13:45:52 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.09.02 13:45:52 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.08.10 18:41:35 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.08.10 18:41:35 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.08.10 18:41:35 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011.11.13 23:43:26 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2011.11.13 23:42:40 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2011.11.13 23:42:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2011.11.13 21:33:56 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2011.11.13 21:33:56 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2011.08.29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2011.08.29 22:01:10 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2011.03.21 15:44:24 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2011.01.05 00:33:30 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.08.24 18:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.08.24 18:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.08.18 10:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010.06.16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2010.06.16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.02.05 10:14:14 | 000,661,448 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.12.08 14:11:40 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.09 16:10:16 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.22 06:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.11 17:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.06.02 15:39:22 | 000,737,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A885VCap.sys -- (CXSONORA) DRV - [2006.11.10 14:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\HIlo\Desktop\Drumstepftw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 99 A5 00 12 7B CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{514EEF3A-6F99-49FD-A418-81A056B81463}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE471 IE - HKCU\..\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=60BCEAD5-A879-4FAD-A37E-0F5B240F30D2&apn_sauid=64DF60C8-6482-49FC-8E73-BB27B672CADD IE - HKCU\..\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\HIlo\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\HIlo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2012.07.31 17:15:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 02:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 05:27:45 | 000,000,000 | ---D | M] [2012.02.10 22:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Extensions [2012.10.14 18:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions [2012.08.22 22:44:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.08.26 14:28:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.02 10:39:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.28 20:06:49 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\welcome@toolmin.com [2012.10.14 18:10:36 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\extension@hidemyass.com.xpi [2012.08.27 09:17:19 | 000,572,633 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\testpilot@labs.mozilla.com.xpi [2012.04.02 10:39:39 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 22:00:03 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.07.25 19:47:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.30 02:13:55 | 000,002,401 | ---- | M] () -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\searchplugins\Web Search.xml [2012.10.30 02:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 05:27:42 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.20 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.20 16:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.05 16:34:27 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.28 20:06:58 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.02.10 19:56:54 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 12:59:40 | 000,444,767 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15274 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C72CD9E-87F6-4CC1-A174-66E7AE539A03}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell - "" = AutoRun O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\KeePass [2012.11.02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2 [2012.11.02 07:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.02 01:57:27 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Malwarebytes [2012.11.02 01:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.02 01:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 01:56:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.02 01:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.01 23:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer [2012.11.01 23:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PSDViewer [2012.10.31 21:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prio [2012.10.31 16:24:43 | 000,071,680 | ---- | C] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.31 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATITool [2012.10.31 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abit [2012.10.31 16:03:50 | 000,050,688 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\AC2005DLL.dll [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\InstallShield [2012.10.31 14:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CpuIdle Extreme [2012.10.30 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) [2012.10.30 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Gameforge4d [2012.10.30 15:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\GameforgeLive [2012.10.30 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.10.30 03:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.30 02:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.10.30 01:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.10.30 01:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.10.28 16:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.10.24 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\PokerStars.EU [2012.10.24 19:56:44 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012.10.24 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2012.10.23 08:58:11 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.23 08:40:24 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\{7B8087AA-02B0-4278-9F19-9CE69FC5D6A5} [2012.10.20 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Avira [2012.10.20 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.20 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.20 