Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: p95 / Trojaner / Virenprogramm machtlos?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2011, 12:32   #1
Lewe
 
p95 / Trojaner / Virenprogramm machtlos? - Standard

p95 / Trojaner / Virenprogramm machtlos?



Guten Tag,

bin auf Euer Forum gestoßen, und bin beeindruckt von der Hilfsbereitschaft und dem guten Support.
Habe ein Problem, das anscheinend gerade herum geht:
Firefox leitet mich auf mediashift oder p95 um, virenscanner findet teilweise etwas (F-secure) kann es aber nich nacchaltig bekämpfen.
Habe mir eset und malware heruntegeladen, aber ohne durchgreifenden erfolg.

Habe dann mit OTL folgende dateien gefunden:

OTL logfile created on: 30.12.2011 11:04:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = K:\User\Lewe\Desktop\Virus
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,13% Memory free
3,98 Gb Paging File | 1,50 Gb Available in Paging File | 37,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,89 Gb Total Space | 0,84 Gb Free Space | 2,06% Space Free | Partition Type: NTFS
Drive J: | 14,73 Gb Total Space | 5,16 Gb Free Space | 35,04% Space Free | Partition Type: NTFS
Drive K: | 4,00 Gb Total Space | 1,63 Gb Free Space | 40,63% Space Free | Partition Type: NTFS

Computer Name: LEWE-THINKPAD | User Name: Lewe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - K:\User\Lewe\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Lewe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Windows\System32\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - K:\cpserver.exe (CP Corporate Planning AG)
PRC - C:\Programme\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
PRC - C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Greenshot\Greenshot.exe ()
PRC - C:\Programme\TheGreenBow\TheGreenBow VPN\vpnconf.exe (TheGreenBow)
PRC - C:\Programme\TheGreenBow\TheGreenBow VPN\tgbike.exe (TheGreenBow)
PRC - C:\Windows\System32\TgbStarter.exe (TheGreenBow)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Programme\Mindjet\MindManager 8\MindManager.exe (Mindjet)
PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)


========== Modules (No Company Name) ==========

MOD - C:\Users\Lewe\AppData\Roaming\Mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCoreGecko8.dll ()
MOD - C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\Mindjet.MindManager.Interop\8.2.328.0__19247b5ea06b230f\Mindjet.MindManager.Interop.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\37f2a07f5c1341f788c5a56baa7cde59\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Programme\Hardcopy\HcDllS.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\DYMO\DYMO Label Software\DYMO.Common.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Programme\Hardcopy\hardcopy_03.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Greenshot\Greenshot.exe ()
MOD - C:\Programme\Greenshot\GreenshotPlugin.dll ()
MOD - C:\Programme\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\libtidyU.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\MmSlp.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.Web.Utilities.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.UsageLog.Client.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.UsageLog.Common.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\Mindjet.CheckUpdate.Client.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\csExWB.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\PTMDataModel.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\Mm8Browser.Logger.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\zlib.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\AxInterop.OfficeViewerMME.dll ()
MOD - C:\Programme\Mindjet\MindManager 8\PTM_German.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FSORSPClient) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FSDFWD) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (CPServerSvc) -- K:\cpserver.exe (CP Corporate Planning AG)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DymoPnpService) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (vmware-converter-worker) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-server) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (TgbIke Starter) -- C:\Windows\System32\TgbStarter.exe (TheGreenBow)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Worksheet-Server) -- C:\Program Files\Worksheet-Server\Apache\Apache.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (PCDSRVC{3037D694-FD904ACA-06020101}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NetBT) -- C:\Windows\System32\drivers\netbt.sys ()
