|
Trojanercheck Hallo :) ich hatte die VErmutung, dass ich einen Trojaner hatte,da ich gehackt wurde in einem Mmorpg Habe deshalb Malwarebytes laufen lassen und einen Virus gefunden,den ich aber -nicht wie im Forum gesagt - bereits gelöscht habe. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Habe bereits alle Themen aus der Anleitug durchgearbeitet. Also mit Defogger ,Otl und gmer. Hier sind die Logs. Gruß, Valeri. OTL Extras logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{194F92B6-5166-4CCE-B424-82F81A9B8244}" = rport=445 | protocol=6 | dir=out | app=system | "{1EAF7512-CA7B-4B0C-83B3-1FC3ED3834C8}" = lport=445 | protocol=6 | dir=in | app=system | "{218282BC-EDB8-4CE9-8EB6-0ED6C576C2FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{332C4088-4DC5-4FF6-9B55-A228DAEE8AD0}" = rport=137 | protocol=17 | dir=out | app=system | "{348163CE-C4A9-419C-B26A-AD24A41D6AFA}" = lport=138 | protocol=17 | dir=in | app=system | "{35413F42-EF64-4FEA-B445-0DA1201556A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3B55D995-5A9E-4EAB-9437-97368F15D7F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3EDF00F2-5F06-49E4-853B-ABF25A0B1663}" = rport=139 | protocol=6 | dir=out | app=system | "{432A998C-8CA0-42CA-A2EC-74FF4674F577}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4D75F68C-D28B-4AA2-AA72-174525F830D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70ADE8F8-E574-4256-B4FD-85F4D85969C3}" = rport=138 | protocol=17 | dir=out | app=system | "{94379A23-5DEC-48F8-AA6E-F4005298247C}" = lport=137 | protocol=17 | dir=in | app=system | "{963FC632-8086-4880-8F69-F20B323F2EAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A8EE19EF-7890-4207-A45F-3B1AFBFD35FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B27F1B80-ECED-4BD7-8D6F-5AF33DC40078}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B90CCFEC-19C3-46FF-B9B0-7EFC7CB1CDBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C50B511C-12CC-4DDB-9999-5C1FE09D5631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C9B0B8AE-4F87-4411-BC2D-E5E91C47E05D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D13DC87C-EB50-4FEA-AEAE-96A0C22384EA}" = lport=139 | protocol=6 | dir=in | app=system | "{D46F93D8-C4B9-4F7D-829C-D1264136E8FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E3BFA921-AB32-4384-92EA-B10FC755C560}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F1642DF5-A5EC-446F-AF92-563CA8A23A76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18A2094A-1C32-42D7-9649-27EDCED3D2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{281674EF-A129-4112-8936-1626D7116287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2C94AD6C-9A9E-4714-9B97-07FC39D502DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{339AF70A-F258-4A26-BBE3-ADB20A2706D9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{378E34B6-63BC-4C5F-BB25-1B72A3D09365}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43651962-42DF-44BC-A917-482C7466FD7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{51472ECD-41F5-4F17-BC9F-AE50428AAAE3}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{51D65E47-3CB8-42AC-8B06-1400486D3D71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{566DB6B8-5AD4-4D88-9A20-DE1D99EDD477}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B76AE97B-F48E-4618-AEF7-200B14CD1F03}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B7EB5C4D-2A6B-4EC4-8660-26CA116E5341}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "{C8651226-F3C8-4E8C-97DC-673F1E55179C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{D257A0C3-99EC-4462-B579-EFA36C4EDFD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D5165636-A1C5-4D75-ADE3-CB7AC06980E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{D9E9E2C4-35AF-4A9F-9D2C-7B30757608AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{E145C08F-9385-433A-8F3C-492AD40CF22F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{E3B6CE2C-B7A2-4D04-B196-8021A84B044D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E6FE9665-9D13-4C21-A885-AD355D16D06A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E843DD68-C316-437F-8841-41F991CFB5A4}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "TCP Query User{2AE3B932-FA19-48E9-BFC8-18657973F741}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A6CF1B7F-066B-4A9F-B344-BEAD5E91C404}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "TCP Query User{AAFFFE36-818F-460C-BFE3-6345CC9740F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C18FD6AC-FAF0-4AE9-B95F-22CF0DEDC565}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{104CC787-157D-4896-80A3-34AA0DD98274}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "UDP Query User{27C6005C-5917-4697-9871-840BCFC13840}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4E6F7B5E-D7EF-488B-9AF6-C09A190192A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E1113EB5-3C6D-4D09-B4A8-A858E62D7E4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0331FC5B-948B-8AC2-66FC-0D812EE03C47}" = ccc-core-static "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{143C595E-6E6A-D847-8D5D-B17192C13028}" = CCC Help Italian "{1784BBBA-2820-AE9B-041C-29F1F536911F}" = CCC Help English "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4EC85AD2-5AAE-0F7D-97A2-906F094FBC2C}" = Catalyst