Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.06.2013, 18:37   #1
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Hej,

in einer Mail kam heute eine Mahnung mit einem Anhang. Der Anhang war eine .zip file in der sich noch eine .zip file befand und darin eine MS DOS file. Ich Idiot habe draufgeklickt und erst dann realisiert, dass ich mich blamiert hab.

Meinetwegen könnte ich den PC komplett neu formatieren, aber ich arbeite an einem Projekt und könnte dies erst in etwa 20 Tagen machen.

Ich habe die Schritte, die ihr in dem Fall empfehlt durchgeführt und hier kommen die log files:


OTL.txt
Code:
ATTFilter
OTL logfile created on: 17.06.2013 18:10:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.90 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.24% Memory free
7.80 Gb Paging File | 5.84 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 27.87 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
 
Computer Name: MAX-THINKPAD | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2013.06.14 17:38:47 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.24 11:29:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.15 08:08:16 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.13 16:52:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe
PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.07.27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.24 11:29:07 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.05.15 08:08:16 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.05.15 08:08:16 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013.05.15 08:08:16 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.12 10:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2012.02.29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.11.01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.11.01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.10.20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.10.19 20:51:39 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2011.10.19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011.07.12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 16:39:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 11:29:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.06.19 17:03:25 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe -- (ROCKEY6S_SPSVC)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe -- (ROCKEY6SMARTSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.26 11:22:00 | 000,158,592 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1098.sys -- (RDID1098)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.10.06 21:17:02 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.10.06 21:17:02 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.05.23 00:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.06 22:41:32 | 000,065,648 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rockusb.sys -- (Rockusb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.20 11:24:16 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.06 17:00:02 | 000,393,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0700Vid.sys -- (V0700Vid)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.06.07 05:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.04.23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.19 01:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.12.28 15:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.09.17 08:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009.09.17 08:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2009.07.22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 17:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.09.23 00:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.26 23:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 FE 0B 18 57 38 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M]
 
[2012.05.22 23:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions
[2013.06.05 10:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions
[2012.11.30 18:18:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.06.05 10:59:27 | 000,054,689 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2013.05.10 14:21:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 11:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.24 11:29:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0700Ext.ax] C:\Windows\SysNative\V0700Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0700Ext.ax] C:\Windows\SysWOW64\V0700Ext.ax (Creative Technology Ltd.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [ujtwwutc] C:\Users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe (Bloodshed Software)
O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.237.72.200 130.237.72.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB318EA-80D1-46C6-9AB6-2C57AA88B1B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B9B516-7FC4-4A37-AA67-D06B1509E193}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0E05EB0-1690-40E4-AABD-3D52F8A34FBE}: DhcpNameServer = 130.237.72.200 130.237.72.201
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{04faf21d-c3a0-11e1-8c34-00216a1cb100}\Shell - "" = AutoRun
O33 - MountPoints2\{04faf21d-c3a0-11e1-8c34-00216a1cb100}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{303723ac-a455-11e1-b969-002713b84570}\Shell - "" = AutoRun
O33 - MountPoints2\{303723ac-a455-11e1-b969-002713b84570}\Shell\AutoRun\command - "" = H:\autostart.exe
O33 - MountPoints2\{ac3be8d7-95fd-11e2-82bc-002713b84570}\Shell - "" = AutoRun
O33 - MountPoints2\{ac3be8d7-95fd-11e2-82bc-002713b84570}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b820506a-a44d-11e1-b4db-002713b84570}\Shell - "" = AutoRun
O33 - MountPoints2\{b820506a-a44d-11e1-b4db-002713b84570}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.17 18:07:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013.06.17 17:23:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Zlllm
[2013.06.15 21:40:50 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Presentation Figures
[2013.06.08 10:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise 2000
[2013.06.08 10:32:23 | 000,409,600 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\cfgdll.dll
[2013.06.08 10:32:23 | 000,307,200 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Viewer.dll
[2013.06.08 10:32:23 | 000,274,432 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\fmtdll.dll
[2013.06.08 10:32:23 | 000,221,184 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Imagedll.dll
[2013.06.08 10:32:23 | 000,188,416 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Cgmdll.dll
[2013.06.08 10:32:23 | 000,098,304 | ---- | C] (Jouve) -- C:\Windows\SysWow64\activvf.ocx
[2013.06.08 10:32:23 | 000,077,824 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\jpegw.dll
[2013.06.08 10:32:23 | 000,036,864 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\ccittg4.dll
[2013.06.08 10:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internoise
[2013.06.05 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\pirateplay
[2013.06.05 00:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pirateplayer
[2013.06.03 09:59:46 | 000,000,000 | ---D | C] -- C:\Users\Max\.pdfsam
[2013.06.03 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDFmerge
[2013.05.29 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\U3
[2013.05.24 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\CV
[2013.05.24 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 19:19:54 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2013.05.22 19:18:59 | 000,000,000 | ---D | C] -- C:\Netgear
[1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.17 18:09:04 | 000,377,856 | ---- | M] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe
[2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013.06.17 18:07:15 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable
[2013.06.17 18:06:39 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe
[2013.06.17 17:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.17 17:22:00 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.17 17:03:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.17 11:31:41 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.17 11:31:41 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.17 11:31:41 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.17 09:40:11 | 000,022,924 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel
[2013.06.16 19:46:39 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.16 12:01:06 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2013.06.16 11:02:46 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 11:02:46 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 10:53:42 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.16 00:21:31 | 000,769,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.14 14:18:44 | 001,079,430 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.bmp
[2013.06.14 14:17:43 | 001,060,254 | ---- | M] () -- C:\Users\Max\Desktop\OD_4000.bmp
[2013.06.14 14:16:53 | 001,061,114 | ---- | M] () -- C:\Users\Max\Desktop\OD_2000.bmp
[2013.06.14 14:15:58 | 001,060,918 | ---- | M] () -- C:\Users\Max\Desktop\OD_1000.bmp
[2013.06.14 14:15:10 | 001,051,398 | ---- | M] () -- C:\Users\Max\Desktop\OD_500.bmp
[2013.06.14 14:13:42 | 000,132,485 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.jpg
[2013.06.12 21:24:01 | 1857,227,233 | ---- | M] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
[2013.06.11 10:23:03 | 001,370,927 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif
[2013.06.11 10:21:57 | 000,000,379 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
[2013.06.11 10:18:56 | 000,237,858 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif
[2013.06.11 10:17:51 | 000,000,355 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm
[2013.06.11 10:11:58 | 000,360,458 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif
[2013.06.11 09:51:27 | 000,000,354 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm
[2013.06.10 13:50:41 | 000,170,487 | ---- | M] () -- C:\Users\Max\Desktop\chart.pdf
[2013.06.09 23:08:18 | 005,012,172 | ---- | M] () -- C:\Users\Max\Desktop\Max_Report.pdf
[2013.06.08 10:32:32 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Internoise 2000.lnk
[2013.06.07 12:02:29 | 000,003,521 | ---- | M] () -- C:\Users\Max\Desktop\drawing.svg
[2013.06.07 10:01:53 | 003,072,054 | ---- | M] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
[2013.06.06 11:28:42 | 000,023,433 | ---- | M] () -- C:\Users\Max\Desktop\4000.png
[2013.06.06 11:27:43 | 000,027,445 | ---- | M] () -- C:\Users\Max\Desktop\2000.png
[2013.06.06 11:26:35 | 000,031,624 | ---- | M] () -- C:\Users\Max\Desktop\1000.png
[2013.06.06 11:25:24 | 000,032,814 | ---- | M] () -- C:\Users\Max\Desktop\500.png
[2013.06.06 11:24:12 | 000,030,349 | ---- | M] () -- C:\Users\Max\Desktop\250.png
[2013.06.05 00:33:52 | 1901,246,096 | ---- | M] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
[2013.06.04 21:38:05 | 000,001,051 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.03 15:19:32 | 000,005,600 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind
[2013.06.03 15:19:32 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2013.05.29 23:48:02 | 000,279,259 | ---- | M] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf
[2013.05.29 18:08:49 | 000,108,434 | ---- | M] () -- C:\Users\Max\New_document_1-g2993-4294967129.png
[2013.05.29 10:40:14 | 000,044,004 | ---- | M] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf
[2013.05.27 15:38:15 | 000,003,385 | ---- | M] () -- C:\Users\Max\Desktop\reportsii.m
[2013.05.22 19:29:33 | 000,005,880 | ---- | M] () -- C:\Users\Max\Desktop\Router_Setup.html
[2013.05.21 15:40:14 | 000,000,404 | ---- | M] () -- C:\Users\Max\Desktop\lowpass.m
[2013.05.21 15:30:21 | 009,843,804 | ---- | M] () -- C:\Users\Max\Desktop\datalow.mat
[2013.05.21 09:24:16 | 004,644,887 | ---- | M] () -- C:\Users\Max\Desktop\Max_Utkast.pdf
[1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 18:09:03 | 000,377,856 | ---- | C] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe
[2013.06.17 18:07:15 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable
[2013.06.17 18:06:37 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe
[2013.06.17 09:40:11 | 000,022,924 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel
[2013.06.14 14:18:44 | 001,079,430 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.bmp
[2013.06.14 14:17:43 | 001,060,254 | ---- | C] () -- C:\Users\Max\Desktop\OD_4000.bmp
[2013.06.14 14:16:53 | 001,061,114 | ---- | C] () -- C:\Users\Max\Desktop\OD_2000.bmp
[2013.06.14 14:15:58 | 001,060,918 | ---- | C] () -- C:\Users\Max\Desktop\OD_1000.bmp
[2013.06.14 14:15:10 | 001,051,398 | ---- | C] () -- C:\Users\Max\Desktop\OD_500.bmp
[2013.06.14 14:13:42 | 000,132,485 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.jpg
[2013.06.12 21:17:14 | 1857,227,233 | ---- | C] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
[2013.06.11 10:17:51 | 000,237,858 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif
[2013.06.11 10:17:51 | 000,000,355 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm
[2013.06.11 10:17:01 | 000,000,379 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
[2013.06.11 10:17:00 | 001,370,927 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif
[2013.06.11 09:51:27 | 000,000,354 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm
[2013.06.11 09:51:26 | 000,360,458 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif
[2013.06.10 13:50:40 | 000,170,487 | ---- | C] () -- C:\Users\Max\Desktop\chart.pdf
[2013.06.09 23:08:18 | 005,012,172 | ---- | C] () -- C:\Users\Max\Desktop\Max_Report.pdf
[2013.06.08 10:32:32 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise2000.lnk
[2013.06.08 10:32:32 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Internoise 2000.lnk
[2013.06.07 12:02:29 | 000,003,521 | ---- | C] () -- C:\Users\Max\Desktop\drawing.svg
[2013.06.07 10:01:53 | 003,072,054 | ---- | C] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
[2013.06.06 11:28:42 | 000,023,433 | ---- | C] () -- C:\Users\Max\Desktop\4000.png
[2013.06.06 11:27:43 | 000,027,445 | ---- | C] () -- C:\Users\Max\Desktop\2000.png
[2013.06.06 11:26:35 | 000,031,624 | ---- | C] () -- C:\Users\Max\Desktop\1000.png
[2013.06.06 11:25:24 | 000,032,814 | ---- | C] () -- C:\Users\Max\Desktop\500.png
[2013.06.06 11:24:12 | 000,030,349 | ---- | C] () -- C:\Users\Max\Desktop\250.png
[2013.06.05 00:26:02 | 1901,246,096 | ---- | C] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
[2013.05.29 23:48:02 | 000,279,259 | ---- | C] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf
[2013.05.29 18:08:49 | 000,108,434 | ---- | C] () -- C:\Users\Max\New_document_1-g2993-4294967129.png
[2013.05.29 10:21:51 | 000,044,004 | ---- | C] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf
[2013.05.27 15:26:23 | 000,003,385 | ---- | C] () -- C:\Users\Max\Desktop\reportsii.m
[2013.05.22 19:29:33 | 000,000,172 | R--- | C] () -- C:\Users\Max\Desktop\Router Login.url
[2013.05.22 19:29:30 | 000,005,880 | ---- | C] () -- C:\Users\Max\Desktop\Router_Setup.html
[2013.05.21 15:30:20 | 009,843,804 | ---- | C] () -- C:\Users\Max\Desktop\datalow.mat
[2013.05.21 15:28:14 | 000,000,404 | ---- | C] () -- C:\Users\Max\Desktop\lowpass.m
[2013.05.21 15:27:06 | 002,571,308 | ---- | C] () -- C:\Users\Max\Desktop\sample.wav
[2013.05.21 09:24:16 | 004,644,887 | ---- | C] () -- C:\Users\Max\Desktop\Max_Utkast.pdf
[2013.05.02 14:03:38 | 000,070,338 | ---- | C] () -- C:\Users\Max\drawing.eps
[2013.04.04 15:10:14 | 000,007,680 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 11:27:08 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013.02.26 11:26:32 | 000,000,202 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013.02.26 11:26:29 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.11.01 18:47:02 | 000,769,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.22 16:31:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.27 11:16:02 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Max\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.21 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity
[2012.05.22 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AVG2012
[2013.06.17 09:47:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BatteryCare
[2013.04.10 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2013.06.16 10:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Dropbox
[2012.06.07 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Duden
[2012.06.14 08:22:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\e-academy Inc
[2012.06.03 18:40:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Garmin
[2013.02.04 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\inkscape
[2012.05.31 16:41:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Personal
[2012.09.21 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PlayCatanClient
[2012.10.06 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Sony
[2013.06.17 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Spotify
[2012.07.01 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Telefónica
[2012.06.15 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\The Creative Assembly
[2012.05.23 00:52:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Thunderbird
[2013.01.28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Unigraphics Solutions
[2012.06.03 12:00:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wise Registry Cleaner
[2012.06.19 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xm1
[2013.06.17 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Zlllm
 
