Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Fix eingefangen, Windows 7, 64bit (https://www.trojaner-board.de/105357-system-fix-eingefangen-windows-7-64bit.html)

pekron 23.11.2011 18:00
System Fix eingefangen, Windows 7, 64bit
 
Hi,

war heute nur kurza auf Toilette, kam zurueck und mein PC wurde mit Meldungen überflutet. Kam mir etwas spanisch vor, weil alles auf Englisch war.
Habe jetzt Internet an´s laufen bekommen, Antivir findet aber nichts. Spybot läuft gerade im HG, aber ich vertraue da mal besser auf euch.

Hier die OTL Auswertung, nach der Anleitung wie ich Sie in einem anderen Thread gefunden habe:

Code:
OTL logfile created on: 23.11.2011 17:38:48 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 50,09% Memory free
7,87 Gb Paging File | 5,76 Gb Available in Paging File | 73,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 37,72 Gb Free Space | 12,66% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD | User Name: PeKron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\XjyEaLOxlHdnnto.exe (R Soft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\PeKron\AppData\Local\Apps\2.0\90W2PHGV.18K\VXNAN7DK.3NH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Windows\SysWOW64\MPK\MPK.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e6262eb0590a960d18c79521c4c6ddfc\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Users\PeKron\AppData\Local\Apps\2.0\90W2PHGV.18K\VXNAN7DK.3NH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\SysWOW64\MPK\Mpk.dll ()
MOD - C:\Windows\SysWOW64\MPK\MPK.exe ()
MOD - C:\Windows\SysWOW64\MPK\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (SDHookService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SearchAnonymizer) -- C:\Users\PeKron\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwLv64)    Intel(R) -- C:\Windows\SysNative\drivers\NETwLv64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech                  )
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (iaNvStor) Intel(R) -- C:\Windows\SysNative\drivers\iaNvStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (SDHookDriver) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys ()
DRV - (PCDSRVC{127174DC-C366ED8B-06020000}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 F9 BD 79 A2 1C CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\PeKron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\PeKron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PeKron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PeKron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 21:56:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.01 21:10:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.10 10:40:20 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.12 16:02:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Extensions
[2010.12.12 14:02:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.12 16:02:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.12.18 10:45:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\gkv0u02z.default\extensions
[2010.12.12 01:05:21 | 000,000,000 | -H-D | M] ("FxIF") -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\gkv0u02z.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010.12.18 10:45:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\gkv0u02z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.11 20:05:23 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\gkv0u02z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.12 01:43:30 | 000,000,000 | -H-D | M] (Fox!Box) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\gkv0u02z.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.11.21 18:44:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions
[2011.08.25 11:44:52 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.12.16 18:29:33 | 000,000,000 | -H-D | M] (Oskar) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010.12.16 16:59:37 | 000,000,000 | -H-D | M] (Aero Fox XL) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.12.12 14:37:19 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.14 17:34:50 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.19 14:41:08 | 000,000,000 | -H-D | M] (Classic Compact) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011.04.01 08:56:16 | 000,000,000 | -H-D | M] (Fox!Box [de]) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.12.12 14:37:24 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.11.14 17:35:36 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.05 03:52:50 | 000,000,000 | -H-D | M] (FDislike) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\fbdislike@doweb.fr
[2011.11.21 18:44:33 | 000,000,000 | -H-D | M] (HTTPS-Everywhere) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\https-everywhere@eff.org
[2010.12.12 14:37:13 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\moveplayer@movenetworks.com
[2011.11.10 10:41:10 | 000,000,000 | -H-D | M] (Foxit PDF Creator Toolbar) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\toolbar@ask.com
[2010.12.16 16:59:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011.11.19 14:41:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011.11.19 14:41:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\devtools
[2011.11.19 14:41:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PeKron\AppData\Roaming\mozilla\Firefox\Profiles\s5onry2w.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2010.12.12 01:44:40 | 000,002,740 | -H-- | M] () -- C:\Users\PeKron\AppData\Roaming\Mozilla\Firefox\Profiles\gkv0u02z.default\searchplugins\imdb.xml
[2010.12.12 01:44:50 | 000,005,389 | -H-- | M] () -- C:\Users\PeKron\AppData\Roaming\Mozilla\Firefox\Profiles\gkv0u02z.default\searchplugins\ofdb.xml
[2010.12.12 01:45:32 | 000,001,030 | -H-- | M] () -- C:\Users\PeKron\AppData\Roaming\Mozilla\Firefox\Profiles\gkv0u02z.default\searchplugins\wikipedia-de.xml
[2010.12.12 11:40:12 | 000,004,140 | -H-- | M] () -- C:\Users\PeKron\AppData\Roaming\Mozilla\Firefox\Profiles\gkv0u02z.default\searchplugins\youtube.xml
[2011.11.09 21:56:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.05.12 20:24:11 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.11.09 21:56:02 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 02:52:52 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.19 20:15:39 | 000,002,048 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.23 02:52:52 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PeKron\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PeKron\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PeKron\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\PeKron\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\PeKron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
 