DRV - (NETwLv32) Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (ndistgb) -- C:\Windows\System32\drivers\ndistgb.sys (TheGreenBow)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (bmdrvr) -- C:\Windows\System32\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (vstor2-mntapi10-shared) Vstor2 MntApi 1.0 Driver (shared) -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys (VMware, Inc.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011.12.08 08:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 14:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 12:31:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.21 15:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.09.02 19:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions
[2011.03.30 15:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.02 19:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011.12.28 09:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions
[2011.04.21 22:38:27 | 000,000,000 | ---D | M] ("freecycleedinburgh") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
[2011.12.06 08:45:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.04.21 22:38:27 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2)
[2011.11.29 07:15:46 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.04.21 22:38:29 | 000,000,000 | ---D | M] (Mouseless Browsing) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{c0bcf963-624b-47fe-aa78-8cc02434cf32}(2)
[2011.04.21 22:38:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011.04.21 22:38:25 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\artur.dubovoy@gmail(2).com
[2011.04.21 22:38:26 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\fb_add_on@avm(2).de
[2011.11.17 06:47:09 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\fb_add_on@avm.de
[2011.04.21 22:38:27 | 000,000,000 | ---D | M] (Gutscheinwurst.de) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\mail@gutscheinwurst(2).de
[2011.04.21 22:38:27 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\SkipScreen@SkipScreen(2)
[2011.04.21 22:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewe\AppData\Roaming\mozilla\Firefox\Profiles\zxe5ol2a.default\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}\components\lib\classes\edu\mit\simile\javaFirefoxExtension
[2011.11.10 08:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 08:28:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.21 09:36:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.11.09 14:46:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.11 10:27:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 10:27:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 10:27:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 10:27:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 10:27:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 10:27:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lewe\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lewe\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Click to Call = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\Lewe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TgbVpn] C:\Program Files\TheGreenBow\TheGreenBow VPN\vpnconf.exe (TheGreenBow)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Lewe\AppData\Local\Apps\2.0\295MX2WV.6P6\H098LOAH.LR7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKCU..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lewe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk = C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