16:16:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.20 16:16:10 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.20 16:16:10 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.20 16:16:10 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.11 00:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Freetec [2012.10.08 22:41:50 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\vlc [2012.10.08 11:32:20 | 000,038,256 | ---- | C] (Xeno) -- C:\Windows\System32\drivers\prio.sys [2012.10.06 02:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.06 02:45:15 | 000,000,000 | ---D | C] -- C:\DRIVERS [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 18:08:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:58:24 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 17:58:24 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 17:58:24 | 000,131,216 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 17:58:24 | 000,107,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 17:52:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.03 17:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 17:51:10 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 17:48:45 | 000,004,014 | ---- | M] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.03 17:47:01 | 000,000,020 | ---- | M] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:29:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 17:12:49 | 000,000,386 | ---- | M] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.03 17:12:04 | 000,000,032 | ---- | M] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.03 17:08:34 | 000,001,281 | ---- | M] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 15:42:18 | 001,147,932 | ---- | M] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 15:08:35 | 000,002,642 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.11.02 14:52:48 | 000,001,098 | ---- | M] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 12:59:40 | 000,444,767 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.02 03:07:03 | 000,007,622 | ---- | M] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:07:56 | 004,780,634 | ---- | M] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:54:06 | 003,245,543 | ---- | M] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:40:57 | 001,282,700 | ---- | M] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:02:07 | 000,001,040 | ---- | M] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 15:10:48 | 001,832,789 | ---- | M] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:52:44 | 000,002,791 | ---- | M] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 12:42:00 | 003,730,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.30 02:06:22 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:53 | 000,027,556 | ---- | M] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:11 | 002,743,780 | ---- | M] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.26 05:16:23 | 000,000,034 | ---- | M] () -- C:\Windows\AvastEmUpdate.ini [2012.10.24 19:56:45 | 000,001,077 | ---- | M] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:13 | 000,171,666 | ---- | M] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:58 | 000,163,051 | ---- | M] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:42:50 | 001,663,966 | ---- | M] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.20 17:15:12 | 008,944,820 | ---- | M] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.20 17:04:23 | 000,001,295 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube Download.lnk [2012.10.20 13:55:56 | 000,001,391 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) -- C:\Windows\System32\drivers\prio.sys [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 17:45:45 | 000,000,020 | ---- | C] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:12:04 | 000,000,032 | ---- | C] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.02 17:45:56 | 000,004,014 | ---- | C] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.02 15:42:03 | 001,147,932 | ---- | C] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 14:52:48 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2012.11.02 14:52:48 | 000,001,098 | ---- | C] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 13:26:33 | 000,000,386 | ---- | C] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.02 13:25:07 | 000,231,936 | ---- | C] ( ) -- C:\Users\HIlo\Desktop\BES.exe [2012.11.02 07:47:51 | 000,001,281 | ---- | C] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 03:07:03 | 000,007,622 | ---- | C] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:04:47 | 004,780,634 | ---- | C] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:22:09 | 003,245,543 | ---- | C] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:02:07 | 000,001,040 | ---- | C] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 14:18:30 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:51:49 | 000,002,791 | ---- | C] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 18:58:18 | 001,832,789 | ---- | C] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.30 13:43:41 | 001,282,700 | ---- | C] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.30 02:06:22 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:50 | 000,027,556 | ---- | C] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:03 | 002,743,780 | ---- | C] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.24 19:56:45 | 000,001,077 | ---- | C] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:12 | 000,171,666 | ---- | C] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:32 | 000,163,051 | ---- | C] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:04:40 | 001,663,966 | ---- | C] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.23 08:57:28 | 000,001,286 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012.10.23 08:56:33 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012.10.20 17:15:03 | 008,944,820 | ---- | C] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.15 15:29:22 | 1555,587,072 | -HS- | C] () -- C:\hiberfil.sys [2012.09.10 16:56:48 | 000,366,160 | ---- | C] () -- C:\Users\HIlo\IMG_0183.JPG [2012.09.10 16:56:48 | 000,294,015 | ---- | C] () -- C:\Users\HIlo\IMG_0207.JPG [2012.09.10 16:56:48 | 000,247,166 | ---- | C] () -- C:\Users\HIlo\IMG_0219.JPG [2012.09.10 16:56:48 | 000,242,912 | ---- | C] () -- C:\Users\HIlo\IMG_0156.JPG [2012.09.10 16:56:48 | 000,238,848 | ---- | C] () -- C:\Users\HIlo\IMG_0195.JPG [2012.09.10 16:56:48 | 000,219,645 | ---- | C] () -- C:\Users\HIlo\IMG_0201.JPG [2012.09.10 16:56:48 | 000,217,815 | ---- | C] () -- C:\Users\HIlo\IMG_0203.JPG [2012.09.10 16:56:48 | 000,217,283 | ---- | C] () -- C:\Users\HIlo\IMG_0220.JPG [2012.09.10 16:56:48 | 000,217,132 | ---- | C] () -- C:\Users\HIlo\IMG_0218.JPG [2012.09.10 16:56:48 | 000,214,516 | ---- | C] () -- C:\Users\HIlo\IMG_0180.JPG [2012.09.10 16:56:48 | 000,210,120 | ---- | C] () -- C:\Users\HIlo\IMG_0159.JPG [2012.09.10 16:56:48 | 000,205,347 | ---- | C] () -- C:\Users\HIlo\IMG_0181.JPG [2012.09.10 16:56:48 | 000,204,411 | ---- | C] () -- C:\Users\HIlo\IMG_0158.JPG [2012.09.10 16:56:48 | 000,203,242 | ---- | C] () -- C:\Users\HIlo\IMG_0202.JPG [2012.09.10 16:56:48 | 000,203,240 | ---- | C] () -- C:\Users\HIlo\IMG_0172.JPG [2012.09.10 16:56:48 | 000,202,540 | ---- | C] () -- C:\Users\HIlo\IMG_0200.JPG [2012.09.10 16:56:48 | 000,197,683 | ---- | C] () -- C:\Users\HIlo\IMG_0173.JPG [2012.09.10 16:56:48 | 000,192,276 | ---- | C] () -- C:\Users\HIlo\IMG_0197.JPG [2012.09.10 16:56:48 | 000,192,192 | ---- | C] () -- C:\Users\HIlo\IMG_0170.JPG [2012.09.10 16:56:48 | 000,191,185 | ---- | C] () -- C:\Users\HIlo\IMG_0164.JPG [2012.09.10 16:56:48 | 000,190,484 | ---- | C] () -- C:\Users\HIlo\IMG_0177.JPG [2012.09.10 16:56:48 | 000,190,245 | ---- | C] () -- C:\Users\HIlo\IMG_0169.JPG [2012.09.10 16:56:48 | 000,187,186 | ---- | C] () -- C:\Users\HIlo\IMG_0171.JPG [2012.09.10 16:56:48 | 000,186,537 | ---- | C] () -- C:\Users\HIlo\IMG_0178.JPG [2012.09.10 16:56:48 | 000,184,973 | ---- | C] () -- C:\Users\HIlo\IMG_0174.JPG [2012.09.10 16:56:48 | 000,178,575 | ---- | C] () -- C:\Users\HIlo\IMG_0204.JPG [2012.09.10 16:56:48 | 000,176,010 | ---- | C] () -- C:\Users\HIlo\IMG_0179.JPG [2012.09.10 16:56:48 | 000,166,273 | ---- | C] () -- C:\Users\HIlo\IMG_0206.JPG [2012.09.10 16:56:48 | 000,163,328 | ---- | C] () -- C:\Users\HIlo\IMG_0198.JPG [2012.09.10 16:56:48 | 000,157,614 | ---- | C] () -- C:\Users\HIlo\IMG_0205.JPG [2012.09.10 16:56:48 | 000,156,800 | ---- | C] () -- C:\Users\HIlo\IMG_0182.JPG [2012.09.10 16:56:48 | 000,153,109 | ---- | C] () -- C:\Users\HIlo\IMG_0167.JPG [2012.09.10 16:56:48 | 000,107,572 | ---- | C] () -- C:\Users\HIlo\IMG_0163.JPG [2012.09.10 16:56:48 | 000,097,796 | ---- | C] () -- C:\Users\HIlo\IMG_0162.JPG [2012.08.25 19:42:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.08.17 13:59:34 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini [2012.07.20 21:49:43 | 000,002,642 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.06 16:45:33 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI [2011.12.04 01:48:14 | 000,000,057 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.03 21:39:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.03 21:33:43 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.05.25 18:03:27 | 000,000,990 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.19 22:31:02 | 000,003,584 | ---- | C] () -- C:\Users\HIlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.05 16:34:37 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Weiße Edition.nds [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Schwarze Edition.nds [2011.01.05 02:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.04 22:56:21 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.04 22:56:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.04 21:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.25 08:11:32 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\.minecraft [2012.08.21 20:49:34 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ALDITALKVerbindungsassistent [2011.02.25 23:24:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Ashampoo [2012.10.30 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Audacity [2012.08.25 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Boilsoft [2011.01.04 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\CachedFiles [2011.07.30 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.10 23:44:10 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DAEMON Tools Lite [2012.10.20 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoft [2012.08.26 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\FreeFLVConverter [2012.08.26 14:51:15 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Freemium [2011.05.17 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GetRightToGo [2011.10.29 12:40:18 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Gomez [2012.01.02 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GrabPro [2012.06.20 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\HandBrake [2012.10.30 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.11.03 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\KeePass [2011.02.14 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Leadertech [2011.10.29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\LibreOffice [2012.07.14 03:24:26 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ManyCam [2012.07.20 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mirkes.de [2012.08.25 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Moyea [2011.12.11 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mp3DirectCut [2012.10.31 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.30 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Opera [2012.01.02 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Orbit [2011.11.26 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Origin [2011.12.10 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PC Suite [2011.11.06 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PhotoScape [2011.10.24 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ProgSense [2012.06.20 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Publish Providers [2012.02.05 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Samsung [2012.06.20 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Sony [2011.07.30 13:54:11 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.11 01:00:27 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\SumatraPDF [2012.01.01 13:13:05 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Teeworlds [2012.08.25 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\tiger-k [2012.03.17 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\toolplugin [2011.12.10 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\TuneUp Software [2011.01.11 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Update ========== Purity Check ========== < End of report > |
| Themen zu Trojanercheck |
| audacity, avira, bho, canon, converter, desktop, document, error, excel, festplatte, flash player, google, home, iexplore.exe, install.exe, jdownloader, lenovo, logfile, mp3, msvcrt, object, office 2007, origin, popup, programm, recuva, richtlinie, scan, search the web, security, senden, server, software, svchost.exe, trojaner, virus, windows |
Baum-Darstellung