Control Center Graphics Full New "{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding "{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64FDAF43-0317-91AF-DCC0-8FF63FA1C262}" = Catalyst Control Center Graphics Light "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CC3CCF-DEFE-6E46-FF24-EEDE75355195}" = CCC Help Spanish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8C97A120-7300-9FDB-CD8F-E035741A1156}" = ccc-core-preinstall "{8D58AC2A-6952-CCDE-14B6-505D263BE5F0}" = CCC Help Dutch "{8D58B4D9-3F0F-BFF8-498E-627059551AE5}" = Catalyst Control Center Localization All "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8F8DC6F6-B93E-78E9-4F16-5E5AE6589EBD}" = CCC Help Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C08E956F-97FC-26E3-4523-06A7743480CA}" = Skins "{C24A79B5-4FC9-EF28-A11D-4B378B618F18}" = CCC Help Korean "{C26968D9-FA2D-10E0-79AC-9714A769EC40}" = CCC Help German "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C59D305B-4E19-A823-714D-5A393E19B898}" = CCC Help French "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CA2D75F9-19F0-74F5-2C4C-0E37C198FC6A}" = CCC Help Chinese Standard "{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3 "{CDF2602A-D09F-18CC-AC6E-216124FC975B}" = Catalyst Control Center Core Implementation "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45BEFCD-72A1-042C-D484-7F39EAC2CCD9}" = CCC Help Japanese "{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB61BE4A-1E09-CA85-F03C-A78C357CA743}" = CCC Help Swedish "{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2D2B19D-F3D0-AAE7-E94C-72435EBC8663}" = ccc-utility "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{E838C67D-6D64-A995-F8D0-4F397D278635}" = CCC Help Portuguese "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE383F29-6C0D-EF89-C8A1-CCD87349A2E3}" = Catalyst Control Center Graphics Full Existing "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) "2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent "Anti-Twin 2012-08-25 17.22.56" = Anti-Twin (Installation 25.08.2012) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "avast" = avast! Free Antivirus "Avira AntiVir Desktop" = Avira Free Antivirus "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "Defraggler" = Defraggler "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free MP3 Cutter and Editor_is1" = Free MP3 Cutter and Editor 2.6 "Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1017 "HECI" = Intel(R) Management Engine Interface "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 3.0.80 (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NosTale(DE)_is1" = Nostale(DE) "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OnScreenDisplay" = Anzeige am Bildschirm "Origin" = Origin "PhotoScape" = PhotoScape "PokerStars.eu" = PokerStars.eu "Power Management Driver" = ThinkPad Power Management Driver "Prio" = Prio "Recuva" = Recuva "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sandboxie" = Sandboxie 3.74 (32-bit) "TeamViewer 7" = TeamViewer 7 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Tunatic" = Tunatic "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 2.0.3 "VMware_Player" = VMware Player "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Kalydo App Nostale" = Nostale "KalydoPlayer" = Kalydo Player 4.09.00 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.05.2012 04:52:18 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 04:55:49 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 04:55:50 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 14:51:06 | Computer Name = HIlo-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 694 Startzeit: 01cd2aa6b6b61679 Endzeit: 4774 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 06.05.2012 21:17:26 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 21:21:16 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 21:21:17 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:15:03 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ NetLimiter 3 Events ] Error - 15.10.2012 10:23:03 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 15.10.2012 10:29:23 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 19.10.2012 09:18:47 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 07:12:05 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 11:09:32 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 21.10.2012 04:58:41 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 07:42:18 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 09:24:40 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 23:34:27 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 31.10.2012 10:21:53 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired [ OSession Events ] Error - 18.04.2011 13:08:28 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 3198 seconds with 1620 seconds of active time. This session ended with a crash. Error - 18.04.2011 13:13:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 282 seconds with 240 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:48:19 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 1677 seconds with 420 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:54:37 