|
Plagegeister aller Art und deren Bekämpfung: p95 / Trojaner / Virenprogramm machtlos?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2011, 12:32 | #1 |
| p95 / Trojaner / Virenprogramm machtlos? Guten Tag, bin auf Euer Forum gestoßen, und bin beeindruckt von der Hilfsbereitschaft und dem guten Support. Habe ein Problem, das anscheinend gerade herum geht: Firefox leitet mich auf mediashift oder p95 um, virenscanner findet teilweise etwas (F-secure) kann es aber nich nacchaltig bekämpfen. Habe mir eset und malware heruntegeladen, aber ohne durchgreifenden erfolg. Habe dann mit OTL folgende dateien gefunden: OTL logfile created on: 30.12.2011 11:04:04 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = K:\User\Lewe\Desktop\Virus Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,13% Memory free 3,98 Gb Paging File | 1,50 Gb Available in Paging File | 37,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,89 Gb Total Space | 0,84 Gb Free Space | 2,06% Space Free | Partition Type: NTFS Drive J: | 14,73 Gb Total Space | 5,16 Gb Free Space | 35,04% Space Free | Partition Type: NTFS Drive K: | 4,00 Gb Total Space | 1,63 Gb Free Space | 40,63% Space Free | Partition Type: NTFS Computer Name: LEWE-THINKPAD | User Name: Lewe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - K:\User\Lewe\Desktop\Virus\OTL.exe (OldTimer Tools) PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Lewe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET) PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Windows\System32\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - K:\cpserver.exe (CP Corporate Planning AG) PRC - C:\Programme\Hardcopy\hcdll2_ex_Win32.exe () PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) PRC - C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Greenshot\Greenshot.exe () PRC - C:\Programme\TheGreenBow\TheGreenBow VPN\vpnconf.exe (TheGreenBow) PRC - C:\Programme\TheGreenBow\TheGreenBow VPN\tgbike.exe (TheGreenBow) PRC - C:\Windows\System32\TgbStarter.exe (TheGreenBow) PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) PRC - C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Programme\Mindjet\MindManager 8\MindManager.exe (Mindjet) PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) ========== Modules (No Company Name) ========== MOD - C:\Users\Lewe\AppData\Roaming\Mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCoreGecko8.dll () MOD - C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL () MOD - C:\Windows\assembly\GAC_MSIL\Mindjet.MindManager.Interop\8.2.328.0__19247b5ea06b230f\Mindjet.MindManager.Interop.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\37f2a07f5c1341f788c5a56baa7cde59\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll () MOD - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll () MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Programme\Hardcopy\HcDllS.dll () MOD - C:\Programme\F-Secure\FSGUI\strres.eng () MOD - C:\Programme\F-Secure\FSGUI\gres.dll () MOD - C:\Programme\F-Secure\FSGUI\about.dll () MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng () MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll () MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng () MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Hardcopy\hcdll2_ex_Win32.exe () MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll () MOD - C:\Programme\DYMO\DYMO Label Software\DYMO.Common.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.DLL () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\Programme\Hardcopy\hardcopy_03.dll () MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Greenshot\Greenshot.exe () MOD - C:\Programme\Greenshot\GreenshotPlugin.dll () MOD - C:\Programme\Hardcopy\HcDLL2_30_Win32.dll () MOD - C:\Programme\Mindjet\MindManager 8\libtidyU.dll () MOD - C:\Programme\Mindjet\MindManager 8\MmSlp.dll () MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.Web.Utilities.dll () MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.UsageLog.Client.dll () MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.UsageLog.Common.dll () MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.CheckUpdate.Client.dll () MOD - C:\Programme\Mindjet\MindManager 8\csExWB.dll () MOD - C:\Programme\Mindjet\MindManager 8\PTMDataModel.dll () MOD - C:\Programme\Mindjet\MindManager 8\Mm8Browser.Logger.dll () MOD - C:\Programme\Mindjet\MindManager 8\zlib.dll () MOD - C:\Programme\Mindjet\MindManager 8\AxInterop.OfficeViewerMME.dll () MOD - C:\Programme\Mindjet\MindManager 8\PTM_German.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (FSORSPClient) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FSDFWD) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (CPServerSvc) -- K:\cpserver.exe (CP Corporate Planning AG) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (DymoPnpService) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (vmware-converter-worker) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) SRV - (vmware-converter-server) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) SRV - (vmware-converter-agent) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (TgbIke Starter) -- C:\Windows\System32\TgbStarter.exe (TheGreenBow) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (Worksheet-Server) -- C:\Program Files\Worksheet-Server\Apache\Apache.