O4 - Startup: C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08947DE4-C972-405B-AA40-7023E8834622}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{092D8DB7-745F-4DA9-B8B6-B769CFB79FA0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E95763C-C31A-4ACC-88AD-42A0EDD2B2AF}: NameServer = 10.95.72.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\Corporate Planning\Corporate Planner Client\QvProtocol\Qvp.dll (QlikTech AB)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Lewe\AppData\Local\a31b038c\X) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a3ed97c-6ab9-11e0-a42a-0016ceec3ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3ed97c-6ab9-11e0-a42a-0016ceec3ff1}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{96f6f50e-6a58-11e0-847f-0016ceec3ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{96f6f50e-6a58-11e0-847f-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c07b8b83-86a3-11e0-831b-0016ceec3ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{c07b8b83-86a3-11e0-831b-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{da31a4db-a157-11e0-a768-0016ceec3ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{da31a4db-a157-11e0-a768-0016ceec3ff1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011.12.30 11:02:43 | 000,000,000 | ---D | C] -- K:\User\Lewe\Desktop\Virus
[2011.12.30 11:00:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.30 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\F-Secure
[2011.12.29 08:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Deutsch)
[2011.12.29 07:47:49 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE}
[2011.12.29 07:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2011.12.29 07:45:56 | 001,629,584 | ---- | C] (Microsoft Corporation) -- K:\User\Lewe\Desktop\X16-42929_VYYJW-BTP6H-86J88-9KF33-Q664M.exe
[2011.12.29 07:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.29 07:05:41 | 002,322,184 | ---- | C] (ESET) -- K:\User\Lewe\Desktop\esetsmartinstaller_enu.exe
[2011.12.28 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Malwarebytes
[2011.12.28 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.28 12:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 12:49:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.28 12:48:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- K:\User\Lewe\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.27 12:12:27 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.27 12:08:30 | 000,000,000 | -HSD | C] -- C:\Users\Lewe\AppData\Local\a31b038c
[2011.12.23 12:25:08 | 000,000,000 | ---D | C] -- J:\Dropbox\cdex_151
[2011.12.23 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Canneverbe Limited
[2011.12.23 11:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.12.23 11:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.12.23 11:29:21 | 005,274,776 | ---- | C] (Canneverbe Limited ) -- K:\User\Lewe\Desktop\cdbxp_setup_4.4.0.2838.exe
[2011.12.21 19:19:45 | 000,000,000 | ---D | C] -- J:\Dropbox\Audible
[2011.12.21 19:15:42 | 001,672,880 | ---- | C] (Audible, Inc.) -- K:\User\Lewe\Desktop\AudibleDM_iTunesSetup.exe
[2011.12.19 20:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapCreator 2
[2011.12.19 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\MapCreator 2
[2011.12.15 21:07:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 21:07:24 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 21:07:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 21:07:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 21:07:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 21:07:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.15 09:09:44 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.15 09:09:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.15 09:08:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 09:08:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.15 09:08:06 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.15 09:08:04 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.13 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Blender Foundation
[2011.12.13 10:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.12.13 10:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.12.13 09:50:58 | 040,531,920 | ---- | C] (Google Inc.) -- K:\User\Lewe\Desktop\GoogleSketchUpWDE.exe
[2011.12.02 13:28:08 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\Sanford,_L.P
[2011.12.02 13:27:48 | 000,000,000 | ---D | C] -- J:\Dropbox\DYMO Label
[2011.12.02 13:23:36 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.12.02 13:23:36 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.12.02 13:23:36 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.12.02 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\Deployment