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 351 seconds with 300 seconds of active time. This session ended with a crash. Error - 20.04.2011 06:57:20 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 156 seconds with 120 seconds of active time. This session ended with a crash. Error - 20.04.2011 07:27:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 309 seconds with 240 seconds of active time. This session ended with a crash. Error - 22.04.2011 07:26:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:31:09 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 197 seconds with 180 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:42:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 25.04.2011 14:46:48 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 756 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 03.11.2012 12:49:57 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfvfs02.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.11.2012 12:51:23 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "avast! Antivirus" ist von folgendem Dienst abhängig: aswMonFlt. Dieser Dienst ist eventuell nicht installiert. Error - 03.11.2012 12:52:24 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ATITool sfdrv01 sfvfs02 uGuru Error - 03.11.2012 12:53:17 | Computer Name = HIlo-PC | Source = DCOM | ID = 10016 Description = < End of report > OTL logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 17:46:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 10:07:02 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () -- C:\Programme\Prio\prio_svc.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 13:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) -- C:\Programme\NetLimiter 3\nlsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.08.05 16:47:52 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe PRC - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.12.05 03:38:04 | 001,242,112 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_imgproc220.dll MOD - [2010.12.05 03:38:02 | 002,010,624 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_core220.dll MOD - [2010.08.05 16:48:04 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2012.10.31 12:36:02 | 009,012,224 | ---- | M] () [Auto | Stopped] -- C:\Programme\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.30 01:51:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 11:29:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Programme\Prio\prio_svc.exe -- (prio_svc) SRV - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc) SRV - [2010.02.05 06:43:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor) SRV - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391) DRV - File not found [Unknown (0) | Boot | Unknown] -- -- (Winflash) DRV - File not found [Kernel | Boot | Stopped] -- system32\Drivers\uGuru.sys -- (uGuru) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd) DRV - [2012.11.03 17:56:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice) DRV - [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cpuidlep.sys -- (cpuidlep) DRV - [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.02 13:45:52 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.09.02 13:45:52 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.08.10 18:41:35 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.08.10 18:41:35 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.08.10 18:41:35 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011.11.13 23:43:26 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2011.11.13 23:42:40 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2011.11.13 23:42:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2011.11.13 21:33:56 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2011.11.13 21:33:56 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2011.08.29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2011.08.29 22:01:10 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2011.03.21 15:44:24 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2011.01.05 00:33:30 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.08.24 18:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.08.24 18:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.08.18 10:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010.06.16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2010.06.16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.02.05 10:14:14 | 000,661,448 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.12.08 14:11:40 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.09 16:10:16 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.22 06:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.11 17:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.06.02 15:39:22 | 000,737,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A885VCap.sys -- (CXSONORA) DRV - [2006.11.10 14:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\HIlo\Desktop\Drumstepftw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 99 A5 00 12 7B CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{514EEF3A-6F99-49FD-A418-81A056B81463}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE471 IE - HKCU\..