========== Purity Check ==========
 
 

< End of report >
         
EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 17.06.2013 18:10:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.90 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.24% Memory free
7.80 Gb Paging File | 5.84 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 27.87 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
 
Computer Name: MAX-THINKPAD | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057B0E8A-5F58-491E-9E5A-72EA69F80E0E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0E4CD123-453B-4EA9-B44D-BE4B31B94E09}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{23778A69-0C09-4DF7-84C3-CE8BD3A90510}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23EC83E0-3B6E-4BA8-8A89-062595DFC3B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F40437F-FC0A-4901-9FBB-E6B0F56033CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E68251D-E356-441A-BA5C-FC8FB933E25A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D69CA86-BB10-4F5F-B4B8-1A9218FCB421}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50C6AE30-1DB2-4539-8A9B-78850C5A0228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{616DFA7E-B3F8-4507-8A42-FF84F3053559}" = rport=445 | protocol=6 | dir=out | app=system | 
"{641CEB65-AAA8-45B7-AE5C-9977897BD4B5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{70DC7660-9DD3-4775-8AA4-A175F23E7648}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{713D6B9D-FB80-4BEB-A2E4-9CB70E6FA3B1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{72017702-C3A2-4D05-91CE-794041DDF5A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74ECC0F7-7F33-4F8E-8BD2-7BBDF6EE3707}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7BFEDF8B-BB09-4B2B-BEF6-6A67F7A2C911}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C789058-2270-405B-A888-6DFD26CC98C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{91E8952B-9513-4461-9D8F-05737B17CA03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{982981CA-EC28-4917-8D5B-E64931462F0C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9E662D68-B9DC-4F62-9CF4-24E3EECE25D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B47278D3-D086-43C2-9027-248FBDA0F674}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{D532EBDE-289F-4D7C-87C3-A34442BC730A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E71806D9-CD0C-4A8E-B221-F99C1838BE77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF0D3114-AA3C-4CA0-B188-3E59EB5DE5F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F3CB1D33-343D-490A-83E2-233626627B89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1493ED9D-C759-4DA7-84BE-16DA3ED3564F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{157CC5A1-E7EA-4A4D-8C57-9939E6EA6740}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{18A08E85-688A-4C17-A575-B4BAF5462763}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1B4D69C1-CDD6-479E-8F1E-847BC94F55FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1B955C7D-BF23-42C7-BD57-C607D2B2E59A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{237BCC2E-3F86-4D8D-BC32-C30053BAC50D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{269918C6-8655-45AD-B096-C2CB5BD1276A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{272D9FEC-D20A-4CA6-9E30-A4BC3941F7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{27C98F19-5341-425E-9001-18E35C08E4EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2F034B52-40DC-4E83-81DC-C1C28B2AA218}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{34C2C496-FB9C-456A-93A9-0AEFD23992BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{38E78D36-3AFB-4227-A028-F95A3E317A1B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3958A2C1-74B0-42AC-BAE7-ACDE45B84EFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AD4D357-CEBB-47BD-89D5-8E97F092814E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{5C057DC1-88F0-44AF-B755-B9515EAD263F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67C3F36B-9FAD-41B9-83A6-3D2E0FBA748E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71FE43C2-5F69-471A-BE9E-6BE5D5E81669}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{857BE3F8-E607-4EF2-BECE-91843964801E}" = protocol=6 | dir=out | app=system | 
"{862F3FF3-B74A-4BC8-BD2E-13C5173417F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{87407D2F-97F9-4BF1-8B93-2BD920D8E8D0}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{89BE4924-DD62-458D-8983-707A1B692445}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{965EF96A-2A99-4205-A484-D9002E38D350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B64DED4F-2C06-4C6F-B975-451902538C2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBBDF91C-3E37-4091-800C-AB36C86D3FCC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BEB78F95-1D9F-4BBD-9726-704E5BDB2529}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C0C071E2-8269-4299-844C-023932A80495}" = dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{C7A7903C-B8BF-4203-A948-1AA8D6CC4F79}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D5654723-B867-4A8C-86B3-5A29FCBFB28A}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{D7387C7F-7928-4DF9-B2A2-8986A941165C}" = dir=out | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{DCCFFECB-D3A3-4100-90AD-D62951C1C2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E0CC08BD-BAB3-47D1-ABFF-09F3D30B6E16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E81CBF9A-F7C7-41DB-9D2B-C6A409EEE16B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EC87AAE8-C22A-48F2-9E12-2853B2B04092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2373573-0106-4C80-85EE-164110FF9673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F49A7D95-3D91-4DE7-BBF0-62F5DBC3EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"TCP Query User{07CDEA5F-114C-4219-85B0-A5E83CF24293}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{1AC089DD-0409-402E-8146-950A92F10244}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C087D1CF-1E40-4B37-BEE6-F99A62BB1387}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0508813B-B26D-4321-A594-2884966860D9}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{48268E17-4811-41E2-8270-53B3CF2532D7}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{76CA6A7A-1A47-4D82-BA42-8927567BA319}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}" = Intel(R) Network Connections 17.1.55.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DE02B016-E096-437F-8D96-853BB36011D5}" = Solid Edge ST4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Creative VF0700" = Creative Live! Cam Chat HD (VF0700) (1.00.06.00)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.9" = MiKTeX 2.9
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 17.1.55.0
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"RolandRDID0098" = UA-1G Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ZTE USB Driver" = ZTE USB Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.114.08260
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.13.0
"{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}" = Handelsbanken kortläsare
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DB150C19-4A8F-4EF7-AC75-96098EACE179}" = PDF Password Remover
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Inkscape" = Inkscape 0.48.4
"Internoise2000" = Internoise2000
"Mendeley Desktop" = Mendeley Desktop 1.8
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"Odeon11CombinedDemo" = Odeon 11 CombinedDemo (remove only)
"Odeon11Industrial" = Odeon 11 Industrial (remove only)
"Odeon12Industrial" = Odeon 12 Industrial (remove only)
"Pirateplayer" = Pirateplayer
"PlayCatan Client" = PlayCatan Access Software
"ProInst" = Intel PROSet Wireless
"SpectraPLUS" = SpectraPLUS
"SpectraPLUS-SC" = SpectraPLUS-SC
"Texmaker" = Texmaker
"Ubuntu One 4.1.91" = Ubuntu One
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.67
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.06.2013 11:08:16 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
 stamp: 0x518ec3cc  Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
 0x518ec306  Exception code: 0xc0000005  Fault offset: 0x001c9789  Faulting process id:
 0x34c  Faulting application start time: 0x01ce61345c2fe77a  Faulting application path:
 C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program
 Files (x86)\Mozilla Firefox\xul.dll  Report Id: 94f8ffa8-cd28-11e2-bc8a-002713b84570
 
Error - 05.06.2013 10:41:09 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: texmaker.exe, version: 0.0.0.0, time stamp:
 0x4fbe6624  Faulting module name: texmaker.exe, version: 0.0.0.0, time stamp: 0x4fbe6624
Exception
 code: 0xc0000005  Fault offset: 0x0014ec93  Faulting process id: 0x13b0  Faulting application
 start time: 0x01ce61fa71e3864b  Faulting application path: C:\Program Files (x86)\Texmaker\texmaker.exe
Faulting
 module path: C:\Program Files (x86)\Texmaker\texmaker.exe  Report Id: f5add165-cded-11e2-9cc3-002713b84570
 
Error - 06.06.2013 06:30:15 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 08.06.2013 10:36:48 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 09.06.2013 08:39:56 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 10.06.2013 06:20:19 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 14.06.2013 04:41:07 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 14.06.2013 05:22:24 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
 stamp: 0x518ec3cc  Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
 0x518ec306  Exception code: 0xc0000005  Fault offset: 0x001c9789  Faulting process id:
 0xf24  Faulting application start time: 0x01ce68d473a12213  Faulting application path:
 C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program
 Files (x86)\Mozilla Firefox\xul.dll  Report Id: ebf00bef-d4d3-11e2-9ca9-002713b84570
 
Error - 15.06.2013 14:09:41 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 16.06.2013 07:44:17 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.06.2013 03:11:29 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 16.06.2013 04:54:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
 Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
 WINDOWS_ERROR_CODE 
 
Error - 16.06.2013 04:54:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 16.06.2013 04:54:11 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 30.05.2013 03:10:46 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR8.
 