O1 HOSTS File: ([2010.12.11 23:34:38 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\PeKron\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GwDAKVOVed.exe] C:\ProgramData\GwDAKVOVed.exe (R Soft)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [XjyEaLOxlHdnnto.exe] C:\ProgramData\XjyEaLOxlHdnnto.exe (R Soft)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\PeKron\AppData\Local\Apps\2.0\90W2PHGV.18K\VXNAN7DK.3NH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PeKron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PeKron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F4DBE8-5629-4C57-9608-78D1F2535BE5}: NameServer = 192.168.1.25,141.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCBCEAD1-84B7-4715-B8D9-C45EC69BE84F}: DhcpNameServer = 192.168.1.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - C:\Windows\SysWOW64\MPK\MPK.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.23 17:37:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011.11.23 17:33:38 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Users\PeKron\Desktop\OTL.exe
[2011.11.23 16:57:00 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.23 16:56:00 | 000,381,952 | -H-- | C] (R Soft) -- C:\ProgramData\XwtDyXqP5tmC1A.exe
[2011.11.23 16:32:59 | 000,488,448 | -HS- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.23 16:31:32 | 000,492,544 | -HS- | C] (R Soft) -- C:\ProgramData\XjyEaLOxlHdnnto.exe
[2011.11.22 10:36:09 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Local\{07178A71-44E2-41B1-859F-5128D9AF8ECE}
[2011.11.22 10:35:57 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Local\{11056F9B-AF2F-4708-B799-CF6A34033FA8}
[2011.11.21 22:35:43 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Local\{8B465862-9A79-4C5B-A9C5-2EEA37EAB051}
[2011.11.21 22:35:31 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Local\{D288B21C-6E6D-44BF-A4C3-90200EF85839}
[2011.11.15 16:38:21 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\Desktop\FW-PL3071
[2011.11.15 15:47:53 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\Desktop\sdasd
[2011.11.15 15:37:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.11.15 14:57:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.11.15 14:22:16 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\Desktop\Adobe Photoshop CS5.1
[2011.11.15 14:21:16 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.15 14:20:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011.11.14 17:39:46 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\Desktop\ausgesucht
[2011.11.13 21:08:50 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\Desktop\willi
[2011.11.07 14:00:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.11.07 13:35:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011.11.07 13:35:05 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2011.11.07 13:35:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.23 17:37:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011.11.23 17:31:46 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Users\PeKron\Desktop\OTL.exe
[2011.11.23 17:31:45 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-194936877-2178298848-4178176982-1000UA.job
[2011.11.23 17:10:20 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 17:10:20 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 17:09:21 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 17:09:21 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 17:09:21 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 17:09:21 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 17:09:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 17:02:44 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.23 17:01:23 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.23 17:01:18 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.23 17:00:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.23 17:00:29 | 3169,529,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 16:57:01 | 000,000,649 | -H-- | M] () -- C:\Users\PeKron\Desktop\System Fix.lnk
[2011.11.23 16:57:00 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XwtDyXqP5tmC1A
[2011.11.23 16:57:00 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~XwtDyXqP5tmC1Ar
[2011.11.23 16:56:49 | 000,000,344 | -H-- | M] () -- C:\ProgramData\XwtDyXqP5tmC1A
[2011.11.23 16:56:00 | 000,381,952 | -H-- | M] (R Soft) -- C:\ProgramData\XwtDyXqP5tmC1A.exe
[2011.11.23 16:49:30 | 004,848,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.23 16:30:53 | 000,492,544 | -HS- | M] (R Soft) -- C:\ProgramData\XjyEaLOxlHdnnto.exe
[2011.11.23 16:29:19 | 000,488,448 | -HS- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.23 15:02:34 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.11.23 10:31:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-194936877-2178298848-4178176982-1000Core.job
[2011.11.22 11:10:57 | 000,019,883 | -H-- | M] () -- C:\Users\PeKron\Desktop\B73EFd01.pdf
[2011.11.21 16:51:06 | 000,053,411 | -H-- | M] () -- C:\Users\PeKron\Desktop\262198_104914556270464_100002557595930_55050_3129171_n.jpg
[2011.11.20 12:19:34 | 000,002,402 | -H-- | M] () -- C:\Users\PeKron\Desktop\Google Chrome.lnk
[2011.11.16 11:15:27 | 000,000,121 | -H-- | M] () -- C:\Users\PeKron\AppData\Local\Images.fl
[2011.11.15 16:38:08 | 000,457,440 | -H-- | M] () -- C:\Users\PeKron\Desktop\FW-PL3071.zip
[2011.11.15 14:19:59 | 002,479,184 | -H-- | M] () -- C:\Users\PeKron\Desktop\AdobeDownloadAssistant.exe
[2011.11.07 12:23:54 | 000,617,159 | -H-- | M] () -- C:\Users\PeKron\Documents\au-07.11.11.jpg 001.jpg
[2011.11.06 21:52:41 | 000,000,054 | -H-- | M] () -- C:\Users\PeKron\AppData\Roaming\Opusbext.dat
[2011.10.27 10:03:22 | 000,626,543 | -H-- | M] () -- C:\Users\PeKron\Documents\au-20.11 001.jpg
 
