highflyer340 | 07.05.2013 20:15 | Log von ESET ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=85af889f4bea6943a014ecf382c20e36
# engine=13775
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-07 02:20:38
# local_time=2013-05-07 04:20:38 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1800 16775165 100 96 9719 233359691 2505 0
# scanned=121820
# found=2
# cleaned=0
# scan_time=2934
sh=975F326FE757B71A68D211CE3477D7EE480B931B ft=1 fh=9653c425a09f0a7b vn="a variant of Win32/Ponmocup.GG trojan" ac=I fn="C:\_OTL\MovedFiles\05072013_150429\C_WINDOWS\system32\d3dx10_37P.dll"
sh=ED014E0D04759C807B1FEA752DCEA5305A1D3F5F ft=0 fh=0000000000000000 vn="probably a variant of Win32/Injector.APK trojan" ac=I fn="F:\Dokumente und Einstellungen\lsy\Eigene Dateien\Downloads\Keri Hilson - Knock you down ft. Kanye West n Ne-yo [PcG].zip"
Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8 ``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C:: ````````````````````End of Log``````````````````````
OTL Logfile: Code:
OTL logfile created on: 07.05.2013 21:20:56 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\lsy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 44,28% Memory free
4,77 Gb Paging File | 3,07 Gb Available in Paging File | 64,37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,95 Gb Total Space | 5,72 Gb Free Space | 11,01% Space Free | Partition Type: NTFS
Computer Name: X39Q5D9MJRMW6IW | User Name: lsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\91442e74da926f6b2c33b5754014940d\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cvhsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
========== Driver Services (SafeList) ==========
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (O2SDRDR) -- system32\DRIVERS\o2sd.sys File not found
DRV - (O2MDRDR) -- system32\DRIVERS\o2media.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\lsy\LOKALE~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVolXP.sys (Microsoft Corporation)
DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplayxp.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSXP.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledAddons: mitm-me%40andras.tim:2.1.110513
FF - prefs.js..extensions.enabledAddons: perspectives%40cmu.edu:4.3.1
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.1.4
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programme\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\ZoomBrowser EX\Program\NPCIG.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.07 12:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Programme\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013.04.24 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.02 11:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.02 11:27:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.07 12:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Programme\Consumer Input\Firefox\src [2013.04.03 16:38:44 | 000,000,000 | ---D | M]
[2010.04.11 09:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions
[2010.04.11 09:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.05.07 16:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions
[2010.05.10 14:51:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 18:10:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.25 13:22:38 | 000,000,000 | ---D | M] (Perspectives) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\perspectives@cmu.edu
[2013.04.03 16:00:39 | 000,000,000 | ---D | M] ("Analytics") -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\plugin@analytic-s.com
[2013.05.07 16:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\staged
[2011.10.28 08:44:03 | 000,009,432 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\mitm-me@andras.tim.xpi
[2012.07.03 19:58:16 | 000,578,962 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\toolbar@web.de.xpi
[2013.05.07 16:42:55 | 000,549,639 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\extensions\staged\toolbar@web.de.xpi
[2012.07.03 19:58:20 | 000,002,209 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\searchplugins\englische-ergebnisse.xml
[2012.07.03 19:58:20 | 000,010,506 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\searchplugins\gmx-suche.xml
[2012.07.03 19:58:20 | 000,002,368 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\searchplugins\lastminute.xml
[2012.07.03 19:58:20 | 000,005,489 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\pmlspny6.default\searchplugins\webde-suche.xml
[2013.04.24 17:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.24 17:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.24 17:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.24 17:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.24 17:09:14 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Programme\Mozilla Firefox\extensions\infoatoms@infoatoms.com
[2013.04.24 17:09:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.27 20:33:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 16:24:24 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.27 20:33:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 20:33:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 20:33:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 20:33:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: SearchGBY = C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.73_0\
O1 HOSTS File: ([2013.05.07 13:22:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {49c53dce-afa0-49a1-a08b-2eb8e8444128} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No CLSID value found.