Error - 03.06.2013 03:35:44 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.
 
Error - 03.06.2013 04:05:00 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.
 
Error - 03.06.2013 04:08:31 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR13.
 
Error - 04.06.2013 18:33:50 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 06.06.2013 11:51:41 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 09.06.2013 15:30:28 | Computer Name = Max-ThinkPad | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 11.06.2013 10:07:28 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 12.06.2013 15:24:30 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 13.06.2013 04:12:42 | Computer Name = Max-ThinkPad | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
 
< End of report >
         
Gmer.txt
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-17 19:19:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0  rev. 0.00MB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Max\AppData\Local\Temp\fwlcykob.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                           fffff96000154000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                       fffff96000154008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Lenovo\System Update\SUService.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076171465 2 bytes [17, 76]
.text   C:\Program Files (x86)\Lenovo\System Update\SUService.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000761714bb 2 bytes [17, 76]
.text   ...                                                                                                                       * 2
.text   C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[3808] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69        0000000076171465 2 bytes [17, 76]
.text   C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[3808] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155       00000000761714bb 2 bytes [17, 76]
.text   ...                                                                                                                       * 2
.text   C:\Windows\SysWOW64\svchost.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076171465 2 bytes [17, 76]
.text   C:\Windows\SysWOW64\svchost.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000761714bb 2 bytes [17, 76]
.text   ...                                                                                                                       * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\svchost.exe [3532:3780]                                                                               000000007efa0000
Thread  C:\Windows\SysWOW64\svchost.exe [3532:3900]                                                                               000000007efab973

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                     sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         
Wäre super, wenn ihr mir weiterhelfen könntet. Am besten mit einer Entwarnung, aber wahrscheinlich verdient meine Dummheit nicht, dass ich ungeschoren davon komme.

/Ramlosa

Alt 17.06.2013, 18:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 17.06.2013, 19:24   #3
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Hej,

superschnelle Antwort, danke!

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by Max (administrator) on 17-06-2013 20:19:45
Running from C:\Users\Max\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Feitian Technologies Co., Ltd.) C:\Program Files (x86)\Odeon11Industrial\rockey6smartsvc.exe
(Feitian Technologies Co., Ltd.) C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files (x86)\Texmaker\texmaker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [C:\Windows\system32\V0700Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0700Ext.ax [19456 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-14] (Spotify Ltd)
HKCU\...\Run: [ujtwwutc] C:\Users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe [129536 2013-06-17] (Bloodshed Software)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {04faf21d-c3a0-11e1-8c34-00216a1cb100} - E:\AutoRun.exe
MountPoints2: {303723ac-a455-11e1-b969-002713b84570} - H:\autostart.exe
MountPoints2: {ac3be8d7-95fd-11e2-82bc-002713b84570} - E:\LaunchU3.exe -a
MountPoints2: {b820506a-a44d-11e1-b4db-002713b84570} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0700Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0700Ext.ax [19456 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 130.237.72.200 130.237.72.201

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: No Name - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2011-10-19] (CrypKey (Canada) Ltd.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 ROCKEY6SMARTSVC; C:\Program Files (x86)\Odeon11Industrial\rockey6smartsvc.exe [106496 2007-10-15] (Feitian Technologies Co., Ltd.)
R2 ROCKEY6S_SPSVC; C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe [126976 2011-11-30] (Feitian Technologies Co., Ltd.)
S4 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-23] (DT Soft Ltd)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
S3 RDID1098; C:\Windows\System32\Drivers\rdwm1098.sys [158592 2013-02-26] (Roland Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65648 2012-03-06] (Fuzhou Rockchip Electronics Co,Ltd.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [393920 2011-09-06] (Creative Technology Ltd.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
U3 fwlcykob; \??\C:\Users\Max\AppData\Local\Temp\fwlcykob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-17 20:19 - 2013-06-17 20:19 - 00000000 ____D C:\FRST
2013-06-17 20:18 - 2013-06-17 20:19 - 01926844 ____A (Farbar) C:\Users\Max\Desktop\FRST64.exe
2013-06-17 19:42 - 2013-06-17 19:42 - 00004639 ____A C:\Users\Max\Desktop\Old_results.txt
2013-06-17 19:19 - 2013-06-17 19:19 - 00002663 ____A C:\Users\Max\Desktop\Gmer.log
2013-06-17 18:18 - 2013-06-17 18:18 - 00072176 ____A C:\Users\Max\Desktop\Extras.Txt
2013-06-17 18:17 - 2013-06-17 18:17 - 00094324 ____A C:\Users\Max\Desktop\OTL.Txt
2013-06-17 18:09 - 2013-06-17 18:09 - 00377856 ____A C:\Users\Max\Desktop\gmer_2.1.19163.exe
2013-06-17 18:07 - 2013-06-17 18:07 - 00602112 ____A (OldTimer Tools) C:\Users\Max\Desktop\OTL.exe
2013-06-17 18:07 - 2013-06-17 18:07 - 00000468 ____A C:\Users\Max\Desktop\defogger_disable.log
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____A C:\Users\Max\defogger_reenable
2013-06-17 18:06 - 2013-06-17 18:06 - 00050477 ____A C:\Users\Max\Desktop\Defogger.exe
2013-06-17 17:23 - 2013-06-17 17:23 - 00000000 ____D C:\Users\Max\AppData\Roaming\Zlllm
2013-06-17 11:29 - 2013-06-17 11:27 - 02142368 ____A C:\Users\Max\Desktop\Active Noise Control Final Presentation Bombardier.pptx
2013-06-17 09:40 - 2013-06-17 09:40 - 00022924 ____A C:\Users\Max\AppData\Local\recently-used.xbel
2013-06-15 23:06 - 2013-06-17 11:33 - 03226879 ____A C:\Users\Max\Desktop\Final.pptx
2013-06-15 21:40 - 2013-06-16 21:19 - 00000000 ____D C:\Users\Max\Desktop\Presentation Figures
2013-06-14 14:18 - 2013-06-14 14:18 - 01079430 ____A C:\Users\Max\Desktop\OD_250.bmp
2013-06-14 14:17 - 2013-06-14 14:17 - 01060254 ____A C:\Users\Max\Desktop\OD_4000.bmp
2013-06-14 14:16 - 2013-06-14 14:16 - 01061114 ____A C:\Users\Max\Desktop\OD_2000.bmp
2013-06-14 14:15 - 2013-06-14 14:15 - 01060918 ____A C:\Users\Max\Desktop\OD_1000.bmp
2013-06-14 14:15 - 2013-06-14 14:15 - 01051398 ____A C:\Users\Max\Desktop\OD_500.bmp
2013-06-13 10:27 - 2013-06-13 10:27 - 01095949 ____A C:\Users\Max\Desktop\ANC presentation for Bombardier Acousticians.pptx
2013-06-13 10:19 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 10:19 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 10:19 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 10:19 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 10:19 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 10:19 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 10:19 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 10:19 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 10:19 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 10:19 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 10:19 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 10:19 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 10:19 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 10:19 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 10:19 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 10:19 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 10:19 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 10:19 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 10:19 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 10:19 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 10:19 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 10:19 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 10:19 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 10:19 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 10:19 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 10:19 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 10:19 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 10:19 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 10:19 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 10:19 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 10:19 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 10:19 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 21:17 - 2013-06-12 21:24 - 1857227233 ____A C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
2013-06-12 09:47 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:47 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:47 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:47 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:47 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:47 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:47 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:47 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:47 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:47 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:47 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:47 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:47 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:47 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:47 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:47 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:47 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:47 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:47 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:55 - 2013-06-13 10:37 - 00020339 ____A C:\Users\Max\Documents\Book1.xlsx
2013-06-11 10:54 - 2013-06-13 10:36 - 03446835 ____A C:\Users\Max\Desktop\Presentation 130613.pptx
2013-06-11 10:17 - 2013-06-11 10:21 - 00000379 ____A C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
2013-06-11 10:17 - 2013-06-11 10:17 - 00000355 ____A C:\Users\Max\Desktop\new3DbillardYZ.htm
2013-06-11 09:51 - 2013-06-11 09:51 - 00000354 ____A C:\Users\Max\Desktop\3D_Billard_YZ.htm
2013-06-08 16:56 - 2013-06-08 16:56 - 00001521 ____A C:\Users\Max\Desktop\old_task_def.txt
2013-06-08 10:32 - 2013-06-08 10:32 - 00001110 ____A C:\Users\Public\Desktop\Internoise 2000.lnk
2013-06-08 10:32 - 2013-06-08 10:32 - 00000000 ____D C:\Program Files (x86)\Internoise
2013-06-08 10:32 - 2000-12-22 14:32 - 00307200 ____A (JOUVE SA) C:\Windows\SysWOW64\Viewer.dll
2013-06-08 10:32 - 2000-12-22 14:32 - 00221184 ____A (JOUVE SA) C:\Windows\SysWOW64\Imagedll.dll
2013-06-08 10:32 - 2000-12-22 14:32 - 00098304 ____A (Jouve) C:\Windows\SysWOW64\activvf.ocx
2013-06-08 10:32 - 2000-12-22 12:14 - 00274432 ____A (JOUVE SA) C:\Windows\SysWOW64\fmtdll.dll
2013-06-08 10:32 - 2000-12-22 12:14 - 00077824 ____A (JOUVE SA) C:\Windows\SysWOW64\jpegw.dll
2013-06-08 10:32 - 2000-12-22 12:13 - 00409600 ____A (JOUVE SA) C:\Windows\SysWOW64\cfgdll.dll
2013-06-08 10:32 - 2000-12-22 12:11 - 00036864 ____A (JOUVE SA) C:\Windows\SysWOW64\ccittg4.dll
2013-06-08 10:32 - 2000-12-22 12:07 - 00188416 ____A (JOUVE SA) C:\Windows\SysWOW64\Cgmdll.dll
2013-06-08 10:32 - 2000-05-22 00:00 - 00203976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Richtx32.ocx
2013-06-08 10:32 - 2000-05-22 00:00 - 00118976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Msadodc.ocx
2013-06-08 10:32 - 1999-06-03 00:00 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2013-06-08 10:32 - 1999-03-03 13:50 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Vb6fr.dll
2013-06-07 12:02 - 2013-06-07 12:02 - 00003521 ____A C:\Users\Max\Desktop\drawing.svg
2013-06-07 10:01 - 2013-06-07 10:01 - 03072054 ____A C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
2013-06-05 16:41 - 2013-06-05 16:41 - 00001241 ____A C:\Users\Max\Desktop\BOX_bg_160_8000.txt
2013-06-05 14:41 - 2013-06-05 15:43 - 00000394 ____A C:\Users\Max\Desktop\Legend_pos_for_plotyy.txt
2013-06-05 13:06 - 2013-06-05 13:06 - 00067864 ____A C:\Users\Max\Downloads\matlab2tikz_0.3.3.zip
2013-06-05 11:01 - 2013-06-05 11:04 - 15682862 ____A () C:\Users\Max\Downloads\z60860L13.exe
2013-06-05 00:26 - 2013-06-05 00:33 - 1901246096 ____A C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
2013-06-05 00:25 - 2013-06-05 00:25 - 00000000 ____D C:\Users\Max\AppData\Local\pirateplay
2013-06-05 00:25 - 2013-06-05 00:25 - 00000000 ____D C:\Program Files (x86)\Pirateplayer
2013-06-05 00:24 - 2013-06-05 00:24 - 28896608 ____A C:\Users\Max\Downloads\ppinstaller_-_v0_5_0.exe
2013-06-03 10:58 - 2013-06-12 21:24 - 00030720 __ASH C:\Users\Max\Thumbs.db
2013-06-03 09:59 - 2013-06-03 09:59 - 00000000 ____D C:\Users\Max\.pdfsam
2013-06-03 09:51 - 2013-06-03 09:52 - 00000000 ____D C:\Program Files\PDFmerge
2013-05-30 17:00 - 2013-05-30 17:00 - 00003042 ____A C:\Users\Max\Desktop\Total_abs.Job01.00001.txt
2013-05-29 10:41 - 2013-05-29 10:41 - 00000000 ____D C:\Users\Max\AppData\Roaming\U3
2013-05-27 15:26 - 2013-05-27 15:38 - 00003385 ____A C:\Users\Max\Desktop\reportsii.m
2013-05-24 17:02 - 2013-06-03 10:13 - 00000000 ____D C:\Users\Max\Documents\CV
2013-05-24 11:28 - 2013-05-24 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-22 19:29 - 2013-05-22 19:29 - 00005880 ____A C:\Users\Max\Desktop\Router_Setup.html
2013-05-22 19:29 - 2010-06-07 05:12 - 00000172 ___RA C:\Users\Max\Desktop\Router Login.url
2013-05-22 19:19 - 2010-06-07 05:12 - 00035840 ___RA (Avanquest Software) C:\Windows\System32\Drivers\BVRPMPR5a64.SYS
2013-05-22 19:18 - 2013-05-22 19:30 - 00000000 ____D C:\Netgear
2013-05-21 15:30 - 2013-05-21 15:30 - 09843804 ____A C:\Users\Max\Desktop\datalow.mat
2013-05-21 15:28 - 2013-05-21 15:40 - 00000404 ____A C:\Users\Max\Desktop\lowpass.m
2013-05-21 15:27 - 2013-03-08 12:36 - 02571308 ____A C:\Users\Max\Desktop\sample.wav
2013-05-21 14:50 - 2013-05-21 14:50 - 00000471 ____A C:\Users\Max\Desktop\bgdark.txt
2013-05-21 14:46 - 2013-05-21 14:46 - 00000470 ____A C:\Users\Max\Desktop\background.txt
2013-05-21 14:45 - 2013-05-21 14:45 - 00000472 ____A C:\Users\Max\Desktop\onemeterfree.txt