[2011.12.02 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\Lewe\AppData\Local\DYMO
[2011.12.02 13:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2011.12.02 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2011.12.02 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011.12.30 11:00:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.30 10:42:31 | 000,020,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 10:42:31 | 000,020,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 10:41:59 | 000,665,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.30 10:41:59 | 000,626,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.30 10:41:59 | 000,134,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.30 10:41:59 | 000,110,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 10:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.30 10:34:23 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 10:30:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255917087-2592569806-2514691914-1001UA.job
[2011.12.30 09:30:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255917087-2592569806-2514691914-1001Core.job
[2011.12.30 00:16:48 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2011.12.29 18:19:32 | 247,838,990 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.29 14:02:35 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.29 07:54:51 | 001,629,584 | ---- | M] (Microsoft Corporation) -- K:\User\Lewe\Desktop\X16-42929_VYYJW-BTP6H-86J88-9KF33-Q664M.exe
[2011.12.29 07:50:33 | 000,007,589 | ---- | M] () -- C:\Users\Lewe\AppData\Local\Resmon.ResmonCfg
[2011.12.29 07:09:59 | 000,000,111 | ---- | M] () -- K:\User\Lewe\Desktop\hr3_2.m3u
[2011.12.29 07:05:42 | 002,322,184 | ---- | M] (ESET) -- K:\User\Lewe\Desktop\esetsmartinstaller_enu.exe
[2011.12.29 06:30:51 | 000,000,999 | ---- | M] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.28 12:50:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.28 12:48:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- K:\User\Lewe\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.23 11:31:19 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.23 11:29:28 | 005,274,776 | ---- | M] (Canneverbe Limited ) -- K:\User\Lewe\Desktop\cdbxp_setup_4.4.0.2838.exe
[2011.12.21 19:19:48 | 000,002,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011.12.21 19:15:55 | 001,672,880 | ---- | M] (Audible, Inc.) -- K:\User\Lewe\Desktop\AudibleDM_iTunesSetup.exe
[2011.12.21 19:02:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011.12.21 19:02:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.21 10:16:35 | 000,360,873 | ---- | M] () -- K:\User\Lewe\Desktop\einhorn.pdf
[2011.12.21 10:13:16 | 000,365,238 | ---- | M] () -- K:\User\Lewe\Desktop\SR-5.pdf
[2011.12.21 08:19:31 | 000,016,472 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-25.png
[2011.12.21 08:19:14 | 000,013,322 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-06.png
[2011.12.21 08:17:34 | 000,018,300 | ---- | M] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-17-26.png
[2011.12.20 10:16:20 | 003,978,639 | ---- | M] () -- K:\User\Lewe\Desktop\katalog.pdf
[2011.12.20 00:14:44 | 000,187,302 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a.jpg
[2011.12.20 00:14:33 | 000,446,711 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-3.jpg
[2011.12.20 00:06:40 | 000,334,150 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-2.jpg
[2011.12.19 23:56:12 | 000,325,291 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a-1.jpg
[2011.12.19 22:58:06 | 002,055,276 | ---- | M] () -- K:\User\Lewe\Desktop\Karte2a.MCR
[2011.12.19 20:57:39 | 001,686,425 | ---- | M] () -- C:\Windows\MapCreator 2 Uninstaller.exe
[2011.12.19 20:57:38 | 000,000,887 | ---- | M] () -- K:\User\Lewe\Desktop\MapCreator 2.lnk
[2011.12.19 20:34:10 | 108,105,430 | ---- | M] () -- K:\User\Lewe\Desktop\MapCreator2-Setup.exe
[2011.12.19 19:20:45 | 000,585,144 | ---- | M] () -- K:\User\Lewe\Desktop\CaseStudy_Asklepios_2009.pdf
[2011.12.19 18:49:27 | 000,053,020 | ---- | M] () -- K:\User\Lewe\Desktop\Ergebnisliste-November-2011.pdf