\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=60BCEAD5-A879-4FAD-A37E-0F5B240F30D2&apn_sauid=64DF60C8-6482-49FC-8E73-BB27B672CADD IE - HKCU\..\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\HIlo\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\HIlo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2012.07.31 17:15:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 02:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 05:27:45 | 000,000,000 | ---D | M] [2012.02.10 22:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Extensions [2012.10.14 18:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions [2012.08.22 22:44:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.08.26 14:28:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.02 10:39:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.28 20:06:49 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\welcome@toolmin.com [2012.10.14 18:10:36 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\extension@hidemyass.com.xpi [2012.08.27 09:17:19 | 000,572,633 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\testpilot@labs.mozilla.com.xpi [2012.04.02 10:39:39 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 22:00:03 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.07.25 19:47:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.30 02:13:55 | 000,002,401 | ---- | M] () -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\searchplugins\Web Search.xml [2012.10.30 02:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 05:27:42 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.20 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.20 16:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.05 16:34:27 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.28 20:06:58 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.02.10 19:56:54 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 12:59:40 | 000,444,767 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15274 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C72CD9E-87F6-4CC1-A174-66E7AE539A03}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell - "" = AutoRun O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\KeePass [2012.11.02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2 [2012.11.02 07:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.02 01:57:27 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Malwarebytes [2012.11.02 01:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.02 01:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 01:56:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.02 01:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.01 23:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer [2012.11.01 23:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PSDViewer [2012.10.31 21:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prio [2012.10.31 16:24:43 | 000,071,680 | ---- | C] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.31 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATITool [2012.10.31 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abit [2012.10.31 16:03:50 | 000,050,688 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\AC2005DLL.dll [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\InstallShield [2012.10.31 14:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CpuIdle Extreme [2012.10.30 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) [2012.10.30 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Gameforge4d [2012.10.30 15:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\GameforgeLive [2012.10.30 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.10.30 03:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.30 02:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.10.30 01:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.10.30 01:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.10.28 16:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.10.24 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\PokerStars.EU [2012.10.24 19:56:44 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012.10.24 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2012.10.23 08:58:11 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.23 08:40:24 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\{7B8087AA-02B0-4278-9F19-9CE69FC5D6A5} [2012.10.20 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Avira [2012.10.20 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.20 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.20 16:16:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.20 16:16:10 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.20 16:16:10 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.20 16:16:10 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.11 00:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Freetec [2012.10.08 22:41:50 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\vlc [2012.10.08 11:32:20 | 000,038,256 | ---- | C] (Xeno) -- C:\Windows\System32\drivers\prio.sys [2012.10.06 02:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.06 02:45:15 | 000,000,000 | ---D | C] -- C:\DRIVERS [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 18:08:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:58:24 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 17:58:24 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 17:58:24 | 000,131,216 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 17:58:24 | 000,107,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 17:52:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.03 17:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 17:51:10 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 17:48:45 | 000,004,014 | ---- | M] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.03 17:47:01 | 000,000,020 | ---- | M] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:29:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 17:12:49 | 000,000,386 | ---- | M] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.03 17:12:04 | 000,000,032 | ---- | M] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.03 17:08:34 | 000,001,281 | ---- | M] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 15:42:18 | 001,147,932 | ---- | M] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 15:08:35 | 000,002,642 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.11.02 14:52:48 | 000,001,098 | ---- | M] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 12:59:40 | 000,444,767 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.02 03:07:03 | 000,007,622 | ---- | M] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:07:56 | 004,780,634 | ---- | M] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:54:06 | 003,245,543 | ---- | M] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:40:57 | 001,282,700 | ---- | M] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:02:07 | 000,001,040 | ---- | M] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 15:10:48 | 001,832,789 | ---- | M] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:52:44 | 000,002,791 | ---- | M] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 12:42:00 | 003,730,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.30 02:06:22 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:53 | 000,027,556 | ---- | M] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:11 | 002,743,780 | ---- | M] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.26 05:16:23 | 000,000,034 | ---- | M] () -- C:\Windows\AvastEmUpdate.ini [2012.10.24 19:56:45 | 000,001,077 | ---- | M] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:13 | 000,171,666 | ---- | M] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:58 | 000,163,051 | ---- | M] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:42:50 | 001,663,966 | ---- | M] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.20 17:15:12 | 008,944,820 | ---- | M] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.20 17:04:23 | 000,001,295 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube Download.lnk [2012.10.20 13:55:56 | 000,001,391 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) -- C:\Windows\System32\drivers\prio.sys [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 17:45:45 | 000,000,020 | ---- | C] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:12:04 | 000,000,032 | ---- | C] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.02 17:45:56 | 000,004,014 | ---- | C] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.02 15:42:03 | 001,147,932 | ---- | C] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 14:52:48 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2012.11.02 14:52:48 | 000,001,098 | ---- | C] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 13:26:33 | 000,000,386 | ---- | C] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.02 13:25:07 | 000,231,936 | ---- | C] ( ) -- C:\Users\HIlo\Desktop\BES.exe [2012.11.02 07:47:51 | 000,001,281 | ---- | C] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 03:07:03 | 000,007,622 | ---- | C] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:04:47 | 004,780,634 | ---- | C] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:22:09 | 003,245,543 | ---- | C] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:02:07 | 000,001,040 | ---- | C] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 14:18:30 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:51:49 | 000,002,791 | ---- | C] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 18:58:18 | 001,832,789 | ---- | C] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.30 13:43:41 | 001,282,700 | ---- | C] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.30 02:06:22 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:50 | 000,027,556 | ---- | C] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:03 | 002,743,780 | ---- | C] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.24 19:56:45 | 000,001,077 | ---- | C] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:12 | 000,171,666 | ---- | C] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:32 | 000,163,051 | ---- | C] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:04:40 | 001,663,966 | ---- | C] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.23 08:57:28 | 000,001,286 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012.10.23 08:56:33 