==================== One Month Modified Files and Folders =======

2013-06-17 20:19 - 2013-06-17 20:19 - 00000000 ____D C:\FRST
2013-06-17 20:19 - 2013-06-17 20:18 - 01926844 ____A (Farbar) C:\Users\Max\Desktop\FRST64.exe
2013-06-17 20:13 - 2013-04-10 13:56 - 00026591 ____A C:\Windows\setupact.log
2013-06-17 20:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-06-17 19:42 - 2013-06-17 19:42 - 00004639 ____A C:\Users\Max\Desktop\Old_results.txt
2013-06-17 19:39 - 2012-05-23 01:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 19:22 - 2012-09-26 08:53 - 00000988 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 19:22 - 2012-09-26 08:53 - 00000984 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-17 19:22 - 2012-05-23 06:28 - 01393564 ____A C:\Windows\WindowsUpdate.log
2013-06-17 19:21 - 2012-05-23 01:32 - 00000000 ___RD C:\Users\Max\Dropbox
2013-06-17 19:21 - 2012-05-23 01:26 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2013-06-17 19:19 - 2013-06-17 19:19 - 00002663 ____A C:\Users\Max\Desktop\Gmer.log
2013-06-17 18:31 - 2009-07-14 06:45 - 00016608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 18:31 - 2009-07-14 06:45 - 00016608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 18:25 - 2009-07-14 04:34 - 00000498 ____A C:\Windows\win.ini
2013-06-17 18:24 - 2013-04-10 13:55 - 00009510 ____A C:\Windows\errord.log
2013-06-17 18:24 - 2013-04-10 13:54 - 00007496 ____A C:\Windows\error.log
2013-06-17 18:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 18:18 - 2013-06-17 18:18 - 00072176 ____A C:\Users\Max\Desktop\Extras.Txt
2013-06-17 18:17 - 2013-06-17 18:17 - 00094324 ____A C:\Users\Max\Desktop\OTL.Txt
2013-06-17 18:09 - 2013-06-17 18:09 - 00377856 ____A C:\Users\Max\Desktop\gmer_2.1.19163.exe
2013-06-17 18:07 - 2013-06-17 18:07 - 00602112 ____A (OldTimer Tools) C:\Users\Max\Desktop\OTL.exe
2013-06-17 18:07 - 2013-06-17 18:07 - 00000468 ____A C:\Users\Max\Desktop\defogger_disable.log
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____A C:\Users\Max\defogger_reenable
2013-06-17 18:07 - 2012-05-22 21:48 - 00000000 ____D C:\users\Max
2013-06-17 18:06 - 2013-06-17 18:06 - 00050477 ____A C:\Users\Max\Desktop\Defogger.exe
2013-06-17 17:23 - 2013-06-17 17:23 - 00000000 ____D C:\Users\Max\AppData\Roaming\Zlllm
2013-06-17 11:33 - 2013-06-15 23:06 - 03226879 ____A C:\Users\Max\Desktop\Final.pptx
2013-06-17 11:31 - 2009-07-14 07:13 - 00783270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-17 11:27 - 2013-06-17 11:29 - 02142368 ____A C:\Users\Max\Desktop\Active Noise Control Final Presentation Bombardier.pptx
2013-06-17 10:11 - 2012-05-24 22:04 - 00000000 ____D C:\Users\Max\AppData\Roaming\Spotify
2013-06-17 09:47 - 2012-05-26 11:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\BatteryCare
2013-06-17 09:40 - 2013-06-17 09:40 - 00022924 ____A C:\Users\Max\AppData\Local\recently-used.xbel
2013-06-16 21:19 - 2013-06-15 21:40 - 00000000 ____D C:\Users\Max\Desktop\Presentation Figures
2013-06-16 12:01 - 2012-05-31 08:58 - 00000462 ____A C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-06-16 00:21 - 2012-11-01 18:47 - 00769182 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-16 00:16 - 2012-05-22 23:59 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype
2013-06-14 14:18 - 2013-06-14 14:18 - 01079430 ____A C:\Users\Max\Desktop\OD_250.bmp
2013-06-14 14:17 - 2013-06-14 14:17 - 01060254 ____A C:\Users\Max\Desktop\OD_4000.bmp
2013-06-14 14:16 - 2013-06-14 14:16 - 01061114 ____A C:\Users\Max\Desktop\OD_2000.bmp
2013-06-14 14:15 - 2013-06-14 14:15 - 01060918 ____A C:\Users\Max\Desktop\OD_1000.bmp
2013-06-14 14:15 - 2013-06-14 14:15 - 01051398 ____A C:\Users\Max\Desktop\OD_500.bmp
2013-06-14 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 10:37 - 2013-06-11 10:55 - 00020339 ____A C:\Users\Max\Documents\Book1.xlsx
2013-06-13 10:36 - 2013-06-11 10:54 - 03446835 ____A C:\Users\Max\Desktop\Presentation 130613.pptx
2013-06-13 10:27 - 2013-06-13 10:27 - 01095949 ____A C:\Users\Max\Desktop\ANC presentation for Bombardier Acousticians.pptx
2013-06-13 10:20 - 2012-05-23 00:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 10:16 - 2012-05-23 08:51 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 21:24 - 2013-06-12 21:17 - 1857227233 ____A C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
2013-06-12 21:24 - 2013-06-03 10:58 - 00030720 __ASH C:\Users\Max\Thumbs.db
2013-06-12 19:37 - 2012-05-27 11:16 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2013-06-12 16:39 - 2012-05-23 01:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 16:39 - 2012-05-23 01:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 10:21 - 2013-06-11 10:17 - 00000379 ____A C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
2013-06-11 10:17 - 2013-06-11 10:17 - 00000355 ____A C:\Users\Max\Desktop\new3DbillardYZ.htm
2013-06-11 09:51 - 2013-06-11 09:51 - 00000354 ____A C:\Users\Max\Desktop\3D_Billard_YZ.htm
2013-06-10 15:01 - 2012-05-24 22:04 - 00000000 ____D C:\Users\Max\AppData\Local\Spotify
2013-06-08 16:56 - 2013-06-08 16:56 - 00001521 ____A C:\Users\Max\Desktop\old_task_def.txt
2013-06-08 10:32 - 2013-06-08 10:32 - 00001110 ____A C:\Users\Public\Desktop\Internoise 2000.lnk
2013-06-08 10:32 - 2013-06-08 10:32 - 00000000 ____D C:\Program Files (x86)\Internoise
2013-06-07 12:02 - 2013-06-07 12:02 - 00003521 ____A C:\Users\Max\Desktop\drawing.svg
2013-06-07 10:01 - 2013-06-07 10:01 - 03072054 ____A C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
2013-06-05 16:41 - 2013-06-05 16:41 - 00001241 ____A C:\Users\Max\Desktop\BOX_bg_160_8000.txt
2013-06-05 15:43 - 2013-06-05 14:41 - 00000394 ____A C:\Users\Max\Desktop\Legend_pos_for_plotyy.txt
2013-06-05 13:06 - 2013-06-05 13:06 - 00067864 ____A C:\Users\Max\Downloads\matlab2tikz_0.3.3.zip
2013-06-05 11:04 - 2013-06-05 11:01 - 15682862 ____A () C:\Users\Max\Downloads\z60860L13.exe
2013-06-05 00:33 - 2013-06-05 00:26 - 1901246096 ____A C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
2013-06-05 00:25 - 2013-06-05 00:25 - 00000000 ____D C:\Users\Max\AppData\Local\pirateplay
2013-06-05 00:25 - 2013-06-05 00:25 - 00000000 ____D C:\Program Files (x86)\Pirateplayer
2013-06-05 00:24 - 2013-06-05 00:24 - 28896608 ____A C:\Users\Max\Downloads\ppinstaller_-_v0_5_0.exe
2013-06-04 16:55 - 2013-05-09 14:16 - 00001500 ____A C:\Windows\PFRO.log
2013-06-04 16:55 - 2012-05-22 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-04 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-03 17:02 - 2012-05-22 23:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-03 17:02 - 2012-05-22 23:59 - 00000000 ____D C:\ProgramData\Skype
2013-06-03 15:19 - 2013-02-26 11:27 - 00005600 ____A C:\Windows\System32\esnecil.ind
2013-06-03 15:19 - 2013-02-26 11:27 - 00000004 ____A C:\Windows\vx86036.dat
2013-06-03 10:13 - 2013-05-24 17:02 - 00000000 ____D C:\Users\Max\Documents\CV
2013-06-03 09:59 - 2013-06-03 09:59 - 00000000 ____D C:\Users\Max\.pdfsam
2013-06-03 09:52 - 2013-06-03 09:51 - 00000000 ____D C:\Program Files\PDFmerge
2013-05-30 17:00 - 2013-05-30 17:00 - 00003042 ____A C:\Users\Max\Desktop\Total_abs.Job01.00001.txt
2013-05-29 10:41 - 2013-05-29 10:41 - 00000000 ____D C:\Users\Max\AppData\Roaming\U3
2013-05-27 15:38 - 2013-05-27 15:26 - 00003385 ____A C:\Users\Max\Desktop\reportsii.m
2013-05-24 11:29 - 2013-05-24 11:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 08:15 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-22 19:30 - 2013-05-22 19:18 - 00000000 ____D C:\Netgear
2013-05-22 19:29 - 2013-05-22 19:29 - 00005880 ____A C:\Users\Max\Desktop\Router_Setup.html
2013-05-22 10:41 - 2012-05-23 00:19 - 00000000 ____D C:\Users\Max\AppData\Local\Microsoft Help
2013-05-21 15:40 - 2013-05-21 15:28 - 00000404 ____A C:\Users\Max\Desktop\lowpass.m
2013-05-21 15:30 - 2013-05-21 15:30 - 09843804 ____A C:\Users\Max\Desktop\datalow.mat
2013-05-21 15:26 - 2012-07-16 08:49 - 00000000 ____D C:\Users\Max\AppData\Roaming\Audacity
2013-05-21 14:50 - 2013-05-21 14:50 - 00000471 ____A C:\Users\Max\Desktop\bgdark.txt
2013-05-21 14:46 - 2013-05-21 14:46 - 00000470 ____A C:\Users\Max\Desktop\background.txt
2013-05-21 14:45 - 2013-05-21 14:45 - 00000472 ____A C:\Users\Max\Desktop\onemeterfree.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 11:55