[2011.12.19 10:38:23 | 000,735,562 | ---- | M] () -- K:\User\Lewe\Desktop\gtue-reifen-info.pdf
[2011.12.19 10:27:48 | 000,013,349 | ---- | M] () -- K:\User\Lewe\Desktop\Komplettrad.pdf
[2011.12.19 10:26:15 | 000,081,648 | ---- | M] () -- K:\User\Lewe\Desktop\Winter2009.pdf
[2011.12.16 08:56:33 | 000,001,053 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2011.12.15 22:15:39 | 000,432,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.15 17:39:45 | 003,019,560 | ---- | M] () -- K:\User\Lewe\Desktop\img001.pdf
[2011.12.15 14:33:36 | 000,148,521 | ---- | M] () -- K:\User\Lewe\Desktop\GEDC3105.JPG
[2011.12.14 13:33:52 | 000,002,293 | ---- | M] () -- K:\User\Lewe\Desktop\Google Chrome.lnk
[2011.12.14 12:02:38 | 000,177,773 | ---- | M] () -- K:\User\Lewe\Desktop\Jahresprogramm_2011-2012_2_pdf.pdf
[2011.12.14 08:08:39 | 000,231,086 | ---- | M] () -- K:\User\Lewe\Desktop\SKrP Leistungskatalog.pdf
[2011.12.13 18:12:05 | 000,079,040 | ---- | M] () -- J:\Dropbox\Unbenannt2.skp
[2011.12.13 15:51:48 | 000,072,071 | ---- | M] () -- J:\Dropbox\Unbenannt2.skb
[2011.12.13 14:27:18 | 000,022,142 | ---- | M] () -- J:\Dropbox\test 1.skp
[2011.12.13 13:02:38 | 005,016,586 | ---- | M] () -- K:\User\Lewe\Desktop\evplint.pdf
[2011.12.13 12:59:23 | 000,110,599 | ---- | M] () -- K:\User\Lewe\Desktop\EV_10.pdf
[2011.12.13 12:52:05 | 000,087,794 | ---- | M] () -- K:\User\Lewe\Desktop\EV_09.pdf
[2011.12.13 12:51:45 | 000,071,581 | ---- | M] () -- K:\User\Lewe\Desktop\EV_03.pdf
[2011.12.13 12:48:57 | 000,238,829 | ---- | M] () -- K:\User\Lewe\Desktop\EV_04.pdf
[2011.12.13 12:32:11 | 004,061,544 | ---- | M] () -- K:\User\Lewe\Desktop\book.pdf
[2011.12.13 12:22:57 | 000,116,377 | ---- | M] () -- K:\User\Lewe\Desktop\holzherbst_eichen_kantholz.pdf
[2011.12.13 12:09:01 | 001,266,126 | ---- | M] () -- K:\User\Lewe\Desktop\66868_VO.pdf
[2011.12.13 12:08:56 | 000,745,980 | ---- | M] () -- K:\User\Lewe\Desktop\66868_1.pdf
[2011.12.13 10:08:53 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.12.13 09:52:46 | 040,531,920 | ---- | M] (Google Inc.) -- K:\User\Lewe\Desktop\GoogleSketchUpWDE.exe
[2011.12.13 09:52:46 | 023,842,310 | ---- | M] () -- K:\User\Lewe\Desktop\blender-2.60a-release-windows32.exe
[2011.12.13 08:26:46 | 017,022,155 | ---- | M] () -- K:\User\Lewe\Desktop\Katalog_2011.pdf
[2011.12.12 18:50:35 | 001,090,374 | ---- | M] () -- K:\User\Lewe\Desktop\AT-ORDERFORM-MGM.pdf
[2011.12.12 18:43:45 | 001,077,233 | ---- | M] () -- K:\User\Lewe\Desktop\GER-ORDERFORM-MGM.pdf
[2011.12.12 16:02:16 | 002,980,631 | ---- | M] () -- K:\User\Lewe\Desktop\qVaGgmCwdvaS01_fuEuyleg8JYYzpAda.pdf
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 10:30:18 | 000,030,340 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_10_22.pdf
[2011.12.09 10:28:09 | 000,030,963 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_09_22.pdf
[2011.12.09 10:27:36 | 000,033,674 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_08_20.pdf
[2011.12.09 10:27:20 | 000,034,323 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_07_22.pdf
[2011.12.09 10:27:01 | 000,034,441 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_06_22.pdf
[2011.12.09 10:26:40 | 000,034,338 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_05_21.pdf
[2011.12.09 10:26:23 | 000,037,014 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_04_22.pdf
[2011.12.09 10:25:39 | 000,036,932 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_03_22.pdf
[2011.12.09 10:25:18 | 000,034,851 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_02_22.pdf
[2011.12.09 10:25:03 | 000,034,457 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_01_22.pdf
[2011.12.09 10:24:05 | 000,033,192 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx9084_per_2010_11_22.pdf
[2011.12.09 10:23:05 | 000,033,278 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_11_22.pdf
[2011.12.09 10:20:36 | 000,033,159 | ---- | M] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_12_22.pdf
[2011.12.09 10:16:16 | 000,122,522 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_005_per_2010_04_06.pdf
[2011.12.09 10:15:56 | 000,104,855 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_009_per_2010_07_02.pdf
[2011.12.09 10:15:34 | 000,128,940 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_012_per_2010_10_05.pdf