========== Files Created - No Company Name ==========
 
[2011.11.23 16:57:01 | 000,000,649 | -H-- | C] () -- C:\Users\PeKron\Desktop\System Fix.lnk
[2011.11.23 16:57:00 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XwtDyXqP5tmC1A
[2011.11.23 16:57:00 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~XwtDyXqP5tmC1Ar
[2011.11.23 16:56:49 | 000,000,344 | -H-- | C] () -- C:\ProgramData\XwtDyXqP5tmC1A
[2011.11.22 11:11:25 | 000,019,883 | -H-- | C] () -- C:\Users\PeKron\Desktop\B73EFd01.pdf
[2011.11.21 16:51:05 | 000,053,411 | -H-- | C] () -- C:\Users\PeKron\Desktop\262198_104914556270464_100002557595930_55050_3129171_n.jpg
[2011.11.15 16:38:04 | 000,457,440 | -H-- | C] () -- C:\Users\PeKron\Desktop\FW-PL3071.zip
[2011.11.15 14:19:55 | 002,479,184 | -H-- | C] () -- C:\Users\PeKron\Desktop\AdobeDownloadAssistant.exe
[2011.11.07 14:00:20 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 14:00:18 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 14:00:16 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 12:23:54 | 000,617,159 | -H-- | C] () -- C:\Users\PeKron\Documents\au-07.11.11.jpg 001.jpg
[2011.10.27 10:03:22 | 000,626,543 | -H-- | C] () -- C:\Users\PeKron\Documents\au-20.11 001.jpg
[2011.09.12 16:26:52 | 000,000,000 | -H-- | C] () -- C:\Users\PeKron\AppData\Roaming\JFritz.lock
[2011.05.29 13:46:53 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.12.23 02:25:46 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2010.12.23 02:25:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2010.12.23 02:25:46 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2010.12.19 23:28:40 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.19 23:28:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.16 12:28:23 | 000,000,121 | -H-- | C] () -- C:\Users\PeKron\AppData\Local\Images.fl
[2010.12.13 18:48:05 | 000,000,054 | -H-- | C] () -- C:\Users\PeKron\AppData\Roaming\Opusbext.dat
[2010.12.12 23:57:01 | 000,007,596 | -H-- | C] () -- C:\Users\PeKron\AppData\Local\Resmon.ResmonCfg
[2010.12.12 21:10:03 | 000,000,600 | -H-- | C] () -- C:\Users\PeKron\AppData\Local\PUTTY.RND
[2010.12.12 20:27:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.12 20:27:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.12 20:27:48 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.12 20:27:48 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.12 20:27:47 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.12 01:46:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.11 23:41:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.11 21:59:23 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010.12.11 21:59:23 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.12.12 01:01:35 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Azureus
[2010.12.15 19:46:52 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Canneverbe Limited
[2011.11.15 14:21:16 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.01.07 14:44:16 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\DAEMON Tools Lite
[2010.12.18 10:45:54 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.06 18:34:02 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\FileZilla
[2010.12.12 17:46:53 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Foxit Software
[2010.12.22 02:52:29 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\gnupg
[2011.11.14 17:38:43 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\ICQ
[2011.01.01 23:43:07 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\IrfanView
[2011.11.15 15:23:02 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\JFritz
[2010.12.31 14:31:08 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Leadertech
[2010.12.23 02:24:33 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Lexmark Productivity Studio
[2011.01.05 17:07:58 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Moyea
[2010.12.11 23:33:25 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\OCS
[2010.12.12 17:44:41 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\OpenOffice.org
[2010.12.11 23:33:28 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Opera
[2010.12.15 23:55:04 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\TeamViewer
[2010.12.17 22:12:54 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\TerraTec
[2010.12.12 14:02:53 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\Thunderbird
[2010.12.12 16:02:49 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\TomTom
[2010.12.12 07:52:47 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\TrueCrypt
[2011.11.21 14:58:51 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\uTorrent
[2011.11.16 11:15:59 | 000,000,000 | -H-D | M] -- C:\Users\PeKron\AppData\Roaming\VSO
[2011.11.23 17:02:44 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2010.12.11 22:47:03 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.11.23 17:01:18 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.23 17:01:23 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009.07.14 06:08:49 | 000,013,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.23 15:02:34 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\Users\PeKron\Documents\au_19_9_2010 [Desktop Auflösung].jpg:VsoSummaryInformation
@Alternate Data Stream - 85 bytes -> C:\Users\PeKron\Documents\au_01_03_10 [].jpg:VsoSummaryInformation
@Alternate Data Stream - 85 bytes -> C:\Users\PeKron\Documents\au.jpg.jpg:VsoSummaryInformation