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2013 01
Ran by Max at 2013-06-17 20:20:29 Run:
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Audacity 2.0
Avira Free Antivirus (Version: 12.1.9.1236)
BankID säkerhetsprogram (Version: 4.19.1)
BatteryCare 0.9.13.0 (Version: 0.9.13.0)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CCleaner (Version: 3.19)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.01065)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065)
Conexant 20561 SmartAudio HD (Version: 4.92.10.0)
Creative Live! Cam Chat HD (VF0700) (1.00.06.00)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Dropbox (Version: 2.0.22)
EAX Unified
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Handelsbanken kortläsare (Version: 1.00.0000)
Inkscape 0.48.4 (Version: 0.48.4)
Intel PROSet Wireless
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2555)
Intel(R) Network Connections 17.1.55.0 (Version: 17.1.55.0)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000)
Internoise2000
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.0 (Version: 2.1.0)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo System Interface Driver (Version: 1.05)
Mathematica Extras 8.0 (2615434) (Version: 8.0.4)
MATLAB R2011a (Version: 7.12)
Media Go (Version: 2.3.255)
Media Go Video Playback Engine 1.96.114.08260 (Version: 1.96.114.08260)
Mendeley Desktop 1.8 (Version: 1.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiKTeX 2.9 (Version: 2.9)
Mobile Connection Manager
Movie Maker (Version: 16.4.3503.0728)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Odeon 11 CombinedDemo (remove only)
Odeon 11 Industrial (remove only)
Odeon 12 Industrial (remove only)
On Screen Display (Version: 6.60.03)
PDF Password Remover (Version: 1.0.6)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Pirateplayer
PlayCatan Access Software (Version: 3.986)
PlayStation(R)Network Downloader (Version: 2.07.00849)
PlayStation(R)Store (Version: 4.12.6.14870)
R for Windows 2.15.1 (Version: 2.15.1)
Secure Download Manager (Version: 3.0.5)
Sentinel System Driver Installer 7.5.1 (Version: 7.5.1)
SketchUp 8 (Version: 3.0.16846)
Skype™ 6.3 (Version: 6.3.107)
Solid Edge ST4 (Version: 104.00.00082)
Sony Ericsson Update Engine (Version: 2.13.5.201304180917)
Sony PC Companion 2.10.155 (Version: 2.10.155)
SpectraPLUS (Version: 5.0.26.33)
SpectraPLUS-SC (Version: 5.1.0.9)
Spotify (Version: 0.9.1.53.g876fa9df)
Steam (Version: 1.0.0.0)
System Update (Version: 4.03.0012)
Texmaker
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Power Management Driver (Version: 1.65.05.20)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkVantage Communications Utility (Version: 1.42)
UA-1G Driver
Ubuntu One (Version: 4.1.91)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.0.5 (Version: 2.0.5)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Wise Registry Cleaner 7.67
ZTE USB Driver (Version: 1.0.1.25_TME)

==================== Restore Points  =========================

13-06-2013 08:13:50 Windows Update
15-06-2013 22:16:55 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {190FC235-AA8D-499E-B446-157DD3E86D16} - System32\Tasks\{F0AC8905-EAA7-4AA3-8232-DB53D6B9BFB5} => C:\Users\Max\Desktop\3d_pinball_for_windows_-_space_cadet.exe [2009-07-14] ()
Task: {1CF27D6D-6487-4B9B-A7FA-585DD1F67313} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)
Task: {359F4EBE-688F-43D2-A300-829FE3700951} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {69B3A5C2-E515-4F20-8DB0-2402C85E410A} - System32\Tasks\{C9BF97B9-9921-4B24-86F0-D67D3BFF2378} => C:\Users\Max\Desktop\3d_pinball_for_windows_-_space_cadet.exe [2009-07-14] ()
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] ()
Task: {895FC81E-1BE5-4B1F-8F72-C0AF05D6163C} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2013-04-03] (WiseCleaner.com)
Task: {92B5ECDF-3E28-4258-AF59-DEFEF115FE07} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-23] (Microsoft Corporation)
Task: {96F2ED2E-6803-4532-B3CF-DCB63A3213AA} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A6C6CE3B-782B-4DD9-915C-76B70F0A5952} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {CED87B78-22D1-4B41-8E01-7B7076B8D64E} - System32\Tasks\{31CA5D21-0E5A-4F1F-8CB0-129191C97A08} => C:\Users\Max\Desktop\3d_pinball_for_windows_-_space_cadet.exe [2009-07-14] ()
Task: {D24E63F5-323D-4D48-B022-6604FBB1DBDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {D3D949ED-F0FD-41DB-954C-2D2FBE0BBDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {D6690089-86A4-4B36-B0D3-CDC943163100} - System32\Tasks\BatteryCareAuto => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [2013-02-10] (Filipe Lourenço)
Task: {FD869693-A5E8-4619-9059-8F1A00B13405} - System32\Tasks\TVT\TVSUUpdateTask_Max-ThinkPad_Max => C:\Program Files (x86)\Lenovo\System Update\tvsu.exe [2012-05-11] ()

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ericsson F3507g Mobile Broadband Minicard Composite Device
Description: Ericsson F3507g Mobile Broadband Minicard Composite Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2013 01:44:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/15/2013 08:09:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/14/2013 11:22:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 21.0.0.4879, time stamp: 0x518ec3cc
Faulting module name: xul.dll, version: 21.0.0.4879, time stamp: 0x518ec306
Exception code: 0xc0000005
Fault offset: 0x001c9789
Faulting process id: 0xf24
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (06/14/2013 10:41:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/10/2013 00:20:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/09/2013 02:39:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/08/2013 04:36:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/06/2013 00:30:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (06/05/2013 04:41:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: texmaker.exe, version: 0.0.0.0, time stamp: 0x4fbe6624
Faulting module name: texmaker.exe, version: 0.0.0.0, time stamp: 0x4fbe6624
Exception code: 0xc0000005
Fault offset: 0x0014ec93
Faulting process id: 0x13b0
Faulting application start time: 0xtexmaker.exe0
Faulting application path: texmaker.exe1
Faulting module path: texmaker.exe2
Report Id: texmaker.exe3

Error: (06/04/2013 05:08:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 21.0.0.4879, time stamp: 0x518ec3cc
Faulting module name: xul.dll, version: 21.0.0.4879, time stamp: 0x518ec306
Exception code: 0xc0000005
Fault offset: 0x001c9789
Faulting process id: 0x34c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (06/13/2013 10:12:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (06/12/2013 09:24:30 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (06/11/2013 04:07:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/09/2013 09:30:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/06/2013 05:51:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (06/05/2013 00:33:50 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/03/2013 10:08:31 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Error: (06/03/2013 10:05:00 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR12.