[2011.12.09 10:13:02 | 000,015,579 | ---- | M] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_015_per_2011_01_05.pdf
[2011.12.09 10:10:12 | 000,077,431 | ---- | M] () -- K:\User\Lewe\Desktop\00017458_00174474_20101231.pdf
[2011.12.09 09:49:29 | 000,015,167 | ---- | M] () -- K:\User\Lewe\Desktop\Zwangsauszug_8000030474__Nr.001_vom_01.01.2011_20111209094926.pdf
[2011.12.09 09:44:32 | 000,002,162 | ---- | M] () -- K:\User\Lewe\Desktop\Bank
[2011.12.08 22:13:15 | 000,057,526 | ---- | M] () -- K:\User\Lewe\Desktop\12276000003224486.pdf
[2011.12.08 22:13:08 | 000,057,526 | ---- | M] () -- K:\User\Lewe\Desktop\12276000002793274.pdf
[2011.12.08 22:13:04 | 000,047,980 | ---- | M] () -- K:\User\Lewe\Desktop\12276000001917909.pdf
[2011.12.08 22:12:51 | 000,047,980 | ---- | M] () -- K:\User\Lewe\Desktop\12276000002364807.pdf
[2011.12.08 19:01:17 | 000,029,123 | ---- | M] () -- K:\User\Lewe\Desktop\Handelsregister - Hamburger Abendblatt - Mozilla Firefox_2011-12-08_19-01-03.png
[2011.12.08 18:30:40 | 000,382,134 | ---- | M] () -- K:\User\Lewe\Desktop\Hamburg1.pdf
[2011.12.08 18:29:45 | 000,382,728 | ---- | M] () -- K:\User\Lewe\Desktop\Hamburg.pdf
[2011.12.08 17:02:40 | 000,465,041 | ---- | M] () -- K:\User\Lewe\Desktop\BZ.pdf
[2011.12.08 13:28:45 | 006,082,285 | ---- | M] () -- K:\User\Lewe\Desktop\ew_h_to_h.pdf
[2011.12.08 13:28:37 | 000,868,215 | ---- | M] () -- K:\User\Lewe\Desktop\ew_prod_ueberblick.pdf
[2011.12.08 10:31:14 | 000,141,036 | ---- | M] () -- K:\User\Lewe\Desktop\nachtraeglieche-portierung-mobil.pdf
[2011.12.08 09:04:35 | 000,850,668 | ---- | M] () -- K:\User\Lewe\Desktop\easy pieces bruehl - Google-Suche - Mozilla Firefox_2011-12-08_09-04-28.png
[2011.12.08 09:03:02 | 000,214,988 | ---- | M] () -- K:\User\Lewe\Desktop\Viereckiges Sofa bei Brühl - News - [SCHÖNER WOHNEN].pdf
[2011.12.07 14:07:20 | 000,008,447 | ---- | M] () -- K:\User\Lewe\Desktop\Jahresplaner_2012.pdf
[2011.12.07 13:40:06 | 000,141,018 | ---- | M] () -- K:\User\Lewe\Desktop\Xoom2-Ipad2.pdf
[2011.12.07 13:12:23 | 000,208,792 | ---- | M] () -- K:\User\Lewe\Desktop\[Video] Motorola XOOM 2 & XOOM 2 „Media Edition“ im offiziellen Teaser - AndroidPIT.pdf
[2011.12.07 12:59:33 | 000,179,108 | ---- | M] () -- K:\User\Lewe\Desktop\2011-12-07_cks-37mm-offset.pdf
[2011.12.07 12:05:56 | 000,301,883 | ---- | M] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Test-Überblick & Tablet Vergleich - Test Portal.pdf
[2011.12.07 11:45:52 | 000,167,816 | ---- | M] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Media Edition 8.2 inch 16GB Andriod Tablet (Wi-Fi Version) Amaz_2011-12-07_11-45-42.png
[2011.12.07 11:17:51 | 000,133,540 | ---- | M] () -- K:\User\Lewe\Desktop\02.12.11_12.41_Telefax.02118549066.pdf
[2011.12.06 16:54:42 | 000,072,548 | ---- | M] () -- K:\User\Lewe\Desktop\Mozilla Firefox_2011-12-06_16-54-32.png
[2011.12.06 16:53:21 | 000,161,435 | ---- | M] () -- K:\User\Lewe\Desktop\World of Pins - Mozilla Firefox_2011-12-06_16-53-08.png
[2011.12.06 12:59:33 | 000,152,308 | ---- | M] () -- K:\User\Lewe\Desktop\Verteilungsschlüssel.pdf
[2011.12.06 12:56:35 | 000,267,087 | ---- | M] () -- K:\User\Lewe\Desktop\Unbenannt.pdf
[2011.12.06 09:51:39 | 000,379,618 | ---- | M] () -- K:\User\Lewe\Desktop\Wash the world.pdf
[2011.12.02 15:51:43 | 000,339,088 | ---- | M] () -- K:\User\Lewe\Desktop\25.pdf
[2011.12.02 15:44:25 | 000,202,664 | ---- | M] () -- K:\User\Lewe\Desktop\invoice 11233.pdf
[2011.12.02 15:44:17 | 000,201,584 | ---- | M] () -- K:\User\Lewe\Desktop\invoice 11234.pdf
[2011.12.02 13:25:01 | 000,001,205 | ---- | M] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
[2011.12.02 13:23:25 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.12.02 13:23:24 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.12.02 13:13:52 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2011.12.02 11:42:51 | 000,221,372 | ---- | M] () -- K:\User\Lewe\Desktop\vfl rathenow blau.jpeg
[2011.12.02 08:02:19 | 000,148,494 | ---- | M] () -- K:\User\Lewe\Desktop\Sales A-09-11-2011.pdf
[2011.11.30 16:03:01 | 000,247,224 | ---- | M] () -- K:\User\Lewe\Desktop\Tiffany & Co. Browse Charms United States - Mozilla Firefox_2011-11-30_16-02-52.png
[2011.11.30 11:42:11 | 000,358,269 | ---- | M] () -- K:\User\Lewe\Desktop\Schneeflocke.pdf

========== Files Created - No Company Name ==========