O2 - BHO: (no name) - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005..\Run: [RDReminder] C:\Programme\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [awdepdfcreator33508] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\RTD89141 ()
O4 - Startup: C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-4205484421-4246644686-1900187304-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248270700551 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248337956218 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C4BB71-8C7E-45AB-8293-5099BC2EA4EE}: NameServer = 192.168.1.1,213.73.91.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.20 06:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.07 19:02:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Local Settings
[2013.05.07 19:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDFCreator
[2013.05.07 19:02:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\pdfforge
[2013.05.07 19:02:48 | 000,054,784 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2013.05.07 19:02:47 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2013.05.07 19:02:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\FilesFrog Update Checker
[2013.05.07 19:02:18 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2013.05.07 15:28:00 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.05.07 15:27:52 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\lsy\Desktop\esetsmartinstaller_enu.exe
[2013.05.07 15:13:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Malwarebytes
[2013.05.07 15:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.07 15:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.07 15:12:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.07 15:12:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.07 15:12:16 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\lsy\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.07 15:04:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.07 13:24:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.07 13:18:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.07 13:17:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.07 13:17:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.07 13:17:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.07 13:17:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.07 13:17:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.07 13:15:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.07 13:15:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Eigene Videos
[2013.05.07 13:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.07 13:15:28 | 005,067,045 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\ComboFix.exe
[2013.05.07 10:14:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe
[2013.05.07 10:14:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.05.03 13:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Desktop\Marcs Leben
[2013.05.02 11:46:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Dropbox
[2013.05.02 11:46:03 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2013.05.02 11:45:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Dropbox
[2013.05.02 11:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox
[2013.05.02 11:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.02 11:30:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.02 11:30:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.02 11:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2013.05.02 11:27:45 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2013.05.02 09:03:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Desktop\Copter
[2013.04.30 21:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Bilder
[2013.04.30 21:25:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Eigene Scans
[2013.04.28 13:21:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.04.24 17:09:14 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013.05.07 21:17:24 | 000,890,825 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\SecurityCheck.exe
[2013.05.07 21:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.07 20:36:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 19:02:50 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDFArchitect.lnk
[2013.05.07 19:02:50 | 000,000,684 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDFCreator.lnk
[2013.05.07 19:02:19 | 000,000,822 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Check for Updates.lnk
[2013.05.07 19:01:50 | 000,162,560 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\PDFCreatorSetup.exe
[2013.05.07 18:49:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.05.07 17:36:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 16:25:14 | 000,104,448 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.07 15:27:52 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\lsy\Desktop\esetsmartinstaller_enu.exe
[2013.05.07 15:12:49 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.07 15:12:20 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\lsy\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.07 15:06:38 | 000,001,366 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Registry kostenlos entrümpeln!.lnk
[2013.05.07 15:06:31 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2013.05.07 15:06:31 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.07 15:05:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.07 15:05:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013.05.07 15:05:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.07 15:05:40 | 3148,304,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 15:04:33 | 000,463,798 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.07 15:04:33 | 000,445,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.07 15:04:33 | 000,086,366 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.07 15:04:33 | 000,072,872 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.07 15:02:12 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2013.05.07 13:22:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.07 13:18:40 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013.05.07 13:15:35 | 005,067,045 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\ComboFix.exe
[2013.05.07 13:09:00 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\adwcleaner.exe
[2013.05.07 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe
[2013.05.07 10:03:59 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.05 19:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013.05.02 11:46:50 | 000,001,002 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Dropbox.lnk
[2013.05.02 11:46:10 | 000,001,032 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.02 11:30:34 | 000,001,442 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.02 11:27:50 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2013.04.30 11:09:08 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2013.04.29 17:03:00 | 000,368,000 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\showreelA.MP4.sfk
[2013.04.29 02:03:40 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2013.04.25 14:49:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.25 08:25:19 | 000,000,554 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\eflugbuch 2.0.lnk
[2013.04.12 21:21:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013.05.07 21:17:24 | 000,890,825 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\SecurityCheck.exe
[2013.05.07 19:02:50 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDFArchitect.lnk
[2013.05.07 19:02:50 | 000,000,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDFCreator.lnk
[2013.05.07 19:02:19 | 000,000,822 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Check for Updates.lnk
[2013.05.07 19:01:50 | 000,162,560 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\PDFCreatorSetup.exe
[2013.05.07 15:12:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.07 13:18:40 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013.05.07 13:18:39 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.05.07 13:17:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.07 13:17:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.07 13:17:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.07 13:17:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.07 13:17:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.07 13:09:00 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\adwcleaner.exe
[2013.05.02 11:46:50 | 000,001,002 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Dropbox.lnk
[2013.05.02 11:46:10 | 000,001,032 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.02 11:30:34 | 000,001,442 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.05.02 11:27:50 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2013.04.30 11:09:08 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2013.04.29 16:50:32 | 000,368,000 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\showreelA.MP4.sfk
[2013.04.12 20:26:21 | 000,001,366 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Registry kostenlos entrümpeln!.lnk
[2013.04.03 22:08:47 | 001,169,609 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013.04.03 22:08:47 | 000,085,645 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013.04.03 15:51:28 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013.03.26 21:53:55 | 000,000,950 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.01.11 12:08:30 | 000,933,400 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.12.26 19:24:30 | 000,010,639 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\butsch3_elster_2048.pfx
[2012.12.07 19:07:26 | 000,010,599 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\butsch1_elster_2048.pfx
[2012.11.20 14:17:53 | 000,000,607 | ---- | C] () -- C:\WINDOWS\MikroKopter-Tool.INI
[2012.08.21 12:52:00 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012.03.12 09:02:58 | 000,027,976 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2012.03.12 09:02:58 | 000,019,272 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2012.02.15 19:18:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.03 01:04:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.31 02:11:59 | 000,000,897 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\.recently-used.xbel
[2010.04.09 16:13:51 | 000,018,268 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\TempResizeJpeg.JPG
[2010.03.15 22:35:19 | 000,004,978 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kbkwknay.ayh
[2009.12.21 16:02:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\$_hpcst$.hpc
[2009.12.03 13:15:48 | 000,104,448 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.22 15:32:54 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2009.05.20 06:51:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 06:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.05.02 11:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.08.24 19:18:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AeroSIM_RC
[2013.03.26 22:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2009.12.02 13:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.04.01 14:40:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.03.16 18:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011.10.25 17:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\install_clap
[2012.10.21 11:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks
[2011.06.21 14:08:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.10.02 23:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012.11.25 21:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2010.03.12 18:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.10.25 17:08:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDVD
[2010.03.12 19:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft
[2013.03.31 15:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rosetta Stone
[2013.03.10 21:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RosettaStoneLtdBackup
[2010.04.01 14:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2012.03.12 09:02:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SolidDocuments
[2010.05.15 20:17:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2012.11.29 17:04:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.04.11 09:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2010.03.09 22:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications
[2010.08.09 15:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.05.20 17:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2010.03.04 17:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.11.25 21:51:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012.01.23 09:17:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D423354A-E70D-49AC-B74E-9DB73BB8ACA3}