< End of report >
OTL: Extras

Code:
OTL Extras logfile created on: 23.11.2011 17:38:48 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 50,09% Memory free
7,87 Gb Paging File | 5,76 Gb Available in Paging File | 73,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 37,72 Gb Free Space | 12,66% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD | User Name: PeKron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066F8650-82AC-3CC5-BB84-8517F69803BF}" = Google Talk Plugin
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.2.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GnuPG" = GNU Privacy Guard
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"Steam App 240" = Counter-Strike: Source
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Bitte inständig um Hilfe :( :(

markusg 23.11.2011 18:37
hiho
bitte spybot abbrechen und auch gleich deinstalieren, stört die reinigung, pc neustarten

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
PRC - C:\ProgramData\XjyEaLOxlHdnnto.exe (R Soft)
O4 - HKLM..\Run: [XjyEaLOxlHdnnto.exe] C:\ProgramData\XjyEaLOxlHdnnto.exe (R Soft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[2011.11.23 16:57:00 | 000,000,000 | -H-D | C] -- C:\Users\PeKron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.23 16:56:00 | 000,381,952 | -H-- | C] (R Soft) -- C:\ProgramData\XwtDyXqP5tmC1A.exe
[2011.11.23 16:32:59 | 000,488,448 | -HS- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe
[2011.11.23 16:31:32 | 000,492,544 | -HS- | C] (R Soft) -- C:\ProgramData\XjyEaLOxlHdnnto.exe
:Files
C:\ProgramData\XjyEaLOxlHdnnto.exe
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

pekron 23.11.2011 21:24
Hi,

okay, das hat soweit geklappt, vielen Dank :)
Das Programm schloß sich direkt - die Dateien sind auch wieder sichtbar. Gleich starte ich mal neu. Die Zip habe ich hochgeladen.

Hier der Output der Datei:

Code:
========== OTL ==========
Process XjyEaLOxlHdnnto.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XjyEaLOxlHdnnto.exe deleted successfully.
C:\ProgramData\XjyEaLOxlHdnnto.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
C:\Users\PeKron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully.
C:\ProgramData\XwtDyXqP5tmC1A.exe moved successfully.
C:\ProgramData\GwDAKVOVed.exe moved successfully.
File C:\ProgramData\XjyEaLOxlHdnnto.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\XjyEaLOxlHdnnto.exe not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.31.0 log created on 11232011_203928
Eine Frage habe ich allerdings noch:

Ich hätte das System ja schon ganz gerne sicher. So wie das ausschaut war es das ja anscheinend nicht. Ich habe noch eine mit Truecrypt verschlüsselte externe Festplatte die zum Zeitpunkt der Feststellung entschlüsselt und gemountet war. Wie verfahre ich damit? Die ist momentan aus.

Ferner wäre ich sehr dankbar über ein paar Tipps/Programme wie ich sowas in Zukunft vermeide. Ich weiss, aus anderen Threads, das wir wohl noch nicht durch sind, deswegen warte ich mal auf eine Antwort :)

Auf jeden Fall schon mal ein dickes DANKE für die kompetente und tolle Hilfe, echt super :)

pekron 23.11.2011 21:35
Nachtrag:

Hab mal neugestartet.
PC läuft nun wieder wesentlich flotter als vorher, ich merk gerade nix mehr von dem Schädling. Allerdings: Startmenü listet zwar unter "Alle Programme" die installierten Sachen, aber das Menü ansich ist extrem klein. Rechts neben Programmen wo eigentlich Systemsteuerung, Drucker etc... sein sollte ist nur "Verwaltung" - und das ist leer.
Auf dem Desktop sieht man wieder Icons, natürlich unsortiert und die Hälfte fehlt. Dazu irgendeinen Tipp?

markusg 23.11.2011 21:40
jo wir sind ja noch nicht ganz durch
danke für den upload
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

pekron 23.11.2011 22:57
Okay, hier das Log:

[code]
Combofix Logfile:
Code:
ComboFix 11-11-23.01 - PeKron 23.11.2011  22:02:54.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.4030.2433 [GMT 1:00]
ausgeführt von:: c:\users\PeKron\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40817_5300923495
c:\programdata\MPK\1\I40817_5329803588
c:\programdata\MPK\1\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\REFOG Free Keylogger\ REFOG Free Keylogger im Internet.lnk
c:\programdata\MPK\REFOG Free Keylogger\Jetzt bestellen!.lnk
c:\programdata\MPK\REFOG Free Keylogger\Rabatt holen!.lnk
c:\programdata\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk
c:\programdata\MPK\S0000
c:\users\PeKron\Desktop\System Fix.lnk
c:\windows\SysWow64\AF15BDAEX.dll
c:\windows\SysWow64\MPK
c:\windows\SysWow64\MPK\Help\English\alarms.htm
c:\windows\SysWow64\MPK\Help\English\clipboard.htm
c:\windows\SysWow64\MPK\Help\English\computer.htm
c:\windows\SysWow64\MPK\Help\English\delivery.htm
c:\windows\SysWow64\MPK\Help\English\file.htm
c:\windows\SysWow64\MPK\Help\English\filters.htm
c:\windows\SysWow64\MPK\Help\English\imhelp.htm
c:\windows\SysWow64\MPK\Help\English\internet.htm
c:\windows\SysWow64\MPK\Help\English\invisible.htm
c:\windows\SysWow64\MPK\Help\English\keyboard.htm
c:\windows\SysWow64\MPK\Help\English\log_size.htm
c:\windows\SysWow64\MPK\Help\English\logging.htm
c:\windows\SysWow64\MPK\Help\English\need_update_net.htm
c:\windows\SysWow64\MPK\Help\English\password.htm
c:\windows\SysWow64\MPK\Help\English\programs.htm
c:\windows\SysWow64\MPK\Help\English\screenshot.htm
c:\windows\SysWow64\MPK\Help\English\settings_node.htm
c:\windows\SysWow64\MPK\Help\English\update.htm
c:\windows\SysWow64\MPK\Help\English\users_node.htm
c:\windows\SysWow64\MPK\Help\German\alarms.htm
c:\windows\SysWow64\MPK\Help\German\clipboard.htm
c:\windows\SysWow64\MPK\Help\German\computer.htm
c:\windows\SysWow64\MPK\Help\German\delivery.htm
c:\windows\SysWow64\MPK\Help\German\file.htm
c:\windows\SysWow64\MPK\Help\German\filters.htm
c:\windows\SysWow64\MPK\Help\German\imhelp.htm
c:\windows\SysWow64\MPK\Help\German\internet.htm
c:\windows\SysWow64\MPK\Help\German\invisible.htm
c:\windows\SysWow64\MPK\Help\German\keyboard.htm
c:\windows\SysWow64\MPK\Help\German\log_size.htm
c:\windows\SysWow64\MPK\Help\German\logging.htm
c:\windows\SysWow64\MPK\Help\German\need_update_net.htm
c:\windows\SysWow64\MPK\Help\German\password.htm
c:\windows\SysWow64\MPK\Help\German\programs.htm
c:\windows\SysWow64\MPK\Help\German\screenshot.htm
c:\windows\SysWow64\MPK\Help\German\settings_node.htm
c:\windows\SysWow64\MPK\Help\German\users_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm
c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\computer.htm
c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm
c:\windows\SysWow64\MPK\Help\Spanish\filters.htm
c:\windows\SysWow64\MPK\Help\Spanish\internet.htm
c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm
c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm
c:\windows\SysWow64\MPK\Help\Spanish\logging.htm
c:\windows\SysWow64\MPK\Help\Spanish\password.htm
c:\windows\SysWow64\MPK\Help\Spanish\programs.htm
c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm
c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm
c:\windows\SysWow64\MPK\icon_1.ico
c:\windows\SysWow64\MPK\Images\vista_hide.bmp
c:\windows\SysWow64\MPK\Images\xp_hide.bmp
c:\windows\SysWow64\MPK\Lang\Brazilian.frc
c:\windows\SysWow64\MPK\Lang\Brazilian.lng
c:\windows\SysWow64\MPK\Lang\English.frc
c:\windows\SysWow64\MPK\Lang\French.frc
c:\windows\SysWow64\MPK\Lang\French.lng
c:\windows\SysWow64\MPK\Lang\German.frc
c:\windows\SysWow64\MPK\Lang\German.lng
c:\windows\SysWow64\MPK\Lang\Italian.frc
c:\windows\SysWow64\MPK\Lang\Italian.lng
c:\windows\SysWow64\MPK\Lang\Japanese.frc
c:\windows\SysWow64\MPK\Lang\Japanese.lng
c:\windows\SysWow64\MPK\Lang\Polish.lng
c:\windows\SysWow64\MPK\Lang\Portuguese.frc
c:\windows\SysWow64\MPK\Lang\Portuguese.lng
c:\windows\SysWow64\MPK\Lang\Romanian.frc
c:\windows\SysWow64\MPK\Lang\Romanian.lng
c:\windows\SysWow64\MPK\Lang\Russian.frc
c:\windows\SysWow64\MPK\Lang\Spanish.frc
c:\windows\SysWow64\MPK\Lang\Spanish.lng
c:\windows\SysWow64\MPK\lnkmst.exe
c:\windows\SysWow64\MPK\Mpk.dll
c:\windows\SysWow64\MPK\MPK.exe
c:\windows\SysWow64\MPK\Mpk64.dll
c:\windows\SysWow64\MPK\MPK64.exe
c:\windows\SysWow64\MPK\MPKView.exe
c:\windows\SysWow64\MPK\sqlite3.dll
c:\windows\SysWow64\MPK\unins000.dat
c:\windows\SysWow64\MPK\unins000.exe
c:\windows\SysWow64\MPK\unins000.msg
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-23 bis 2011-11-23  ))))))))))))))))))))))))))))))
.
.
2011-11-23 21:39 . 2011-11-23 21:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-23 19:48 . 2011-11-23 19:48        684297        ----a-w-        C:\unhide.exe
2011-11-23 19:39 . 2011-11-23 20:21        --------        d-----w-        C:\_OTL
2011-11-23 16:37 . 2011-11-23 16:37        584192        ----a-w-        C:\OTL.exe
2011-11-15 14:37 . 2011-11-15 14:37        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2011-11-15 13:57 . 2011-11-15 14:29        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-11-15 13:21 . 2011-11-15 13:21        --------        d-----w-        c:\users\PeKron\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-11-15 13:20 . 2011-11-15 13:20        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2011-11-07 13:00 . 2011-11-17 16:30        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 20:15 . 2011-06-06 09:50        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29        1490312        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-12-11 1496528]
"AVMUSBFernanschluss"="c:\users\PeKron\AppData\Local\Apps\2.0\90W2PHGV.18K\VXNAN7DK.3NH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-01-13 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-11-05 1129832]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-11-05 164200]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-09-08 24560]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-11-05 75112]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\PeKron\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-12-11 40960]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 NETwLv64;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 64-Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194936877-2178298848-4178176982-1000Core.job
- c:\users\PeKron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 11:20]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194936877-2178298848-4178176982-1000UA.job
- c:\users\PeKron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 11:20]
.
2010-12-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:16]
.
2011-11-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 85328]
"TpShocks"="TpShocks.exe" [2010-07-01 380776]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"nwiz"="nwiz.exe" [2009-08-26 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-05 16336488]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"Ocs_SM"="c:\users\PeKron\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-12-11 106496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\PeKron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{B4F4DBE8-5629-4C57-9608-78D1F2535BE5}: NameServer = 192.168.1.25,141.1.1.1
FF - ProfilePath - c:\users\PeKron\AppData\Roaming\Mozilla\Firefox\Profiles\s5onry2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - 137.99.11.86
FF - prefs.js: network.proxy.http_port - 3124
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-GwDAKVOVed.exe - c:\programdata\GwDAKVOVed.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{127174DC-C366ED8B-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-23  22:42:31
ComboFix-quarantined-files.txt  2011-11-23 21:42
.
Vor Suchlauf: 12 Verzeichnis(se), 41.456.386.048 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 40.968.716.288 Bytes frei
.
- - End Of File - - 706BA2834960B403EC5B872A2A474537
--- --- ---