[2011.12.29 18:19:32 | 247,838,990 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.29 07:09:57 | 000,000,111 | ---- | C] () -- K:\User\Lewe\Desktop\hr3_2.m3u
[2011.12.28 12:50:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.28 12:31:57 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2011.12.23 11:31:19 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.23 11:31:18 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.12.21 19:19:48 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011.12.21 16:22:09 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011.12.21 10:16:34 | 000,360,873 | ---- | C] () -- K:\User\Lewe\Desktop\einhorn.pdf
[2011.12.21 10:13:15 | 000,365,238 | ---- | C] () -- K:\User\Lewe\Desktop\SR-5.pdf
[2011.12.21 08:19:31 | 000,016,472 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-25.png
[2011.12.21 08:19:14 | 000,013,322 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-19-06.png
[2011.12.21 08:17:34 | 000,018,300 | ---- | C] () -- K:\User\Lewe\Desktop\FAKS - 168.168.200.80 - Remotedesktopverbindung_2011-12-21_08-17-26.png
[2011.12.20 10:16:12 | 003,978,639 | ---- | C] () -- K:\User\Lewe\Desktop\katalog.pdf
[2011.12.20 00:14:44 | 000,187,302 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a.jpg
[2011.12.20 00:14:33 | 000,446,711 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-3.jpg
[2011.12.20 00:06:40 | 000,334,150 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-2.jpg
[2011.12.19 23:56:12 | 000,325,291 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a-1.jpg
[2011.12.19 22:58:06 | 002,055,276 | ---- | C] () -- K:\User\Lewe\Desktop\Karte2a.MCR
[2011.12.19 20:57:38 | 000,000,887 | ---- | C] () -- K:\User\Lewe\Desktop\MapCreator 2.lnk
[2011.12.19 20:57:37 | 001,686,425 | ---- | C] () -- C:\Windows\MapCreator 2 Uninstaller.exe
[2011.12.19 20:21:31 | 108,105,430 | ---- | C] () -- K:\User\Lewe\Desktop\MapCreator2-Setup.exe
[2011.12.19 19:20:41 | 000,585,144 | ---- | C] () -- K:\User\Lewe\Desktop\CaseStudy_Asklepios_2009.pdf
[2011.12.19 18:49:23 | 000,053,020 | ---- | C] () -- K:\User\Lewe\Desktop\Ergebnisliste-November-2011.pdf
[2011.12.19 10:38:17 | 000,735,562 | ---- | C] () -- K:\User\Lewe\Desktop\gtue-reifen-info.pdf
[2011.12.19 10:27:46 | 000,013,349 | ---- | C] () -- K:\User\Lewe\Desktop\Komplettrad.pdf
[2011.12.19 10:26:11 | 000,081,648 | ---- | C] () -- K:\User\Lewe\Desktop\Winter2009.pdf
[2011.12.15 17:39:11 | 003,019,560 | ---- | C] () -- K:\User\Lewe\Desktop\img001.pdf
[2011.12.15 14:33:36 | 000,148,521 | ---- | C] () -- K:\User\Lewe\Desktop\GEDC3105.JPG
[2011.12.14 12:02:36 | 000,177,773 | ---- | C] () -- K:\User\Lewe\Desktop\Jahresprogramm_2011-2012_2_pdf.pdf
[2011.12.14 08:08:38 | 000,231,086 | ---- | C] () -- K:\User\Lewe\Desktop\SKrP Leistungskatalog.pdf
[2011.12.13 15:33:09 | 000,072,071 | ---- | C] () -- J:\Dropbox\Unbenannt2.skb
[2011.12.13 15:12:36 | 000,079,040 | ---- | C] () -- J:\Dropbox\Unbenannt2.skp
[2011.12.13 14:27:17 | 000,022,142 | ---- | C] () -- J:\Dropbox\test 1.skp
[2011.12.13 13:00:42 | 005,016,586 | ---- | C] () -- K:\User\Lewe\Desktop\evplint.pdf
[2011.12.13 12:59:21 | 000,110,599 | ---- | C] () -- K:\User\Lewe\Desktop\EV_10.pdf
[2011.12.13 12:52:02 | 000,087,794 | ---- | C] () -- K:\User\Lewe\Desktop\EV_09.pdf
[2011.12.13 12:51:44 | 000,071,581 | ---- | C] () -- K:\User\Lewe\Desktop\EV_03.pdf
[2011.12.13 12:48:51 | 000,238,829 | ---- | C] () -- K:\User\Lewe\Desktop\EV_04.pdf
[2011.12.13 12:31:53 | 004,061,544 | ---- | C] () -- K:\User\Lewe\Desktop\book.pdf
[2011.12.13 12:22:54 | 000,116,377 | ---- | C] () -- K:\User\Lewe\Desktop\holzherbst_eichen_kantholz.pdf
[2011.12.13 12:08:59 | 001,266,126 | ---- | C] () -- K:\User\Lewe\Desktop\66868_VO.pdf
[2011.12.13 12:08:53 | 000,745,980 | ---- | C] () -- K:\User\Lewe\Desktop\66868_1.pdf
[2011.12.13 10:08:53 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.12.13 09:51:29 | 023,842,310 | ---- | C] () -- K:\User\Lewe\Desktop\blender-2.60a-release-windows32.exe
[2011.12.13 08:26:12 | 017,022,155 | ---- | C] () -- K:\User\Lewe\Desktop\Katalog_2011.pdf
[2011.12.12 18:50:29 | 001,090,374 | ---- | C] () -- K:\User\Lewe\Desktop\AT-ORDERFORM-MGM.pdf
[2011.12.12 18:43:39 | 001,077,233 | ---- | C] () -- K:\User\Lewe\Desktop\GER-ORDERFORM-MGM.pdf