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012.10.20 17:15:03 | 008,944,820 | ---- | C] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.15 15:29:22 | 1555,587,072 | -HS- | C] () -- C:\hiberfil.sys [2012.09.10 16:56:48 | 000,366,160 | ---- | C] () -- C:\Users\HIlo\IMG_0183.JPG [2012.09.10 16:56:48 | 000,294,015 | ---- | C] () -- C:\Users\HIlo\IMG_0207.JPG [2012.09.10 16:56:48 | 000,247,166 | ---- | C] () -- C:\Users\HIlo\IMG_0219.JPG [2012.09.10 16:56:48 | 000,242,912 | ---- | C] () -- C:\Users\HIlo\IMG_0156.JPG [2012.09.10 16:56:48 | 000,238,848 | ---- | C] () -- C:\Users\HIlo\IMG_0195.JPG [2012.09.10 16:56:48 | 000,219,645 | ---- | C] () -- C:\Users\HIlo\IMG_0201.JPG [2012.09.10 16:56:48 | 000,217,815 | ---- | C] () -- C:\Users\HIlo\IMG_0203.JPG [2012.09.10 16:56:48 | 000,217,283 | ---- | C] () -- C:\Users\HIlo\IMG_0220.JPG [2012.09.10 16:56:48 | 000,217,132 | ---- | C] () -- C:\Users\HIlo\IMG_0218.JPG [2012.09.10 16:56:48 | 000,214,516 | ---- | C] () -- C:\Users\HIlo\IMG_0180.JPG [2012.09.10 16:56:48 | 000,210,120 | ---- | C] () -- C:\Users\HIlo\IMG_0159.JPG [2012.09.10 16:56:48 | 000,205,347 | ---- | C] () -- C:\Users\HIlo\IMG_0181.JPG [2012.09.10 16:56:48 | 000,204,411 | ---- | C] () -- C:\Users\HIlo\IMG_0158.JPG [2012.09.10 16:56:48 | 000,203,242 | ---- | C] () -- C:\Users\HIlo\IMG_0202.JPG [2012.09.10 16:56:48 | 000,203,240 | ---- | C] () -- C:\Users\HIlo\IMG_0172.JPG [2012.09.10 16:56:48 | 000,202,540 | ---- | C] () -- C:\Users\HIlo\IMG_0200.JPG [2012.09.10 16:56:48 | 000,197,683 | ---- | C] () -- C:\Users\HIlo\IMG_0173.JPG [2012.09.10 16:56:48 | 000,192,276 | ---- | C] () -- C:\Users\HIlo\IMG_0197.JPG [2012.09.10 16:56:48 | 000,192,192 | ---- | C] () -- C:\Users\HIlo\IMG_0170.JPG [2012.09.10 16:56:48 | 000,191,185 | ---- | C] () -- C:\Users\HIlo\IMG_0164.JPG [2012.09.10 16:56:48 | 000,190,484 | ---- | C] () -- C:\Users\HIlo\IMG_0177.JPG [2012.09.10 16:56:48 | 000,190,245 | ---- | C] () -- C:\Users\HIlo\IMG_0169.JPG [2012.09.10 16:56:48 | 000,187,186 | ---- | C] () -- C:\Users\HIlo\IMG_0171.JPG [2012.09.10 16:56:48 | 000,186,537 | ---- | C] () -- C:\Users\HIlo\IMG_0178.JPG [2012.09.10 16:56:48 | 000,184,973 | ---- | C] () -- C:\Users\HIlo\IMG_0174.JPG [2012.09.10 16:56:48 | 000,178,575 | ---- | C] () -- C:\Users\HIlo\IMG_0204.JPG [2012.09.10 16:56:48 | 000,176,010 | ---- | C] () -- C:\Users\HIlo\IMG_0179.JPG [2012.09.10 16:56:48 | 000,166,273 | ---- | C] () -- C:\Users\HIlo\IMG_0206.JPG [2012.09.10 16:56:48 | 000,163,328 | ---- | C] () -- C:\Users\HIlo\IMG_0198.JPG [2012.09.10 16:56:48 | 000,157,614 | ---- | C] () -- C:\Users\HIlo\IMG_0205.JPG [2012.09.10 16:56:48 | 000,156,800 | ---- | C] () -- C:\Users\HIlo\IMG_0182.JPG [2012.09.10 16:56:48 | 000,153,109 | ---- | C] () -- C:\Users\HIlo\IMG_0167.JPG [2012.09.10 16:56:48 | 000,107,572 | ---- | C] () -- C:\Users\HIlo\IMG_0163.JPG [2012.09.10 16:56:48 | 000,097,796 | ---- | C] () -- C:\Users\HIlo\IMG_0162.JPG [2012.08.25 19:42:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.08.17 13:59:34 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini [2012.07.20 21:49:43 | 000,002,642 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.06 16:45:33 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI [2011.12.04 01:48:14 | 000,000,057 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.03 21:39:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.03 21:33:43 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.05.25 18:03:27 | 000,000,990 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.19 22:31:02 | 000,003,584 | ---- | C] () -- C:\Users\HIlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.05 16:34:37 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Weiße Edition.nds [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Schwarze Edition.nds [2011.01.05 02:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.04 22:56:21 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.04 22:56:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.04 21:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.25 08:11:32 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\.minecraft [2012.08.21 20:49:34 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ALDITALKVerbindungsassistent [2011.02.25 23:24:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Ashampoo [2012.10.30 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Audacity [2012.08.25 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Boilsoft [2011.01.04 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\CachedFiles [2011.07.30 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.10 23:44:10 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DAEMON Tools Lite [2012.10.20 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoft [2012.08.26 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\FreeFLVConverter [2012.08.26 14:51:15 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Freemium [2011.05.17 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GetRightToGo [2011.10.29 12:40:18 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Gomez [2012.01.02 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GrabPro [2012.06.20 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\HandBrake [2012.10.30 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.11.03 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\KeePass [2011.02.14 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Leadertech [2011.10.29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\LibreOffice [2012.07.14 03:24:26 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ManyCam [2012.07.20 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mirkes.de [2012.08.25 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Moyea [2011.12.11 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mp3DirectCut [2012.10.31 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.30 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Opera [2012.01.02 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Orbit [2011.11.26 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Origin [2011.12.10 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PC Suite [2011.11.06 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PhotoScape [2011.10.24 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ProgSense [2012.06.20 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Publish Providers [2012.02.05 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Samsung [2012.06.20 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Sony [2011.07.30 13:54:11 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.11 01:00:27 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\SumatraPDF [2012.01.01 13:13:05 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Teeworlds [2012.08.25 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\tiger-k [2012.03.17 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\toolplugin [2011.12.10 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\TuneUp Software [2011.01.11 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Update ========== Purity Check ========== < End of report > |
und von Gmer: GMER Logfile: Code: GMER 1.0.15.15641 - hxxp://www.gmer.net |
Hallo und :hallo: Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520 |
hier :) Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free anti-malware download Datenbank Version: v2012.11.01.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 HIlo :: HILO-PC [Administrator] Schutz: Aktiviert 02.11.2012 02:25:40 mbam-log-2012-11-02 (02-25-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367919 Laufzeit: 2 Stunde(n), 14 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Ich hab dich gebeten alles sorgfältig durchzulesen Warum hast du nicht in CODE-Tags gepostet? Bitte halte dich daran Sind das alle Logs von Malwarebytes mit Funden? |
tut mir leid , habe ich wohl übersehen was in der Klammer stand. Ja ,dass ist alles :P |
1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png |
Das Programm aswMBr hat mich nicht nach der avastdefinition gefragt. Liegt wohl daran,dass ich avast bereits installiert habe oder? Soll ich den Schritt überspringen? |
nein aswMBR bitte wie o.g. ausführen! |
Bei mir kam aber leider keine Anfrage zu dem Herunterladen der Definitionen. Die sind aber in dem Dosfenster angegeben : 12 Millionen. Ging davon aus ,er hat die von meiner Avastinstallation übernommen?! :O |
Nun mach doch einfach den Scan :( |
Habe ich bereits :D Zu morgen mache ich dann auch den 2. Teil . Danke dir soweit :P Muss ich denn unbedingt alle Programm schließen,wenn ich TDSSkiller anwende? :) okay habe es angewendet mit allen PRogrammen geschlossen :) Hier die logs: Code: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST SoftwareCode: 21:34:15.0108 4056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 |
Ist soweit ok adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
|
Code: # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:53:25 erstellt |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
|
Code: # AdwCleaner v2.007 - Datei am 10/11/2012 um 13:44:06 erstelltCode: net Explorer (Version = 9.0.8112.16421)Code: OTL Extras logfile created on: 10.11.2012 14:20:53 - Run 2 |
Ein Paar Rest die nur noch wegmüssen Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
hier :) Code: All processes killed |
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
|
Hallo :) MAlwarebytes läuft leider nicht mehr richtig bei mir. Es kommt immer ! ein Bluescreen ,sobald etwa die 6000. Datei kontrolliert wurde. Das ändert sich auch nicht,wenn ich zum vollständigen Suchlauf wechsel. Code: ESETSmartInstaller@High as downloader log: |
Probier bitte den Scan mit Malwarebytes mal im abgesicherten Modus mit Netzwerktreibern aus |
okay ,hat endlich geklappt :) Keine Infizierung gefunden. |
Log bitte trotzdem immer posten! |
hier :) Code: Malwarebytes Anti-Malware (Test) 1.65.1.1000 |
Ok, hast richtig gemacht, auch die Signaturen waren aktuell. Die Funde in ESET sind die bekannt? Hast du selbst runtergeladen... |
NEin ,sind mir nicht bekannt. Wahrscheinlich hat die mein Bruder heruntergeladen. Scheint ein Spiel zu sein |
Lösch die zwei Dateien bitte Sieht sonst soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme? |
okay , ich danke dir für deine Hilfe ! :) |
Dann wären wir durch! :abklatsch: Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:11 Uhr. |
Copyright ©2000-2025, Trojaner-Board