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys () DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (PCDSRVC{3037D694-FD904ACA-06020101}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (NetBT) -- C:\Windows\System32\drivers\netbt.sys () DRV - (NETwLv32) Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (ndistgb) -- C:\Windows\System32\drivers\ndistgb.sys (TheGreenBow) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (bmdrvr) -- C:\Windows\System32\drivers\bmdrvr.sys (VMware, Inc.) DRV - (vstor2-mntapi10-shared) Vstor2 MntApi 1.0 Driver (shared) -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys (VMware, Inc.) DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011.12.08 08:23:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 14:46:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 12:31:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.02 19:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions [2011.03.30 15:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.02 19:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2011.12.28 09:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions [2011.04.21 22:38:27 | 000,000,000 | ---D | M] ("freecycleedinburgh") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67} [2011.12.06 08:45:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.04.21 22:38:27 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2) [2011.11.29 07:15:46 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.04.21 22:38:29 | 000,000,000 | ---D | M] (Mouseless Browsing) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{c0bcf963-624b-47fe-aa78-8cc02434cf32}(2) [2011.04.21 22:38:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2011.04.21 22:38:25 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\artur.dubovoy@gmail(2).com [2011.04.21 22:38:26 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\fb_add_on@avm(2).de [2011.11.17 06:47:09 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\fb_add_on@avm.de [2011.04.21 22:38:27 | 000,000,000 | ---D | M] (Gutscheinwurst.de) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\mail@gutscheinwurst(2).de [2011.04.21 22:38:27 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\SkipScreen@SkipScreen(2) [2011.04.21 22:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}\components\lib\classes\edu\mit\simile\javaFirefoxExtension [2011.11.10 08:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.10 08:28:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.08.21 09:36:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011.11.09 14:46:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.11 10:27:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.11 10:27:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 10:27:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.11 10:27:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 10:27:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 10:27:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" File not found O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TgbVpn] C:\Program Files\TheGreenBow\TheGreenBow VPN\vpnconf.exe (TheGreenBow) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) O4 - HKCU..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe () O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lewe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk = C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08947DE4-C972-405B-AA40-7023E8834622}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{092D8DB7-745F-4DA9-B8B6-B769CFB79FA0}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E95763C-C31A-4ACC-88AD-42A0EDD2B2AF}: NameServer = 10.95.72.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\Corporate Planning\Corporate Planner Client\QvProtocol\Qvp.dll (QlikTech AB) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Lewe\AppData\Local\a31b038c\X) - File not found O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7a3ed97c-6ab9-11e0-a42a-0016ceec3ff1}\Shell - "" = AutoRun O33 - MountPoints2\{7a3ed97c-6ab9-11e0-a42a-0016ceec3ff1}\Shell\AutoRun\command - "" = D:\Install.exe O33 - MountPoints2\{96f6f50e-6a58-11e0-847f-0016ceec3ff1}\Shell - "" = AutoRun O33 - MountPoints2\{96f6f50e-6a58-11e0-847f-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c07b8b83-86a3-11e0-831b-0016ceec3ff1}\Shell - "" = AutoRun O33 - MountPoints2\{c07b8b83-86a3-11e0-831b-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup.exe -a O33 - MountPoints2\{da31a4db-a157-11e0-a768-0016ceec3ff1}\Shell - "" = AutoRun O33 - MountPoints2\{da31a4db-a157-11e0-a768-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.12.30 11:02:43 | 000,000,000 | ---D | C] -- K:\User\Lewe\Desktop\Virus [2011.12.30 11:00:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.12.30 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\F-Secure [2011.12.29 08:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Deutsch) [2011.12.29 07:47:49 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} [2011.12.29 07:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2011.12.29 07:45:56 | 001,629,584 | ---- | C] (Microsoft Corporation) -- K:\User\Lewe\Desktop\X16-42929_VYYJW-BTP6H-86J88-9KF33-Q664M.exe [2011.12.29 07:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.29 07:05:41 | 002,322,184 | ---- | C] (ESET) -- K:\User\Lewe\Desktop\esetsmartinstaller_enu.exe [2011.12.28 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Malwarebytes [2011.12.28 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.28 12:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.28 12:49:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.28 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.28 12:48:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- K:\User\Lewe\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.27 12:12:27 