Error: (06/03/2013 09:35:44 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR11.

Error: (05/30/2013 09:10:46 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR8.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-04-06 20:54:58.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-25 20:53:06.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-25 20:33:51.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-15 15:51:15.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-03 18:11:23.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-03 18:05:42.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-03 18:01:41.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-02 18:45:30.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-02 18:30:07.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-02 17:20:24.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 3992.03 MB
Available physical RAM: 1232.27 MB
Total Pagefile: 7982.24 MB
Available Pagefile: 5247.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:27.69 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
/Ramlosa
__________________

Alt 17.06.2013, 19:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.06.2013, 19:53   #5
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Hej,

hier die ComboFix.txt file. Sprache ist schwedisch, wahrscheinlich wegen Windowseinstellung (bin in Schweden).

Code:
ATTFilter
ComboFix 13-06-17.01 - Max 17.06.2013  20:39:53.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.46.1033.18.3992.1311 [GMT 2:00]
Körs från: c:\users\Max\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Duden
c:\programdata\Duden\DKReg.exe
c:\programdata\Roaming
c:\users\Max\AppData\Roaming\Microsoft\Windows\Recent\juli17.mat
c:\users\Max\AppData\Roaming\Microsoft\Windows\Recent\juli7.mat
c:\users\Max\AppData\Roaming\Microsoft\Windows\Recent\TSlab_theoretical_data.mat
c:\windows\SysWow64\cfgdll.dll
.
.
((((((((((((((((((((((((   Filer skapade från 2013-05-17 till 2013-06-17  ))))))))))))))))))))))))))))))
.
.
2013-06-17 18:46 . 2013-06-17 18:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-17 18:19 . 2013-06-17 18:19	--------	d-----w-	C:\FRST
2013-06-17 15:23 . 2013-06-17 15:23	--------	d-----w-	c:\users\Max\AppData\Roaming\Zlllm
2013-06-12 07:47 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-08 08:32 . 1999-06-02 22:00	101888	----a-w-	c:\windows\SysWow64\Vb6stkit.dll
2013-06-08 08:32 . 1999-03-03 11:50	119568	----a-w-	c:\windows\SysWow64\Vb6fr.dll
2013-06-08 08:32 . 2000-12-22 12:32	98304	----a-w-	c:\windows\SysWow64\activvf.ocx
2013-06-08 08:32 . 2000-12-22 12:32	307200	----a-w-	c:\windows\SysWow64\Viewer.dll
2013-06-08 08:32 . 2000-12-22 12:32	221184	----a-w-	c:\windows\SysWow64\Imagedll.dll
2013-06-08 08:32 . 2000-12-22 10:14	77824	----a-w-	c:\windows\SysWow64\jpegw.dll
2013-06-08 08:32 . 2000-12-22 10:14	274432	----a-w-	c:\windows\SysWow64\fmtdll.dll
2013-06-08 08:32 . 2000-12-22 10:11	36864	----a-w-	c:\windows\SysWow64\ccittg4.dll
2013-06-08 08:32 . 2000-12-22 10:07	188416	----a-w-	c:\windows\SysWow64\Cgmdll.dll
2013-06-08 08:32 . 2000-05-21 22:00	203976	----a-w-	c:\windows\SysWow64\Richtx32.ocx
2013-06-08 08:32 . 2000-05-21 22:00	118976	----a-w-	c:\windows\SysWow64\Msadodc.ocx
2013-06-08 08:32 . 2013-06-08 08:32	--------	d-----w-	c:\program files (x86)\Internoise
2013-06-04 22:25 . 2013-06-04 22:25	--------	d-----w-	c:\users\Max\AppData\Local\pirateplay
2013-06-04 22:25 . 2013-06-04 22:25	--------	d-----w-	c:\program files (x86)\Pirateplayer
2013-06-03 07:59 . 2013-06-03 07:59	--------	d-----w-	c:\users\Max\.pdfsam
2013-06-03 07:51 . 2013-06-03 07:52	--------	d-----w-	c:\program files\PDFmerge
2013-05-29 08:41 . 2013-05-29 08:41	--------	d-----w-	c:\users\Max\AppData\Roaming\U3
2013-05-22 17:19 . 2010-06-07 03:12	35840	----a-r-	c:\windows\system32\drivers\BVRPMPR5a64.SYS
2013-05-22 17:18 . 2013-05-22 17:30	--------	d-----w-	C:\Netgear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 08:16 . 2012-05-23 06:51	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 14:39 . 2012-05-22 23:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:39 . 2012-05-22 23:07	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 21:12 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 05:55	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 05:55	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 05:55	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 05:55	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 05:55	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 05:55	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:03	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 05:55	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 05:55	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 05:54	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-03-25 10:49 . 2013-03-25 10:49	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-25 10:49 . 2012-06-04 16:49	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-25 10:49 . 2012-06-04 16:49	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-14 1104384]
"ujtwwutc"="c:\users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe" [2013-06-17 129536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\SysWOW64\V0700Ext.ax"="c:\windows\SysWOW64\V0700Ext.ax" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RDID1098;UA-1G;c:\windows\system32\Drivers\rdwm1098.sys;c:\windows\SYSNATIVE\Drivers\rdwm1098.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0700Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 ROCKEY6S_SPSVC;ROCKEY6S_SPSVC;c:\program files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe;c:\program files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe [x]
S2 ROCKEY6SMARTSVC;ROCKEY6SMART SERVICE;c:\program files (x86)\Odeon11Industrial\rockey6smartsvc.exe;c:\program files (x86)\Odeon11Industrial\rockey6smartsvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*Deregistered* - fwlcykob
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 14:39]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 06:53]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 06:53]
.
2013-06-16 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-05-31 12:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0700Ext.ax"="c:\windows\system32\V0700Ext.ax" [X]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-06 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-06 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-06 417560]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 130.237.72.200 130.237.72.201
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKLM_Wow6432Node-ActiveSetup-{07e84f41-11d5-4615-aaf6-368df0762b41} - c:\programdata\Duden\dkreg.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2013-06-17  20:48:40
ComboFix-quarantined-files.txt  2013-06-17 18:48
.
Före genomsökningen: 29,527,732,224 bytes free
Efter genomsökningen: 31,976,853,504 bytes free
.
- - End Of File - - 8B43858075CF579B553308283BC1EB9A
A36C5E4F47E84449FF07ED3517B43A31
         
/Ramlosa


Alt 17.06.2013, 20:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Zitat:
Sprache ist schwedisch, wahrscheinlich wegen Windowseinstellung (bin in Schweden).
Na Gott sei Dank kenn ich die Überschriften im Log auswendig


Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\Max\AppData\Roaming\Zlllm
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ujtwwutc"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "c:\windows\SysWOW64\V0700Ext.ax"=-
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
--> MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.

Alt 17.06.2013, 20:30   #7
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Zitat:
Na Gott sei Dank kenn ich die Überschriften im Log auswendig
Darauf hatte ich gehofft! Phew!

Hier die neue logfile von ComboFix

(hat btw nicht danach gefragt, dass ich files zur Analyse schicke)

Code:
ATTFilter
ComboFix 13-06-17.01 - Max 17.06.2013  21:18:00.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.46.1033.18.3992.1558 [GMT 2:00]
Körs från: c:\users\Max\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Max\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\Zlllm
c:\users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe
.
.
((((((((((((((((((((((((   Filer skapade från 2013-05-17 till 2013-06-17  ))))))))))))))))))))))))))))))
.
.
2013-06-17 19:23 . 2013-06-17 19:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-17 18:19 . 2013-06-17 18:19	--------	d-----w-	C:\FRST
2013-06-12 07:47 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-08 08:32 . 1999-06-02 22:00	101888	----a-w-	c:\windows\SysWow64\Vb6stkit.dll
2013-06-08 08:32 . 1999-03-03 11:50	119568	----a-w-	c:\windows\SysWow64\Vb6fr.dll
2013-06-08 08:32 . 2000-12-22 12:32	98304	----a-w-	c:\windows\SysWow64\activvf.ocx
2013-06-08 08:32 . 2000-12-22 12:32	307200	----a-w-	c:\windows\SysWow64\Viewer.dll
2013-06-08 08:32 . 2000-12-22 12:32	221184	----a-w-	c:\windows\SysWow64\Imagedll.dll
2013-06-08 08:32 . 2000-12-22 10:14	77824	----a-w-	c:\windows\SysWow64\jpegw.dll
2013-06-08 08:32 . 2000-12-22 10:14	274432	----a-w-	c:\windows\SysWow64\fmtdll.dll
2013-06-08 08:32 . 2000-12-22 10:11	36864	----a-w-	c:\windows\SysWow64\ccittg4.dll
2013-06-08 08:32 . 2000-12-22 10:07	188416	----a-w-	c:\windows\SysWow64\Cgmdll.dll
2013-06-08 08:32 . 2000-05-21 22:00	203976	----a-w-	c:\windows\SysWow64\Richtx32.ocx
2013-06-08 08:32 . 2000-05-21 22:00	118976	----a-w-	c:\windows\SysWow64\Msadodc.ocx
2013-06-08 08:32 . 2013-06-08 08:32	--------	d-----w-	c:\program files (x86)\Internoise
2013-06-04 22:25 . 2013-06-04 22:25	--------	d-----w-	c:\users\Max\AppData\Local\pirateplay
2013-06-04 22:25 . 2013-06-04 22:25	--------	d-----w-	c:\program files (x86)\Pirateplayer
2013-06-03 07:59 . 2013-06-03 07:59	--------	d-----w-	c:\users\Max\.pdfsam
2013-06-03 07:51 . 2013-06-03 07:52	--------	d-----w-	c:\program files\PDFmerge
2013-05-29 08:41 . 2013-05-29 08:41	--------	d-----w-	c:\users\Max\AppData\Roaming\U3
2013-05-22 17:19 . 2010-06-07 03:12	35840	----a-r-	c:\windows\system32\drivers\BVRPMPR5a64.SYS
2013-05-22 17:18 . 2013-05-22 17:30	--------	d-----w-	C:\Netgear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 08:16 . 2012-05-23 06:51	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 14:39 . 2012-05-22 23:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:39 . 2012-05-22 23:07	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 21:12 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 05:55	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 05:55	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 05:55	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 05:55	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 05:55	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 05:55	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:03	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 05:55	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 05:55	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 05:54	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-03-25 10:49 . 2013-03-25 10:49	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-25 10:49 . 2012-06-04 16:49	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-25 10:49 . 2012-06-04 16:49	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-14 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\SysWOW64\V0700Ext.ax"="c:\windows\SysWOW64\V0700Ext.ax" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RDID1098;UA-1G;c:\windows\system32\Drivers\rdwm1098.sys;c:\windows\SYSNATIVE\Drivers\rdwm1098.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0700Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 ROCKEY6S_SPSVC;ROCKEY6S_SPSVC;c:\program files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe;c:\program files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe [x]
S2 ROCKEY6SMARTSVC;ROCKEY6SMART SERVICE;c:\program files (x86)\Odeon11Industrial\rockey6smartsvc.exe;c:\program files (x86)\Odeon11Industrial\rockey6smartsvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*Deregistered* - fwlcykob
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 14:39]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 06:53]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 06:53]
.
2013-06-16 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-05-31 12:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0700Ext.ax"="c:\windows\system32\V0700Ext.ax" [X]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-06 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-06 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-06 417560]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 130.237.72.200 130.237.72.201
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2013-06-17  21:25:13
ComboFix-quarantined-files.txt  2013-06-17 19:25
.
Före genomsökningen: 32,410,193,920 bytes free
Efter genomsökningen: 32,217,288,704 bytes free
.
- - End Of File - - 04008B3B4357183477A002DFA0356339
A36C5E4F47E84449FF07ED3517B43A31
         