Bereit weitere Befehle zu empfangen :D

markusg 24.11.2011 12:59
ok strammgestanden und weitergearbeitet...
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

pekron 24.11.2011 13:03
Soll ich meine externe, mit Truecrypt verschlüsselte Festplatte zu dem Scan anmachen? Die war als SystemFix auftrat auch angeschaltet...

markusg 24.11.2011 13:04
eigendlich nicht nötig aber du kannst es ja sicherheitshalber mal machen

pekron 24.11.2011 13:06
Okay, die ist auch leer.
Sprich da muss ich mit unhide noch mal drüberbügeln.
Drecks-Trojaner :D

pekron 24.11.2011 16:59
So, hier das Log:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8231

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.11.2011 16:58:44
mbam-log-2011-11-24 (16-58-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Durchsuchte Objekte: 444567
Laufzeit: 1 Stunde(n), 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\_OTL\movedfiles\11232011_203928\c_programdata\gwdakvoved.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11232011_203928\c_programdata\xjyealoxlhdnnto.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11232011_203928\c_programdata\xwtdyxqp5tmc1a.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

markusg 24.11.2011 17:23
ok welche probleme treten noch auf?

pekron 24.11.2011 17:24
Eigentlich keine, ich trau mich nur nicht wirklich mit dem PC zu arbeiten da ich nicht weiss ob das Zeug jetzt weg ist, oder nicht :)
Auf dem Desktop fehlen ein paar Icons, aber das ist ja zu vernachlaessigen...
Startmenü ist auch wieder voll :)

markusg 24.11.2011 17:27
jo kann man ja neu erstellen die icons.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

pekron 24.11.2011 17:34
Okay, hier die Liste:

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        10.12.2010        4,53MB        9.20.00.0 notwendig
Adobe AIR        Adobe Systems Inc.        12.06.2011                2.5.1.17730 unbekannt
Adobe Download Assistant        Adobe Systems Incorporated        14.11.2011                1.0.6 unbekannt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        10.12.2010                10.0.12.36 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        10.10.2011        6,00MB        11.0.1.152 notwendig
Adobe Photoshop CS5.1        Adobe Systems Incorporated        14.11.2011        2.023MB        12.1 notwendig
Adobe Photoshop Lightroom 3.3 64-bit        Adobe        02.01.2011        381MB        3.3.1 notwendig
Android SDK Tools        Google Inc.        31.03.2011                0.7 notwendig
Anzeige am Bildschirm                10.12.2010                6.10.01 unbekannt
Apple Application Support        Apple Inc.        12.12.2010        52,8MB        1.4.1 unbekannt
Apple Mobile Device Support        Apple Inc.        12.12.2010        22,3MB        3.3.0.69 notwendig
Apple Software Update        Apple Inc.        12.12.2010        2,26MB        2.1.2.120 unnötig
Avira AntiVir Personal - Free Antivirus        Avira GmbH        12.10.2011        76,3MB        10.2.0.704 notwendig
AVM FRITZ!Box USB-Fernanschluss        AVM Berlin        12.01.2011                2.2.1.0 notwendig
Bonjour        Apple Inc.        12.12.2010        1,75MB        2.0.4.0 unbekannt
Canon Easy-PhotoPrint EX                11.12.2010                notwendig
Canon MX310 series                11.12.2010                notwendig
CCleaner        Piriform        23.11.2011                3.12 notwendig
CDBurnerXP        CDBurnerXP        14.12.2010        11,2MB        4.3.8.2474 notwendig
Counter-Strike: Source        Valve        06.01.2011                notwendig
Eraser 6.0.8.2273        The Eraser Project        14.12.2010        2,33MB        6.0.2273 unnötig
FileZilla Client 3.2.7.1                14.12.2010                3.2.7.1 nötig
Foxit PDF Creator Toolbar        Ask.com        09.11.2011        4,04MB        1.12.2.0 unnötig
Foxit Reader        Foxit Corporation        11.12.2010        11,1MB        4.3.0.1110 nötig
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        17.12.2010        10,2MB        unnötig
GNU Privacy Guard        Free Software Foundation        11.12.2010                1.4.11 nötig
Google Chrome        Google Inc.        19.03.2011                15.0.874.121 nötig
Google Talk Plugin        Google        23.11.2011        17,9MB        2.5.8.4958 unnötig
HTC BMP USB Driver        HTC        12.06.2011        0,28MB        1.0.5375 notwendig
HTC Driver Installer        HTC Corporation        12.06.2011        1,87MB        3.0.0.005 notwendig
ICQ6.5        ICQ        10.12.2010                6.5 notwendig
Intel(R) PROSet/Wireless WiFi-Software        Intel Corporation        10.12.2010        104,1MB        13.04.0000 notwendig
Intel® Turbo Memory        Intel Corporation        10.12.2010                notwendig
iTunes        Apple Inc.        12.12.2010        145,7MB        10.1.0.56 notwendig
Java(TM) 6 Update 20        Sun Microsystems, Inc.        11.12.2010        97,2MB        6.0.200 notwendig
Java(TM) 6 Update 26        Oracle        11.12.2010        95,0MB        6.0.260 notwendig
Java(TM) SE Development Kit 6 Update 24        Oracle        31.03.2011        141,2MB        1.6.0.240 unbekannt
JDownloader 0.9        AppWork GmbH        18.10.2011                0.9 unbekannt
K-Lite Codec Pack 6.6.0 (Full)                11.12.2010        48,2MB        6.6.0 notwendig
Lenovo Auto Scroll Utility                10.12.2010                1.00 notwendig
Lenovo System Interface Driver                10.12.2010                1.02 notwendig
Lenovo ThinkVantage Toolbox        PC-Doctor, Inc.        10.12.2010                6.0.5692.08 notwendig
Logitech GamePanel Software 3.06.109        Logitech Inc.        10.12.2010        20,6MB        3.06.109 unnötig
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        23.11.2011        13,8MB        1.51.2.1300 notwendig
Microsoft Silverlight        Microsoft Corporation        19.07.2011        120,1MB        4.0.60531.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        26.01.2011        1,70MB        3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        07.03.2011        0,25MB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        07.03.2011        0,25MB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        19.07.2011        0,29MB        8.0.61001 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        10.12.2010        0,82MB        8.0.61000unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        17.05.2011        0,57MB        8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        07.03.2011        0,21MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        17.05.2011        0,77MB        9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        17.05.2011        0,58MB        9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        11.12.2010        2,52MB        9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        30.12.2010        0,77MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        19.07.2011        0,77MB        9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        09.01.2011        0,23MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        06.01.2011        0,23MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        10.12.2010        0,58MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        19.07.2011        0,59MB        9.0.30729.6161 unbekannt