[2012.11.25 21:51:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2010.10.25 13:30:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\4Media
[2010.10.25 13:48:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\AnvSoft
[2013.03.26 21:55:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Buhl Data Service
[2010.04.09 16:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Canon
[2013.03.25 16:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\DriverTurbo
[2013.05.07 15:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox
[2013.03.30 16:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\DVDVideoSoft
[2010.03.16 18:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\GARMIN
[2010.10.06 13:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\gtk-2.0
[2012.10.21 11:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Juniper Networks
[2010.03.14 23:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\MAGIX
[2010.03.15 22:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\MOVAVI
[2010.04.01 14:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\No Company Name
[2010.03.12 19:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Notepad++
[2010.03.09 20:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\NVD
[2013.05.07 19:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\pdfforge
[2010.05.15 20:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Publish Providers
[2012.10.12 08:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\SoftGrid Client
[2012.03.12 09:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\SolidDocuments
[2013.04.03 21:17:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Sony
[2010.10.19 16:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Sony Creative Software
[2013.04.03 17:12:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Strongvault
[2013.04.03 15:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Systweak
[2011.02.22 21:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Telefónica
[2010.04.11 09:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\TomTom
[2010.03.09 20:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\TP
[2012.10.17 18:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\UseNeXT
========== Purity Check ==========
< End of report > --- --- ---
SystemLook 30.07.11 by jpshortstuff
Log created at 21:31 on 07/05/2013 by lsy
Administrator - Elevation successful
========== filefind ==========
Searching for "*infoatoms*"
C:\Programme\InfoAtoms\Chrome\InfoAtoms.crx --a---- 13154 bytes [14:39 03/04/2013] [14:39 03/04/2013] 88C5783C109DDED1A07BCA1B58136664
C:\Programme\InfoAtoms\FireFox\infoatoms@infoatoms.com.xpi --a---- 11714 bytes [14:39 03/04/2013] [14:39 03/04/2013] 8A5A3644AA05DF7EAB594614FBFC06F4
C:\Programme\InfoAtoms\IE32\InfoAtomsClientIE.dll --a---- 143856 bytes [00:22 26/03/2013] [00:22 26/03/2013] 7761080E3B59800D59BF62D52AF1BC4B
========== folderfind ==========
Searching for "*infoatoms*"
C:\Programme\InfoAtoms d------ [14:38 03/04/2013]
C:\Programme\Mozilla Firefox\extensions\infoatoms@infoatoms.com d------ [15:09 24/04/2013]
========== regfind ==========
Searching for "infoatoms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk]
"path"="C:\Programme\InfoAtoms\Chrome\InfoAtoms.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\InfoAtoms]
[HKEY_LOCAL_MACHINE\SOFTWARE\InfoAtoms]
"InstallDir"="C:\Programme\InfoAtoms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\infoatoms_d3803163]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms]
"DisplayName"="InfoAtoms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms]
"DisplayIcon"=""C:\Programme\InfoAtoms\Uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms]
"Publisher"="InfoAtoms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms]
"UninstallString"=""C:\Programme\InfoAtoms\Uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"infoatoms@infoatoms.com"="C:\Programme\Mozilla Firefox\extensions\infoatoms@infoatoms.com"
Searching for " "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOKUME~1\lsy\LOKALE~1\Temp\NEW33.tmp.exe"="Setup Launcher "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\ComboFix\WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe"="Win32 Cabinet Self-Extractor "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Dokumente und Einstellungen\lsy\Desktop\mbam-setup-1.75.0.1300.exe"="Malwarebytes Anti-Malware "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList]
"SanDiskIMb"="E-USB Fl;ash ; "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_PowerSavingUtility_2.0L22b_1022036\setup.exe"="Setup Launcher "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_DisplayManager_6.1L32_1022022\setup.exe"="Setup Launcher "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\FJ_WLS_2.1L11_1028065\Setup.exe"="Setup Launcher "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_SystemExtensionUtility_2.60_1022297\setup.exe"="Fujitsu System Extension Utility Setup "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_ShockSensUtil_1.0L23a_1007180\Setup.exe"="Setup Launcher "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\TEMP\7ZipSfx.000\GoogleEarth.exe"="Setup Launcher "
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\TEMP\._msige52\GoogleEarth.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOKUME~1\lsy\LOKALE~1\Temp\NEW33.tmp.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\ComboFix\WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe"="Win32 Cabinet Self-Extractor "
[HKEY_USERS\S-1-5-21-4205484421-4246644686-1900187304-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Dokumente und Einstellungen\lsy\Desktop\mbam-setup-1.75.0.1300.exe"="Malwarebytes Anti-Malware "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_PowerSavingUtility_2.0L22b_1022036\setup.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_DisplayManager_6.1L32_1022022\setup.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\FJ_WLS_2.1L11_1028065\Setup.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_SystemExtensionUtility_2.60_1022297\setup.exe"="Fujitsu System Extension Utility Setup "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\AddOn\Preinst\Fj_ShockSensUtil_1.0L23a_1007180\Setup.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\TEMP\7ZipSfx.000\GoogleEarth.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\TEMP\._msige52\GoogleEarth.exe"="Setup Launcher "
-= EOF =-
So, fertig.....
:crazy:
bin gespannt jetzt ob der tolle Trojaner von der Festplatte verbannt ist....
:Boogie: |