/Ramlosa

Alt 18.06.2013, 06:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Supi

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2013, 18:32   #9
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Ok, here goes (das war mal ein Rundumschlag!):

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.303 - Logfile created 06/18/2013 at 15:15:27
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Max - MAX-THINKPAD
# Boot Mode : Normal
# Running from : C:\Users\Max\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\prefs.js

Deleted : user_pref("socialfixer.502828818/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"[...]

*************************

AdwCleaner[S1].txt - [799 octets] - [18/06/2013 15:15:27]

########## EOF - C:\AdwCleaner[S1].txt - [858 octets] ##########
         
JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Max on 18.06.2013 at 15:20:37.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\le4zo7s4.default\prefs.js

user_pref("socialfixer.652575570/cached_content/donate_pagelet", "{\"expires_on\":1340129107688,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;
Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\le4zo7s4.default\minidumps [328 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2013 at 15:24:28.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ESET online scanner (war fündig):

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f52ff80dd2599144bcc47690322006c7
# engine=14101
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-18 04:53:21
# local_time=2013-06-18 06:53:21 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 84702 142245706 77480 0
# compatibility_mode=5893 16776574 100 94 33251459 123204251 0 0
# scanned=441063
# found=1
# cleaned=0
# scan_time=11883
sh=CC0FA171E296FA23E03DDE84F7C36D9D18676F4B ft=1 fh=c71c0011cf03f3bb vn="a variant of Win32/Kryptik.BDTZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe.vir"
         
checkup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Wise Registry Cleaner 7.67  
 JavaFX 2.1.0    
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (21.0) 
 Mozilla Thunderbird (17.0.6) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
         
... und frische OTL.txt
Code:
ATTFilter
OTL logfile created on: 18.06.2013 19:14:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.90 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.80% Memory free
7.80 Gb Paging File | 6.13 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 29.09 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
 
Computer Name: MAX-THINKPAD | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2013.06.14 17:38:47 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.15 17:42:10 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.13 16:52:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.05.02 01:52:15 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe
PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.07.27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.12 10:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2012.02.29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.11.01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.11.01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.10.20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.10.19 20:51:39 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2011.10.19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011.07.12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 16:39:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 11:29:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.06.19 17:03:25 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe -- (ROCKEY6S_SPSVC)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe -- (ROCKEY6SMARTSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.26 11:22:00 | 000,158,592 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1098.sys -- (RDID1098)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.10.06 21:17:02 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.10.06 21:17:02 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.05.23 00:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.06 22:41:32 | 000,065,648 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rockusb.sys -- (Rockusb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.20 11:24:16 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.06 17:00:02 | 000,393,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0700Vid.sys -- (V0700Vid)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.06.07 05:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.04.23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.19 01:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.12.28 15:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.09.17 08:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009.09.17 08:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2009.07.22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 17:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.09.23 00:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.26 23:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 FE 0B 18 57 38 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M]
 