mkv2vob        3r1c        15.01.2011        11,2MB        2.4.9 notwendig
Mozilla Firefox 8.0 (x86 de)        Mozilla        08.11.2011        37,6MB        8.0 notwendig
Mozilla Thunderbird (3.1.16)        Mozilla        09.11.2011                3.1.16 (de) notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        17.12.2010        1,28MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        17.12.2010        1,33MB        4.20.9876.0 unbekannt
MSXML 4.0 SP3 Parser        Microsoft Corporation        12.06.2011        1,48MB        4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        19.07.2011        1,53MB        4.30.2107.0 unbekannt
NVIDIA Drivers        NVIDIA Corporation        10.12.2010                1.10 notwendig
NVIDIA nView Desktop Manager        NVIDIA Corporation        10.12.2010                121.20 unbekannt
OpenOffice.org 3.2        OpenOffice.org        11.12.2010        373MB        3.2.9502 notwendig
PDFCreator        Frank Heindörfer, Philip Chinery        12.04.2011                1.2.0 notwendig
Picasa 3        Google, Inc.        11.12.2010                3.8 notwendig
PS3 Media Server        PS3 Media Server        12.10.2011        167,1MB        1.40.0 notwendig
QuickTime        Apple Inc.        12.12.2010        73,7MB        7.68.75.0 unnötig
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02                10.12.2010                3.54.02 notwendig
SearchAnonymizer                10.12.2010                1.0.1 (de) unbekannt
Skype Toolbars        Skype Technologies S.A.        11.05.2011        6,95MB        5.3.7280 unbekannt
Skype™ 5.3        Skype Technologies S.A.        11.05.2011        22,6MB        5.3.111 notwendig
SoundMAX        Analog Devices        10.12.2010                6.10.2.7255 notwendig
Steam        Valve Corporation        03.01.2011        1,49MB        1.0.0.0 notwendig
System Update        Lenovo        10.12.2010        11,8MB        4.00.0024 notwendig
TeamSpeak 3 Client        TeamSpeak Systems GmbH        28.01.2011        unnötig       
TeamViewer 6        TeamViewer GmbH        14.12.2010                6.0.9947 notwendig
TerraTec Home Cinema                16.12.2010                6.18.0 unnötig
ThinkPad Bluetooth with Enhanced Data Rate Software        Broadcom Corporation        10.12.2010        144,7MB        6.2.1.2900 notwendig
ThinkPad Energie-Manager                10.12.2010                3.31 notwendig
ThinkPad FullScreen Magnifier                10.12.2010                2.15 notwendig
ThinkPad Power Management Driver                10.12.2010                1.60.0.4 notwendig
ThinkPad UltraNav Driver                10.12.2010        46,4MB        15.1.19.0 notwendig
ThinkVantage Fingerprint Software        UPEK Inc.        10.12.2010        50,3MB        5.9.3.6581 notwendig
ThinkVantage System für aktiven Festplattenschutz        Lenovo        10.12.2010        15,6MB        1.72 notwendig
ThinkVantage System Update                11.12.2010                notwendig
TomTom HOME 2.7.6.2056        TomTom        11.12.2010                2.7.6.2056 notwendig
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        11.12.2010        1,88MB        1.0.2 notwendig
TrueCrypt        TrueCrypt Foundation        10.12.2010                7.0a notwendig
Uninstall 1.0.0.1                17.12.2010        10,2MB        unbekannt
VLC media player 1.1.5        VideoLAN        11.12.2010                1.1.5 notwendig
VSO Image Resizer 4.0.2.5        VSO-Software        11.12.2010        30,7MB        4.0.2.5 notwendig
Winamp        Nullsoft, Inc        10.12.2010                5.601  notwendig
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)        Broadcom        10.12.2010                04/08/2010 6.3.5.430 notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)        Broadcom        10.12.2010                07/28/2009 6.2.0.9800 notwendig
Windows Live Essentials        Microsoft Corporation        11.08.2011                15.4.3538.0513 unbekannt
Wolfenstein - Enemy Territory                11.12.2010                notwendig
µTorrent                14.12.2010                2.2.0 notwendig


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:38 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131