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.12.27 12:08:30 | 000,000,000 | -HSD | C] -- C:\Users\Lewe\AppData\Local\a31b038c [2011.12.23 12:25:08 | 000,000,000 | ---D | C] -- J:\Dropbox\cdex_151 [2011.12.23 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Canneverbe Limited [2011.12.23 11:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.12.23 11:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2011.12.23 11:29:21 | 005,274,776 | ---- | C] (Canneverbe Limited ) -- K:\User\Lewe\Desktop\cdbxp_setup_4.4.0.2838.exe [2011.12.21 19:19:45 | 000,000,000 | ---D | C] -- J:\Dropbox\Audible [2011.12.21 19:15:42 | 001,672,880 | ---- | C] (Audible, Inc.) -- K:\User\Lewe\Desktop\AudibleDM_iTunesSetup.exe [2011.12.19 20:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapCreator 2 [2011.12.19 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\MapCreator 2 [2011.12.15 21:07:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.15 21:07:24 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.15 21:07:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.15 21:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.15 21:07:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.15 21:07:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.15 09:09:44 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.15 09:09:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.15 09:08:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.15 09:08:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.15 09:08:06 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.15 09:08:04 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.13 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Blender Foundation [2011.12.13 10:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.12.13 10:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2011.12.13 09:50:58 | 040,531,920 | ---- | C] (Google Inc.) -- K:\User\Lewe\Desktop\GoogleSketchUpWDE.exe [2011.12.02 13:28:08 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\Sanford,_L.P [2011.12.02 13:27:48 | 000,000,000 | ---D | C] -- J:\Dropbox\DYMO Label [2011.12.02 13:23:36 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.12.02 13:23:36 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.12.02 13:23:36 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.12.02 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\Deployment [2011.12.02 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\DYMO [2011.12.02 13:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO [2011.12.02 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO [2011.12.02 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.12.30 11:00:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.12.30 10:42:31 | 000,020,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 10:42:31 | 000,020,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 10:41:59 | 000,665,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 10:41:59 | 000,626,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 10:41:59 | 000,134,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.30 10:41:59 | 000,110,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 10:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.30 10:34:23 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 10:30:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255917087-2592569806-2514691914-1001UA.job [2011.12.30 09:30:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255917087-2592569806-2514691914-1001Core.job [2011.12.30 00:16:48 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2011.12.29 18:19:32 | 247,838,990 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.29 14:02:35 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.12.29 07:54:51 | 001,629,584 | ---- | M] (Microsoft Corporation) -- K:\User\Lewe\Desktop\X16-42929_VYYJW-BTP6H-86J88-9KF33-Q664M.exe [2011.12.29 07:50:33 | 000,007,589 | ---- | M] () -- C:\Users\Lewe\AppData\Local\Resmon.ResmonCfg [2011.12.29 07:09:59 | 000,000,111 | ---- | M] () -- K:\User\Lewe\Desktop\hr3_2.m3u [2011.12.29 07:05:42 | 002,322,184 | ---- | M] (ESET) -- K:\User\Lewe\Desktop\esetsmartinstaller_enu.exe [2011.12.29 06:30:51 | 000,000,999 | ---- | M] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.28 12:50:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 12:48:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- K:\User\Lewe\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.23 11:31:19 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.12.23 11:29:28 | 005,274,776 | ---- | M] (Canneverbe Limited ) -- K:\User\Lewe\Desktop\cdbxp_setup_4.4.0.2838.exe [2011.12.21 19:19:48 | 000,002,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011.12.21 19:15:55 | 001,672,880 | ---- | M] (Audible, Inc.) -- K:\User\Lewe\Desktop\AudibleDM_iTunesSetup.exe [2011.12.21 19:02:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.12.21 19:02:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.12.21 10:16:35 | 000,360,873 | ---- | M] () -- K:\User\Lewe\Desktop\einhorn.pdf [2011.12.21 10:13:16 | 000,365,238 | ---- | M] () -- K:\User\Lewe\Desktop\SR-5.pdf [2011.12.21 08:19:31 | 000,016,472 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-25.png [2011.12.21 08:19:14 | 000,013,322 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-06.png [2011.12.21 08:17:34 | 000,018,300 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-17-26.png [2011.12.20 10:16:20 | 003,978,639 | ---- | M] () -- K:\User\Lewe\Desktop\katalog.pdf [2011.12.20 00:14:44 | 000,187,302 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a.jpg [2011.12.20 00:14:33 | 000,446,711 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-3.jpg [2011.12.20 00:06:40 | 000,334,150 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-2.jpg [2011.12.19 23:56:12 | 000,325,291 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-1.jpg [2011.12.19 22:58:06 | 002,055,276 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a.MCR [2011.12.19 20:57:39 | 001,686,425 | ---- | M] () -- C:\Windows\MapCreator 2 Uninstaller.exe [2011.12.19 20:57:38 | 000,000,887 | ---- | M] () -- K:\User\Lewe\Desktop\MapCreator 2.lnk [2011.12.19 20:34:10 | 108,105,430 | ---- | M] () -- K:\User\Lewe\Desktop\MapCreator2-Setup.exe [2011.12.19 19:20:45 | 000,585,144 | ---- | M] () -- K:\User\Lewe\Desktop\CaseStudy_Asklepios_2009.pdf [2011.12.19 18:49:27 | 000,053,020 | ---- | M] () -- K:\User\Lewe\Desktop\Ergebnisliste-November-2011.pdf [2011.12.19 10:38:23 | 000,735,562 | ---- | M] () -- K:\User\Lewe\Desktop\gtue-reifen-info.pdf [2011.12.19 10:27:48 | 000,013,349 | ---- | M] () -- K:\User\Lewe\Desktop\Komplettrad.pdf [2011.12.19 10:26:15 | 000,081,648 | ---- | M] () -- K:\User\Lewe\Desktop\Winter2009.pdf [2011.12.16 08:56:33 | 000,001,053 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2011.12.15 22:15:39 | 000,432,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.15 17:39:45 | 003,019,560 | ---- | M] () -- K:\User\Lewe\Desktop\img001.pdf [2011.12.15 14:33:36 | 000,148,521 | ---- | M] () -- K:\User\Lewe\Desktop\GEDC3105.JPG [2011.12.14 13:33:52 | 000,002,293 | ---- | M] () -- K:\User\Lewe\Desktop\Google Chrome.lnk [2011.12.14 12:02:38 | 000,177,773 | ---- | M] () -- K:\User\Lewe\Desktop\Jahresprogramm_2011-2012_2_pdf.pdf [2011.12.14 08:08:39 | 000,231,086 | ---- | M] () -- K:\User\Lewe\Desktop\SKrP Leistungskatalog.pdf [2011.12.13 18:12:05 | 000,079,040 | ---- | M] () -- J:\Dropbox\Unbenannt2.skp [2011.12.13 15:51:48 | 000,072,071 | ---- | M] () -- J:\Dropbox\Unbenannt2.skb [2011.12.13 14:27:18 | 000,022,142 | ---- | M] () -- J:\Dropbox\test 1.skp [2011.12.13 13:02:38 | 005,016,586 | ---- | M] () -- K:\User\Lewe\Desktop\evplint.pdf [2011.12.13 12:59:23 | 000,110,599 | ---- | M] () -- K:\User\Lewe\Desktop\EV_10.pdf [2011.12.13 12:52:05 | 000,087,794 | ---- | M] () -- K:\User\Lewe\Desktop\EV_09.pdf [2011.12.13 12:51:45 | 000,071,581 | ---- | M] () -- K:\User\Lewe\Desktop\EV_03.pdf [2011.12.13 12:48:57 | 000,238,829 | ---- | M] () -- K:\User\Lewe\Desktop\EV_04.pdf [2011.12.13 12:32:11 | 004,061,544 | ---- | M] () -- K:\User\Lewe\Desktop\book.pdf [2011.12.13 12:22:57 | 000,116,377 | ---- | M] () -- K:\User\Lewe\Desktop\holzherbst_eichen_kantholz.pdf [2011.12.13 12:09:01 | 001,266,126 | ---- | M] () -- K:\User\Lewe\Desktop\66868_VO.pdf [2011.12.13 12:08:56 | 000,745,980 | ---- | M] () -- K:\User\Lewe\Desktop\66868_1.pdf [2011.12.13 10:08:53 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2011.12.13 09:52:46 | 040,531,920 | ---- | M] (Google Inc.) -- K:\User\Lewe\Desktop\GoogleSketchUpWDE.exe [2011.12.13 09:52:46 | 023,842,310 | ---- | M] () -- K:\User\Lewe\Desktop\blender-2.60a-release-windows32.exe [2011.12.13 08:26:46 | 017,022,155 | ---- | M] () -- K:\User\Lewe\Desktop\Katalog_2011.pdf [2011.12.12 18:50:35 | 001,090,374 | ---- | M] () -- K:\User\Lewe\Desktop\AT-ORDERFORM-MGM.pdf [2011.12.12 18:43:45 | 001,077,233 | ---- | M] () -- K:\User\Lewe\Desktop\GER-ORDERFORM-MGM.pdf [2011.12.12 16:02:16 | 002,980,631 | ---- | M] () -- K:\User\Lewe\Desktop\qVaGgmCwdvaS01_fuEuyleg8JYYzpAda.pdf [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.09 10:30:18 | 000,030,340 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_10_22.pdf [2011.12.09 10:28:09 | 000,030,963 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_09_22.pdf [2011.12.09 10:27:36 | 000,033,674 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_08_20.pdf [2011.12.09 10:27:20 | 000,034,323 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_07_22.pdf [2011.12.09 10:27:01 | 000,034,441 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_06_22.pdf [2011.12.09 10:26:40 | 000,034,338 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_05_21.pdf [2011.12.09 10:26:23 | 000,037,014 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_04_22.pdf [2011.12.09 10:25:39 | 000,036,932 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_03_22.pdf [2011.12.09 10:25:18 | 000,034,851 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_02_22.pdf [2011.12.09 10:25:03 | 000,034,457 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_01_22.pdf [2011.12.09 10:24:05 | 000,033,192 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx9084_per_2010_11_22.pdf [2011.12.09 10:23:05 | 000,033,278 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_11_22.pdf [2011.12.09 10:20:36 | 000,033,159 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_12_22.pdf [2011.12.09 10:16:16 | 000,122,522 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_005_per_2010_04_06.pdf [2011.12.09 10:15:56 | 000,104,855 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_009_per_2010_07_02.pdf [2011.12.09 10:15:34 | 000,128,940 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_012_per_2010_10_05.pdf [2011.12.09 10:13:02 | 000,015,579 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_015_per_2011_01_05.pdf [2011.12.09 10:10:12 | 000,077,431 | ---- | M] () -- K:\User\Lewe\Desktop\00017458_00174474_20101231.pdf [2011.12.09 09:49:29 | 000,015,167 | ---- | M] () -- K:\User\Lewe\Desktop\Zwangsauszug_8000030474__Nr.001_vom_01.01.2011_20111209094926.pdf [2011.12.09 09:44:32 | 000,002,162 | ---- | M] () -- K:\User\Lewe\Desktop\Bank [2011.12.08 22:13:15 | 000,057,526 | ---- | M] () -- K:\User\Lewe\Desktop\12276000003224486.pdf [2011.12.08 22:13:08 | 000,057,526 | ---- | M] () -- K:\User\Lewe\Desktop\12276000002793274.pdf [2011.12.08 22:13:04 | 000,047,980 | ---- | M] () -- K:\User\Lewe\Desktop\12276000001917909.pdf [2011.12.08 22:12:51 | 000,047,980 | ---- | M] () -- K:\User\Lewe\Desktop\12276000002364807.pdf [2011.12.08 19:01:17 | 000,029,123 | ---- | M] () -- K:\User\Lewe\Desktop\Handelsregister - Hamburger Abendblatt - Mozilla Firefox_2011-12-08_19-01-03.png [2011.12.08 18:30:40 | 000,382,134 | ---- | M] () -- K:\User\Lewe\Desktop\Hamburg1.pdf [2011.12.08 18:29:45 | 000,382,728 | ---- | M] () -- K:\User\Lewe\Desktop\Hamburg.pdf [2011.12.08 17:02:40 | 000,465,041 | ---- | M] () -- K:\User\Lewe\Desktop\BZ.pdf [2011.12.08 13:28:45 | 006,082,285 | ---- | M] () -- K:\User\Lewe\Desktop\ew_h_to_h.pdf [2011.12.08 13:28:37 | 000,868,215 | ---- | M] () -- K:\User\Lewe\Desktop\ew_prod_ueberblick.pdf [2011.12.08 10:31:14 | 000,141,036 | ---- | M] () -- K:\User\Lewe\Desktop\nachtraeglieche-portierung-mobil.pdf [2011.12.08 09:04:35 | 000,850,668 | ---- | M] () -- K:\User\Lewe\Desktop\easy pieces bruehl - Google-Suche - Mozilla Firefox_2011-12-08_09-04-28.png [2011.12.08 09:03:02 | 000,214,988 | ---- | M] () -- K:\User\Lewe\Desktop\Viereckiges Sofa bei Brühl - News - [SCHÖNER WOHNEN].pdf [2011.12.07 14:07:20 | 000,008,447 | ---- | M] () -- K:\User\Lewe\Desktop\Jahresplaner_2012.pdf [2011.12.07 13:40:06 | 000,141,018 | ---- | M] () -- K:\User\Lewe\Desktop\Xoom2-Ipad2.pdf [2011.12.07 13:12:23 | 000,208,792 | ---- | M] () -- K:\User\Lewe\Desktop\[Video] Motorola XOOM 2 & XOOM 2 „Media Edition“ im offiziellen Teaser - AndroidPIT.pdf [2011.12.07 12:59:33 | 000,179,108 | ---- | M] () -- K:\User\Lewe\Desktop\2011-12-07_cks-37mm-offset.pdf [2011.12.07 12:05:56 | 000,301,883 | ---- | M] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Test-Überblick & Tablet Vergleich - Test Portal.pdf [2011.12.07 11:45:52 | 000,167,816 | ---- | M] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Media Edition 8.2 inch 16GB Andriod Tablet (Wi-Fi Version) Amaz_2011-12-07_11-45-42.png [2011.12.07 11:17:51 | 000,133,540 | ---- | M] () -- K:\User\Lewe\Desktop\02.12.11_12.41_Telefax.02118549066.pdf [2011.12.06 16:54:42 | 000,072,548 | ---- | M] () -- K:\User\Lewe\Desktop\Mozilla Firefox_2011-12-06_16-54-32.png [2011.12.06 16:53:21 | 000,161,435 | ---- | M] () -- K:\User\Lewe\Desktop\World of Pins - Mozilla Firefox_2011-12-06_16-53-08.png [2011.12.06 12:59:33 | 000,152,308 | ---- | M] () -- K:\User\Lewe\Desktop\Verteilungsschlüssel.pdf [2011.12.06 12:56:35 | 000,267,087 | ---- | M] () -- K:\User\Lewe\Desktop\Unbenannt.pdf [2011.12.06 09:51:39 | 000,379,618 | ---- | M] () -- K:\User\Lewe\Desktop\Wash the world.pdf [2011.12.02 15:51:43 | 000,339,088 | ---- | M] () -- K:\User\Lewe\Desktop\25.pdf [2011.12.02 15:44:25 | 000,202,664 | ---- | M] () -- K:\User\Lewe\Desktop\invoice 11233.pdf [2011.12.02 15:44:17 | 000,201,584 | ---- | M] () -- K:\User\Lewe\Desktop\invoice 11234.pdf [2011.12.02 13:25:01 | 000,001,205 | ---- | M] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk [2011.12.02 13:23:25 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.12.02 13:23:24 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.12.02 13:13:52 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk [2011.12.02 11:42:51 | 000,221,372 | ---- | M] () -- K:\User\Lewe\Desktop\vfl rathenow blau.jpeg [2011.12.02 08:02:19 | 000,148,494 | ---- | M] () -- K:\User\Lewe\Desktop\Sales A-09-11-2011.pdf [2011.11.30 16:03:01 | 000,247,224 | ---- | M] () -- K:\User\Lewe\Desktop\Tiffany & Co. Browse Charms United States - Mozilla Firefox_2011-11-30_16-02-52.png [2011.11.30 11:42:11 | 000,358,269 | ---- | M] () -- K:\User\Lewe\Desktop\Schneeflocke.pdf ========== Files Created - No Company Name ========== [2011.12.29 18:19:32 | 247,838,990 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.12.29 07:09:57 | 000,000,111 | ---- | C] () -- K:\User\Lewe\Desktop\hr3_2.m3u [2011.12.28 12:50:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 12:31:57 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job [2011.12.23 11:31:19 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.12.23 11:31:18 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.12.21 19:19:48 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011.12.21 16:22:09 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.12.21 10:16:34 | 000,360,873 | ---- | C] () -- K:\User\Lewe\Desktop\einhorn.pdf [2011.12.21 10:13:15 | 000,365,238 | ---- | C] () -- K:\User\Lewe\Desktop\SR-5.pdf [2011.12.21 08:19:31 | 000,016,472 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-25.png [2011.12.21 08:19:14 | 000,013,322 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-06.png [2011.12.21 08:17:34 | 000,018,300 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-17-26.png [2011.12.20 10:16:12 | 003,978,639 | ---- | C] () -- K:\User\Lewe\Desktop\katalog.pdf [2011.12.20 00:14:44 | 000,187,302 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a.jpg [2011.12.20 00:14:33 | 000,446,711 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-3.jpg [2011.12.20 00:06:40 | 000,334,150 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-2.jpg [2011.12.19 23:56:12 | 000,325,291 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-1.jpg [2011.12.19 22:58:06 | 002,055,276 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a.MCR [2011.12.19 20:57:38 | 000,000,887 | ---- | C] () -- K:\User\Lewe\Desktop\MapCreator 2.lnk [2011.12.19 20:57:37 | 001,686,425 | ---- | C] () -- C:\Windows\MapCreator 2 Uninstaller.exe [2011.12.19 20:21:31 | 108,105,430 | ---- | C] () -- K:\User\Lewe\Desktop\MapCreator2-Setup.exe [2011.12.19 19:20:41 | 000,585,144 | ---- | C] () -- K:\User\Lewe\Desktop\CaseStudy_Asklepios_2009.pdf [2011.12.19 18:49:23 | 000,053,020 | ---- | C] () -- K:\User\Lewe\Desktop\Ergebnisliste-November-2011.pdf [2011.12.19 10:38:17 | 000,735,562 | ---- | C] () -- K:\User\Lewe\Desktop\gtue-reifen-info.pdf [2011.12.19 10:27:46 | 000,013,349 | ---- | C] () -- K:\User\Lewe\Desktop\Komplettrad.pdf [2011.12.19 10:26:11 | 000,081,648 | ---- | C] () -- K:\User\Lewe\Desktop\Winter2009.pdf [2011.12.15 17:39:11 | 003,019,560 | ---- | C] () -- K:\User\Lewe\Desktop\img001.pdf [2011.12.15 14:33:36 | 000,148,521 | ---- | C] () -- K:\User\Lewe\Desktop\GEDC3105.JPG [2011.12.14 12:02:36 | 000,177,773 | ---- | C] () -- K:\User\Lewe\Desktop\Jahresprogramm_2011-2012_2_pdf.pdf [2011.12.14 08:08:38 | 000,231,086 | ---- | C] () -- K:\User\Lewe\Desktop\SKrP Leistungskatalog.pdf [2011.12.13 15:33:09 | 000,072,071 | ---- | C] () -- J:\Dropbox\Unbenannt2.skb [2011.12.13 15:12:36 | 000,079,040 | ---- | C] () -- J:\Dropbox\Unbenannt2.skp [2011.12.13 14:27:17 | 000,022,142 | ---- | C] () -- J:\Dropbox\test 1.skp [2011.12.13 13:00:42 | 005,016,586 | ---- | C] () -- K:\User\Lewe\Desktop\evplint.pdf [2011.12.13 12:59:21 | 000,110,599 | ---- | C] () -- K:\User\Lewe\Desktop\EV_10.pdf [2011.12.13 12:52:02 | 000,087,794 | ---- | C] () -- K:\User\Lewe\Desktop\EV_09.pdf [2011.12.13 12:51:44 | 000,071,581 | ---- | C] () -- K:\User\Lewe\Desktop\EV_03.pdf [2011.12.13 12:48:51 | 000,238,829 | ---- | C] () -- K:\User\Lewe\Desktop\EV_04.pdf [2011.12.13 12:31:53 | 004,061,544 | ---- | C] () -- K:\User\Lewe\Desktop\book.pdf [2011.12.13 12:22:54 | 000,116,377 | ---- | C] () -- K:\User\Lewe\Desktop\holzherbst_eichen_kantholz.pdf [2011.12.13 12:08:59 | 001,266,126 | ---- | C] () -- K:\User\Lewe\Desktop\66868_VO.pdf [2011.12.13 12:08:53 | 000,745,980 | ---- | C] () -- K:\User\Lewe\Desktop\66868_1.pdf [2011.12.13 10:08:53 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2011.12.13 09:51:29 | 023,842,310 | ---- | C] () -- K:\User\Lewe\Desktop\blender-2.60a-release-windows32.exe [2011.12.13 08:26:12 | 017,022,155 | ---- | C] () -- K:\User\Lewe\Desktop\Katalog_2011.pdf [2011.12.12 18:50:29 | 001,090,374 | ---- | C] () -- K:\User\Lewe\Desktop\AT-ORDERFORM-MGM.pdf [2011.12.12 18:43:39 | 001,077,233 | ---- | C] () -- K:\User\Lewe\Desktop\GER-ORDERFORM-MGM.pdf [2011.12.12 16:02:05 | 002,980,631 | ---- | C] () -- K:\User\Lewe\Desktop\qVaGgmCwdvaS01_fuEuyleg8JYYzpAda.pdf [2011.12.09 10:30:16 | 000,030,340 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_10_22.pdf [2011.12.09 10:28:08 | 000,030,963 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_09_22.pdf [2011.12.09 10:27:35 | 000,033,674 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_08_20.pdf [2011.12.09 10:27:18 | 000,034,323 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_07_22.pdf [2011.12.09 10:27:00 | 000,034,441 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_06_22.pdf [2011.12.09 10:26:40 | 000,034,338 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_05_21.pdf [2011.12.09 10:25:52 | 000,037,014 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_04_22.pdf [2011.12.09 10:25:38 | 000,036,932 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_03_22.pdf [2011.12.09 10:25:17 | 000,034,851 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_02_22.pdf [2011.12.09 10:25:02 | 000,034,457 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_01_22.pdf [2011.12.09 10:24:05 | 000,033,192 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx9084_per_2010_11_22.pdf [2011.12.09 10:23:02 | 000,033,278 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_11_22.pdf [2011.12.09 10:20:33 | 000,033,159 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_12_22.pdf [2011.12.09 10:16:15 | 000,122,522 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_005_per_2010_04_06.pdf [2011.12.09 10:15:55 | 000,104,855 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_009_per_2010_07_02.pdf [2011.12.09 10:15:33 | 000,128,940 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_012_per_2010_10_05.pdf [2011.12.09 10:13:01 | 000,015,579 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_015_per_2011_01_05.pdf [2011.12.09 10:10:08 | 000,077,431 | ---- | C] () -- K:\User\Lewe\Desktop\00017458_00174474_20101231.pdf [2011.12.09 09:49:28 | 000,015,167 | ---- | C] () -- K:\User\Lewe\Desktop\Zwangsauszug_8000030474__Nr.001_vom_01.01.2011_20111209094926.pdf [2011.12.09 09:44:30 | 000,002,162 | ---- | C] () -- K:\User\Lewe\Desktop\Bank [2011.12.08 22:13:14 | 000,057,526 | ---- | C] () -- K:\User\Lewe\Desktop\12276000003224486.pdf [2011.12.08 22:13:07 | 000,057,526 | ---- | C] () -- K:\User\Lewe\Desktop\12276000002793274.pdf [2011.12.08 22:13:02 | 000,047,980 | ---- | C] () -- K:\User\Lewe\Desktop\12276000001917909.pdf [2011.12.08 22:12:48 | 000,047,980 | ---- | C] () -- K:\User\Lewe\Desktop\12276000002364807.pdf [2011.12.08 19:01:17 | 000,029,123 | ---- | C] () -- K:\User\Lewe\Desktop\Handelsregister - Hamburger Abendblatt - Mozilla Firefox_2011-12-08_19-01-03.png [2011.12.08 18:30:40 | 000,382,134 | ---- | C] () -- K:\User\Lewe\Desktop\Hamburg1.pdf [2011.12.08 18:29:45 | 000,382,728 | ---- | C] () -- K:\User\Lewe\Desktop\Hamburg.pdf [2011.12.08 17:02:40 | 000,465,041 | ---- | C] () -- K:\User\Lewe\Desktop\BZ.pdf [2011.12.08 13:28:33 | 000,868,215 | ---- | C] () -- K:\User\Lewe\Desktop\ew_prod_ueberblick.pdf [2011.12.08 13:28:27 | 006,082,285 | ---- | C] () -- K:\User\Lewe\Desktop\ew_h_to_h.pdf [2011.12.08 10:31:11 | 000,141,036 | ---- | C] () -- K:\User\Lewe\Desktop\nachtraeglieche-portierung-mobil.pdf [2011.12.08 09:04:35 | 000,850,668 | ---- | C] () -- K:\User\Lewe\Desktop\easy pieces bruehl - Google-Suche - Mozilla Firefox_2011-12-08_09-04-28.png [2011.12.08 09:03:02 | 000,214,988 | ---- | C] () -- K:\User\Lewe\Desktop\Viereckiges Sofa bei Brühl - News - [SCHÖNER WOHNEN].pdf [2011.12.07 14:07:19 | 000,008,447 | ---- | C] () -- K:\User\Lewe\Desktop\Jahresplaner_2012.pdf [2011.12.07 13:40:05 | 000,141,018 | ---- | C] () -- K:\User\Lewe\Desktop\Xoom2-Ipad2.pdf [2011.12.07 13:12:12 | 000,208,792 | ---- | C] () -- K:\User\Lewe\Desktop\[Video] Motorola XOOM 2 & XOOM 2 „Media Edition“ im offiziellen Teaser - AndroidPIT.pdf [2011.12.07 12:59:33 | 000,179,108 | ---- | C] () -- K:\User\Lewe\Desktop\2011-12-07_cks-37mm-offset.pdf [2011.12.07 12:03:08 | 000,301,883 | ---- | C] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Test-Überblick & Tablet Vergleich - Test Portal.pdf [2011.12.07 11:45:52 | 000,167,816 | ---- | C] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Media Edition 8.2 inch 16GB Andriod Tablet (Wi-Fi Version) Amaz_2011-12-07_11-45-42.png [2011.12.07 11:17:48 | 000,133,540 | ---- | C] () -- K:\User\Lewe\Desktop\02.12.11_12.41_Telefax.02118549066.pdf [2011.12.06 16:54:42 | 000,072,548 | ---- | C] () -- K:\User\Lewe\Desktop\Mozilla Firefox_2011-12-06_16-54-32.png [2011.12.06 16:53:21 | 000,161,435 | ---- | C] () -- K:\User\Lewe\Desktop\World of Pins - Mozilla Firefox_2011-12-06_16-53-08.png [2011.12.06 12:57:32 | 000,152,308 | ---- | C] () -- K:\User\Lewe\Desktop\Verteilungsschlüssel.pdf [2011.12.06 12:56:26 | 000,267,087 | ---- | C] () -- K:\User\Lewe\Desktop\Unbenannt.pdf [2011.12.06 09:51:39 | 000,379,618 | ---- | C] () -- K:\User\Lewe\Desktop\Wash the world.pdf [2011.12.02 15:51:43 | 000,339,088 | ---- | C] () -- K:\User\Lewe\Desktop\25.pdf [2011.12.02 15:44:25 | 000,202,664 | ---- | C] () -- K:\User\Lewe\Desktop\invoice 11233.pdf [2011.12.02 15:44:16 | 000,201,584 | ---- | C] () -- K:\User\Lewe\Desktop\invoice 11234.pdf [2011.12.02 13:25:01 | 000,001,205 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk [2011.12.02 13:13:52 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk [2011.12.02 11:42:49 | 000,221,372 | ---- | C] () -- K:\User\Lewe\Desktop\vfl rathenow blau.jpeg [2011.12.02 08:02:10 | 000,148,494 | ---- | C] () -- K:\User\Lewe\Desktop\Sales A-09-11-2011.pdf [2011.11.30 16:03:01 | 000,247,224 | ---- | C] () -- K:\User\Lewe\Desktop\Tiffany & Co. Browse Charms United States - Mozilla Firefox_2011-11-30_16-02-52.png [2011.11.30 11:42:11 | 000,358,269 | ---- | C] () -- K:\User\Lewe\Desktop\Schneeflocke.pdf [2011.09.20 14:43:52 | 000,696,277 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\unins000.exe [2011.09.20 14:43:52 | 000,001,287 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\unins000.dat [2011.07.17 10:25:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.06.22 06:53:13 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys [2011.06.22 06:51:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.18 20:56:32 | 000,026,440 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.04.12 08:02:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.01 19:08:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.01 14:38:36 | 000,007,589 | ---- | C] () -- C:\Users\Lewe\AppData\Local\Resmon.ResmonCfg [2011.04.01 14:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.30 15:38:41 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.03.30 15:38:40 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.03.30 15:38:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.03.30 15:38:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.03.30 15:38:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.03.30 15:13:47 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.03.30 07:49:17 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2011.03.30 02:14:42 | 000,665,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.03.30 02:14:42 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.03.30 02:14:42 | 000,134,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.03.30 02:14:42 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,432,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,626,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Files - Unicode (All) ========== [2011.08.11 14:32:36 | 000,000,285 | ---- | M] ()(K:\User\Lewe\Desktop\?) -- K:\User\Lewe\Desktop\� [2011.08.11 14:32:36 | 000,000,285 | ---- | C] ()(K:\User\Lewe\Desktop\?) -- K:\User\Lewe\Desktop\� [2011.07.21 14:25:04 | 001,055,738 | ---- | M] ()(K:\User\Lewe\Desktop\po_3422_artwork-???.pdf) -- K:\User\Lewe\Desktop\po_3422_artwork-工厂图.pdf [2011.07.21 14:25:04 | 001,055,738 | ---- | C] ()(K:\User\Lewe\Desktop\po_3422_artwork-???.pdf) -- K:\User\Lewe\Desktop\po_3422_artwork-工厂图.pdf < End of report > OTL Extras logfile created on: 30.12.2011 11:04:04 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = K:\User\Lewe\Desktop\Virus Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,13% Memory free 3,98 Gb Paging File | 1,50 Gb Available in Paging File | 37,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,89 Gb Total Space | 0,84 Gb Free Space | 2,06% Space Free | Partition Type: NTFS Drive J: | 14,73 Gb Total Space | 5,16 Gb Free Space | 35,04% Space Free | Partition Type: NTFS Drive K: | 4,00 Gb Total Space | 1,63 Gb Free Space | 40,63% Space Free | Partition Type: NTFS Computer Name: LEWE-THINKPAD | User Name: Lewe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor "{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7 "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26685F4A-E6B6-4EA6-B8C5-130AC6B2A288}" = Corporate Planner "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software "{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3 "{2EB44B16-05EF-42FD-9300-A85CDEF60864}" = Free Word Excel Password Wizard "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{408CD2E8-3977-449B-8102-76F158D4885F}" = Oracle VM VirtualBox 4.0.4 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center "{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang "{5E16A144-5526-467F-9D8B-77F449E50F63}" = CP-Server "{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8 "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6FC019C3-5B20-4CA4-93D9-B2187E36D862}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C9DA1BC-CDE6-458F-AE11-7124E881EF23}" = FileMaker Pro 9 Advanced "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{96212FB2-1E4D-4AAB-90CB-9AC31B946324}" = VMware vCenter Converter Standalone "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B991B020-2968-11D8-AF23-444553540000}_is1" = FreeMind "{BB828C7B-44A6-4A83-A96E-EF80B8680B8D}" = EpsonNet SetupManager "{BF4DF3F7-5350-4F71-A656-F73E95D82E5F}" = Mindjet MindManager 8 "{C3EC469F-6296-42BF-B282-2EA2C6B80B06}" = BDE "{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE "{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2 "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{E20B2BBD-28B8-4378-97AD-C30F40ED13D2}" = Motorola Software Update "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) "3309-7404-0599-8908" = yEd Graph Editor 3.7.0.2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Alf-BanCo4_is1" = ALF-BanCo 4 "Allway Sync_is1" = Allway Sync version 11.2.2 "BDE" = BDE "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1 "Blender" = Blender "Buchungs Plugin_is1" = Re/3 Import-Plugin 3.5 "CCleaner" = CCleaner "CSV-Import_is1" = CSV-Import 3.9 "DYMO Label v.8" = DYMO Label v.8 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition "EasyCash&Tax_is1" = EasyCash&Tax 1.52 "EasyRide&Tax_is1" = EasyRide&Tax 1.3 "ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.4 "ECTPlugJavaScriptJournal_is1" = ECTPlugJavaScriptJournal 1.03 "ECTPlugWolframsJournal_is1" = ECTPlugWolframsJournal 1.03 "Elster-Export Plugin für EasyCash&Tax_is1" = Elster-Export 1.9 "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "ESET Online Scanner" = ESET Online Scanner v3 "Foxit Reader" = Foxit Reader "Free Download Manager_is1" = Free Download Manager 3.0 "F-Secure Product 444" = F-Secure Internet Security 2011 "Google Desktop" = Google Desktop "Greenshot_is1" = Greenshot "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "HDMI" = Intel(R) Graphics Media Accelerator Driver "HotspotShield" = Hotspot Shield 2.09 "InstallShield_{BB828C7B-44A6-4A83-A96E-EF80B8680B8D}" = EpsonNet SetupManager "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "MapCreator 2" = MapCreator 2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "NAVIGON Fresh" = NAVIGON Fresh 3.3.1 "o2DE" = Mobile Connection Manager "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "PDF-XChange 3_is1" = PDF-XChange 3 "Picasa 3" = Picasa 3 "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "Reisekostenabrechnung_is1" = Reisekostenabrechnung Version 2.10.1 "Simfy" = simfy "SynTPDeinstKey" = ThinkPad UltraNav Driver "TeamViewer 6" = TeamViewer 6 "TheGreenBow IPSec VPN Client" = TheGreenBow IPSec VPN Client "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "tigo-IT ReNo 2007 Add-In_is1" = ReNo Freeware 2007 Add-In "TreeSize Free_is1" = TreeSize Free V2.5 "VLC media player" = VLC media player 0.9.9 "WebCallDirect_is1" = WebCallDirect "WinGimp-2.0_is1" = GIMP 2.6.11 "Worksheet-Server" = Worksheet-Server (nur entfernen!) "XnView_is1" = XnView 1.98.2 "ZTE USB Driver" = ZTE USB Driver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "Game Organizer" = EasyBits GO "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > wie gehe ich am besten weiter vor? danke für Eure Hilfe! Grüsse, Armin |
30.12.2011, 13:00 | #2 |
/// Malware-holic | p95 / Trojaner / Virenprogramm machtlos? hi
__________________machst du mit dem pc onlinebanking einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb beruflcihes?
__________________ |
30.12.2011, 13:10 | #3 |
| p95 / Trojaner / Virenprogramm machtlos? Ja, sowohl als auch, onlinebanking via software, bleibt eine Option ohne formatieren?
__________________Danke & Gruss, Armin |
30.12.2011, 14:13 | #4 |
/// Malware-holic | p95 / Trojaner / Virenprogramm machtlos? nein, denke ich nicht. ich möchte mir aber noch 1 log ansehen um malware einzusammeln, diese kann dan analysiert werden und den antimalware herstellern zu gute kommen, das bedeutet für uns alle besseren schutz. dauert auch nicht lange. danach zeige ich dir dann die schritte zur absicherung bzw neu aufsetzen. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu p95 / Trojaner / Virenprogramm machtlos? |
0x00000001, adblock, application/pdf, application/pdf:, autorun, bho, converter, danke für eure hilfe!, desktop, downloader, druck, entfernen, error, excel, festplatte, firewall deaktiviert, flash player, free download, homepage, host.exe, hotspot, hotspot shield, installation, intranet, karte, kreditkarte, lenovo, logfile, malware, mbamservice.exe, mediashift, mozilla, mozilla thunderbird, p95 mediashift, pdfforge toolbar, plug-in, problem, programm, registry, rundll, scan, security, sketchup, software, tablet, taskhost.exe, trojaner, version=1.0, virtualbox, webcheck, windows, youtube downloader |