[2012.05.22 23:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions
[2013.06.05 10:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions
[2012.11.30 18:18:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.06.05 10:59:27 | 000,054,689 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2013.05.10 14:21:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 11:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.24 11:29:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.17 21:23:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0700Ext.ax] C:\Windows\SysNative\V0700Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0700Ext.ax] C:\Windows\SysWOW64\V0700Ext.ax (Creative Technology Ltd.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.237.72.200 130.237.72.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB318EA-80D1-46C6-9AB6-2C57AA88B1B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B9B516-7FC4-4A37-AA67-D06B1509E193}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0E05EB0-1690-40E4-AABD-3D52F8A34FBE}: DhcpNameServer = 130.237.72.200 130.237.72.201
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 15:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.18 15:20:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.18 15:20:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.18 15:14:27 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\MS DOS file im Anhang einer Mahnung  Habe sie geöffnet. - Trojaner-Board_files
[2013.06.18 15:12:59 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Max\Desktop\esetsmartinstaller_enu.exe
[2013.06.18 15:12:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Max\Desktop\JRT.exe
[2013.06.17 21:34:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.17 21:25:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.17 21:14:08 | 005,079,999 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2013.06.17 20:37:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.17 20:37:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.17 20:37:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.17 20:37:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.17 20:37:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.17 20:19:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.17 20:18:57 | 001,926,844 | ---- | C] (Farbar) -- C:\Users\Max\Desktop\FRST64.exe
[2013.06.17 18:07:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013.06.15 21:40:50 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Presentation Figures
[2013.06.08 10:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise 2000
[2013.06.08 10:32:23 | 000,307,200 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Viewer.dll
[2013.06.08 10:32:23 | 000,274,432 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\fmtdll.dll
[2013.06.08 10:32:23 | 000,221,184 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Imagedll.dll
[2013.06.08 10:32:23 | 000,188,416 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Cgmdll.dll
[2013.06.08 10:32:23 | 000,098,304 | ---- | C] (Jouve) -- C:\Windows\SysWow64\activvf.ocx
[2013.06.08 10:32:23 | 000,077,824 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\jpegw.dll
[2013.06.08 10:32:23 | 000,036,864 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\ccittg4.dll
[2013.06.08 10:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internoise
[2013.06.05 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\pirateplay
[2013.06.05 00:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pirateplayer
[2013.06.03 09:59:46 | 000,000,000 | ---D | C] -- C:\Users\Max\.pdfsam
[2013.06.03 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDFmerge
[2013.05.29 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\U3
[2013.05.24 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\CV
[2013.05.24 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 19:19:54 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2013.05.22 19:18:59 | 000,000,000 | ---D | C] -- C:\Netgear
[1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 18:39:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 18:22:03 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.18 16:10:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 15:34:10 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:34:10 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:27:47 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.18 15:26:16 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 15:14:30 | 000,265,633 | ---- | M] () -- C:\Users\Max\Desktop\MS DOS file im Anhang einer Mahnung  Habe sie geöffnet. - Trojaner-Board.htm
[2013.06.18 15:13:55 | 000,890,839 | ---- | M] () -- C:\Users\Max\Desktop\SecurityCheck.exe
[2013.06.18 15:12:59 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Max\Desktop\esetsmartinstaller_enu.exe
[2013.06.18 15:12:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Max\Desktop\JRT.exe
[2013.06.18 15:10:55 | 000,648,201 | ---- | M] () -- C:\Users\Max\Desktop\adwcleaner.exe
[2013.06.17 21:23:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.17 21:14:28 | 005,079,999 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2013.06.17 21:12:58 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.17 21:12:58 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.17 21:12:58 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.17 20:19:03 | 001,926,844 | ---- | M] (Farbar) -- C:\Users\Max\Desktop\FRST64.exe
[2013.06.17 18:09:04 | 000,377,856 | ---- | M] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe
[2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013.06.17 18:07:15 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable
[2013.06.17 18:06:39 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe
[2013.06.17 09:40:11 | 000,022,924 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel
[2013.06.16 12:01:06 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2013.06.16 00:21:31 | 000,769,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.14 14:18:44 | 001,079,430 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.bmp
[2013.06.14 14:17:43 | 001,060,254 | ---- | M] () -- C:\Users\Max\Desktop\OD_4000.bmp
[2013.06.14 14:16:53 | 001,061,114 | ---- | M] () -- C:\Users\Max\Desktop\OD_2000.bmp
[2013.06.14 14:15:58 | 001,060,918 | ---- | M] () -- C:\Users\Max\Desktop\OD_1000.bmp
[2013.06.14 14:15:10 | 001,051,398 | ---- | M] () -- C:\Users\Max\Desktop\OD_500.bmp
[2013.06.14 14:13:42 | 000,132,485 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.jpg
[2013.06.12 21:24:01 | 1857,227,233 | ---- | M] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
[2013.06.11 10:23:03 | 001,370,927 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif
[2013.06.11 10:21:57 | 000,000,379 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
[2013.06.11 10:18:56 | 000,237,858 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif
[2013.06.11 10:17:51 | 000,000,355 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm
[2013.06.11 10:11:58 | 000,360,458 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif
[2013.06.11 09:51:27 | 000,000,354 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm
[2013.06.10 13:50:41 | 000,170,487 | ---- | M] () -- C:\Users\Max\Desktop\chart.pdf
[2013.06.09 23:08:18 | 005,012,172 | ---- | M] () -- C:\Users\Max\Desktop\Max_Report.pdf
[2013.06.08 10:32:32 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Internoise 2000.lnk
[2013.06.07 12:02:29 | 000,003,521 | ---- | M] () -- C:\Users\Max\Desktop\drawing.svg
[2013.06.07 10:01:53 | 003,072,054 | ---- | M] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
[2013.06.06 11:28:42 | 000,023,433 | ---- | M] () -- C:\Users\Max\Desktop\4000.png
[2013.06.06 11:27:43 | 000,027,445 | ---- | M] () -- C:\Users\Max\Desktop\2000.png
[2013.06.06 11:26:35 | 000,031,624 | ---- | M] () -- C:\Users\Max\Desktop\1000.png
[2013.06.06 11:25:24 | 000,032,814 | ---- | M] () -- C:\Users\Max\Desktop\500.png
[2013.06.06 11:24:12 | 000,030,349 | ---- | M] () -- C:\Users\Max\Desktop\250.png
[2013.06.05 00:33:52 | 1901,246,096 | ---- | M] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
[2013.06.04 21:38:05 | 000,001,051 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.03 15:19:32 | 000,005,600 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind
[2013.06.03 15:19:32 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2013.05.29 23:48:02 | 000,279,259 | ---- | M] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf
[2013.05.29 18:08:49 | 000,108,434 | ---- | M] () -- C:\Users\Max\New_document_1-g2993-4294967129.png
[2013.05.29 10:40:14 | 000,044,004 | ---- | M] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf
[2013.05.27 15:38:15 | 000,003,385 | ---- | M] () -- C:\Users\Max\Desktop\reportsii.m
[2013.05.22 19:29:33 | 000,005,880 | ---- | M] () -- C:\Users\Max\Desktop\Router_Setup.html
[2013.05.21 15:40:14 | 000,000,404 | ---- | M] () -- C:\Users\Max\Desktop\lowpass.m
[2013.05.21 15:30:21 | 009,843,804 | ---- | M] () -- C:\Users\Max\Desktop\datalow.mat
[2013.05.21 09:24:16 | 004,644,887 | ---- | M] () -- C:\Users\Max\Desktop\Max_Utkast.pdf
[1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.18 15:14:27 | 000,265,633 | ---- | C] () -- C:\Users\Max\Desktop\MS DOS file im Anhang einer Mahnung  Habe sie geöffnet. - Trojaner-Board.htm
[2013.06.18 15:13:54 | 000,890,839 | ---- | C] () -- C:\Users\Max\Desktop\SecurityCheck.exe
[2013.06.18 15:10:55 | 000,648,201 | ---- | C] () -- C:\Users\Max\Desktop\adwcleaner.exe
[2013.06.17 20:37:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.17 20:37:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.17 20:37:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.17 20:37:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.17 20:37:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.17 18:09:03 | 000,377,856 | ---- | C] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe
[2013.06.17 18:07:15 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable
[2013.06.17 18:06:37 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe
[2013.06.17 09:40:11 | 000,022,924 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel
[2013.06.14 14:18:44 | 001,079,430 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.bmp
[2013.06.14 14:17:43 | 001,060,254 | ---- | C] () -- C:\Users\Max\Desktop\OD_4000.bmp
[2013.06.14 14:16:53 | 001,061,114 | ---- | C] () -- C:\Users\Max\Desktop\OD_2000.bmp
[2013.06.14 14:15:58 | 001,060,918 | ---- | C] () -- C:\Users\Max\Desktop\OD_1000.bmp
[2013.06.14 14:15:10 | 001,051,398 | ---- | C] () -- C:\Users\Max\Desktop\OD_500.bmp
[2013.06.14 14:13:42 | 000,132,485 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.jpg
[2013.06.12 21:17:14 | 1857,227,233 | ---- | C] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4
[2013.06.11 10:17:51 | 000,237,858 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif
[2013.06.11 10:17:51 | 000,000,355 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm
[2013.06.11 10:17:01 | 000,000,379 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm
[2013.06.11 10:17:00 | 001,370,927 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif
[2013.06.11 09:51:27 | 000,000,354 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm
[2013.06.11 09:51:26 | 000,360,458 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif
[2013.06.10 13:50:40 | 000,170,487 | ---- | C] () -- C:\Users\Max\Desktop\chart.pdf
[2013.06.09 23:08:18 | 005,012,172 | ---- | C] () -- C:\Users\Max\Desktop\Max_Report.pdf
[2013.06.08 10:32:32 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise2000.lnk
[2013.06.08 10:32:32 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Internoise 2000.lnk
[2013.06.07 12:02:29 | 000,003,521 | ---- | C] () -- C:\Users\Max\Desktop\drawing.svg
[2013.06.07 10:01:53 | 003,072,054 | ---- | C] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp
[2013.06.06 11:28:42 | 000,023,433 | ---- | C] () -- C:\Users\Max\Desktop\4000.png
[2013.06.06 11:27:43 | 000,027,445 | ---- | C] () -- C:\Users\Max\Desktop\2000.png
[2013.06.06 11:26:35 | 000,031,624 | ---- | C] () -- C:\Users\Max\Desktop\1000.png
[2013.06.06 11:25:24 | 000,032,814 | ---- | C] () -- C:\Users\Max\Desktop\500.png
[2013.06.06 11:24:12 | 000,030,349 | ---- | C] () -- C:\Users\Max\Desktop\250.png
[2013.06.05 00:26:02 | 1901,246,096 | ---- | C] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4
[2013.05.29 23:48:02 | 000,279,259 | ---- | C] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf
[2013.05.29 18:08:49 | 000,108,434 | ---- | C] () -- C:\Users\Max\New_document_1-g2993-4294967129.png
[2013.05.29 10:21:51 | 000,044,004 | ---- | C] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf
[2013.05.27 15:26:23 | 000,003,385 | ---- | C] () -- C:\Users\Max\Desktop\reportsii.m
[2013.05.22 19:29:33 | 000,000,172 | R--- | C] () -- C:\Users\Max\Desktop\Router Login.url
[2013.05.22 19:29:30 | 000,005,880 | ---- | C] () -- C:\Users\Max\Desktop\Router_Setup.html
[2013.05.21 15:30:20 | 009,843,804 | ---- | C] () -- C:\Users\Max\Desktop\datalow.mat
[2013.05.21 15:28:14 | 000,000,404 | ---- | C] () -- C:\Users\Max\Desktop\lowpass.m
[2013.05.21 15:27:06 | 002,571,308 | ---- | C] () -- C:\Users\Max\Desktop\sample.wav
[2013.05.21 09:24:16 | 004,644,887 | ---- | C] () -- C:\Users\Max\Desktop\Max_Utkast.pdf
[2013.05.02 14:03:38 | 000,070,338 | ---- | C] () -- C:\Users\Max\drawing.eps
[2013.04.04 15:10:14 | 000,007,680 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 11:27:08 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013.02.26 11:26:32 | 000,000,202 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013.02.26 11:26:29 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.11.01 18:47:02 | 000,769,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.22 16:31:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.27 11:16:02 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Max\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.21 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity
[2012.05.22 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AVG2012
[2013.06.17 09:47:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BatteryCare
[2013.04.10 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2013.06.18 15:31:50 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Dropbox
[2012.06.07 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Duden
[2012.06.14 08:22:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\e-academy Inc
[2012.06.03 18:40:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Garmin
[2013.02.04 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\inkscape
[2012.05.31 16:41:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Personal
[2012.09.21 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PlayCatanClient
[2012.10.06 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Sony
[2013.06.17 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Spotify
[2012.07.01 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Telefónica
[2012.06.15 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\The Creative Assembly
[2012.05.23 00:52:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Thunderbird
[2013.01.28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Unigraphics Solutions
[2012.06.03 12:00:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wise Registry Cleaner
[2012.06.19 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >
         
Boah!

/Ramlosa

Alt 18.06.2013, 18:36   #10
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Java und Adobe updaten. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2013, 18:52   #11
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Zitat:
Java und Adobe updaten.
OK, ist geschehen!

Wie ichs verstehe, hat ESET das hier in Quarantine geschickt. Das ist ok so?
Code:
ATTFilter
sh=CC0FA171E296FA23E03DDE84F7C36D9D18676F4B ft=1 fh=c71c0011cf03f3bb vn="a variant of Win32/Kryptik.BDTZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe.vir"
         
/Ramlosa

Alt 18.06.2013, 18:59   #12
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Nee, ESET hat das Teil gefunden, was aber schon durch Combofix in Quarantäne war

Wir sind fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2013, 19:22   #13
Ramlosa
 
MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



OK, alles deinstalliert, updated!

Danke herzlichst!

/Ramlosa

Alt 19.06.2013, 06:59   #14
schrauber
/// the machine
/// TB-Ausbilder
 

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Standard

MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.
.zip file, 7-zip, adobe, anhang, antivir, avg, avira, bho, defender, downloader, error, excel, explorer, failed, firefox, flash player, install.exe, logfile, mahnung, monitor.exe, mozilla, ms dos, msvcrt, registry, rundll, scan, sketchup, software, spotify web helper, super, svchost.exe, temp, udp, usb, visual studio, warnung, win32k.sys, windows



Ähnliche Themen: MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.


  1. Anhang einer fake DHL Mail geöffnet. Avira und mailwarebytes finden nichts!
    Plagegeister aller Art und deren Bekämpfung - 22.05.2015 (9)
  2. Anhang einer gefälschten Telekom-Email geöffnet. Verdacht auf Schadsoftware
    Log-Analyse und Auswertung - 01.12.2014 (7)
  3. Anhang einer (Ebay-)Spammail geöffnet
    Alles rund um Windows - 14.10.2014 (2)
  4. Anhang einer eindeutig unseriösen Mail runtergeladen und geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (3)
  5. Ebay Mahnung Mail Anhang geöffnet
    Log-Analyse und Auswertung - 27.06.2014 (9)
  6. Ebay Mail mit Mahnung von Anwaltskanzlei - Anhang geöffnet :(
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (39)
  7. Anhang (angebliche Rechnung) einer Spammail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (1)
  8. Anhang einer Pishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (1)
  9. versehentlich zip-anhang einer email geöffnet und .exe ausgeführt
    Log-Analyse und Auswertung - 19.02.2014 (11)
  10. Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (5)
  11. Zip-Anhang einer E-Mail dummerweise geöffnet, nicht entpackt , Angst vor Virus/Trojaner o.ä.
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (4)
  12. Trojaner im Anhang einer Mail (in ZIP-File)
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (1)
  13. Mahnung mit Anhang einer DOS Datei
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (2)
  14. Anhang einer Phishing Mail geöffnet
    Mülltonne - 14.06.2013 (2)
  15. Verdächtiger Anhang einer Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (2)
  16. Mahnung Anhang E-Mail geöffnet, anschließend mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  17. Verschlüsselungs-Trojaner Trojan.Ransomlock.P durch Anhang einer Email-Mahnung
    Log-Analyse und Auswertung - 14.06.2012 (4)

Zum Thema MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. - Hej, in einer Mail kam heute eine Mahnung mit einem Anhang. Der Anhang war eine .zip file in der sich noch eine .zip file befand und darin eine MS DOS - MS DOS file im Anhang einer Mahnung: Habe sie geöffnet....
Archiv
Du betrachtest: MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.