[2011.12.12 16:02:05 | 002,980,631 | ---- | C] () -- K:\User\Lewe\Desktop\qVaGgmCwdvaS01_fuEuyleg8JYYzpAda.pdf
[2011.12.09 10:30:16 | 000,030,340 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_10_22.pdf
[2011.12.09 10:28:08 | 000,030,963 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_09_22.pdf
[2011.12.09 10:27:35 | 000,033,674 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_08_20.pdf
[2011.12.09 10:27:18 | 000,034,323 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_07_22.pdf
[2011.12.09 10:27:00 | 000,034,441 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_06_22.pdf
[2011.12.09 10:26:40 | 000,034,338 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_05_21.pdf
[2011.12.09 10:25:52 | 000,037,014 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_04_22.pdf
[2011.12.09 10:25:38 | 000,036,932 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_03_22.pdf
[2011.12.09 10:25:17 | 000,034,851 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_02_22.pdf
[2011.12.09 10:25:02 | 000,034,457 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4907xxxxxxxx1675_per_2010_01_22.pdf
[2011.12.09 10:24:05 | 000,033,192 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx9084_per_2010_11_22.pdf
[2011.12.09 10:23:02 | 000,033,278 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_11_22.pdf
[2011.12.09 10:20:33 | 000,033,159 | ---- | C] () -- K:\User\Lewe\Desktop\Kreditkartenabrechnung_4998xxxxxxxx8850_per_2010_12_22.pdf
[2011.12.09 10:16:15 | 000,122,522 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_005_per_2010_04_06.pdf
[2011.12.09 10:15:55 | 000,104,855 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_009_per_2010_07_02.pdf
[2011.12.09 10:15:33 | 000,128,940 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_012_per_2010_10_05.pdf
[2011.12.09 10:13:01 | 000,015,579 | ---- | C] () -- K:\User\Lewe\Desktop\Kontoauszug_1002913281_Nr_2010_015_per_2011_01_05.pdf
[2011.12.09 10:10:08 | 000,077,431 | ---- | C] () -- K:\User\Lewe\Desktop\00017458_00174474_20101231.pdf
[2011.12.09 09:49:28 | 000,015,167 | ---- | C] () -- K:\User\Lewe\Desktop\Zwangsauszug_8000030474__Nr.001_vom_01.01.2011_20111209094926.pdf
[2011.12.09 09:44:30 | 000,002,162 | ---- | C] () -- K:\User\Lewe\Desktop\Bank
[2011.12.08 22:13:14 | 000,057,526 | ---- | C] () -- K:\User\Lewe\Desktop\12276000003224486.pdf
[2011.12.08 22:13:07 | 000,057,526 | ---- | C] () -- K:\User\Lewe\Desktop\12276000002793274.pdf
[2011.12.08 22:13:02 | 000,047,980 | ---- | C] () -- K:\User\Lewe\Desktop\12276000001917909.pdf
[2011.12.08 22:12:48 | 000,047,980 | ---- | C] () -- K:\User\Lewe\Desktop\12276000002364807.pdf
[2011.12.08 19:01:17 | 000,029,123 | ---- | C] () -- K:\User\Lewe\Desktop\Handelsregister - Hamburger Abendblatt - Mozilla Firefox_2011-12-08_19-01-03.png
[2011.12.08 18:30:40 | 000,382,134 | ---- | C] () -- K:\User\Lewe\Desktop\Hamburg1.pdf
[2011.12.08 18:29:45 | 000,382,728 | ---- | C] () -- K:\User\Lewe\Desktop\Hamburg.pdf
[2011.12.08 17:02:40 | 000,465,041 | ---- | C] () -- K:\User\Lewe\Desktop\BZ.pdf
[2011.12.08 13:28:33 | 000,868,215 | ---- | C] () -- K:\User\Lewe\Desktop\ew_prod_ueberblick.pdf
[2011.12.08 13:28:27 | 006,082,285 | ---- | C] () -- K:\User\Lewe\Desktop\ew_h_to_h.pdf
[2011.12.08 10:31:11 | 000,141,036 | ---- | C] () -- K:\User\Lewe\Desktop\nachtraeglieche-portierung-mobil.pdf
[2011.12.08 09:04:35 | 000,850,668 | ---- | C] () -- K:\User\Lewe\Desktop\easy pieces bruehl - Google-Suche - Mozilla Firefox_2011-12-08_09-04-28.png
[2011.12.08 09:03:02 | 000,214,988 | ---- | C] () -- K:\User\Lewe\Desktop\Viereckiges Sofa bei Brühl - News - [SCHÖNER WOHNEN].pdf
[2011.12.07 14:07:19 | 000,008,447 | ---- | C] () -- K:\User\Lewe\Desktop\Jahresplaner_2012.pdf
[2011.12.07 13:40:05 | 000,141,018 | ---- | C] () -- K:\User\Lewe\Desktop\Xoom2-Ipad2.pdf
[2011.12.07 13:12:12 | 000,208,792 | ---- | C] () -- K:\User\Lewe\Desktop\[Video] Motorola XOOM 2 & XOOM 2 „Media Edition“ im offiziellen Teaser - AndroidPIT.pdf
[2011.12.07 12:59:33 | 000,179,108 | ---- | C] () -- K:\User\Lewe\Desktop\2011-12-07_cks-37mm-offset.pdf
[2011.12.07 12:03:08 | 000,301,883 | ---- | C] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Test-Überblick & Tablet Vergleich - Test Portal.pdf
[2011.12.07 11:45:52 | 000,167,816 | ---- | C] () -- K:\User\Lewe\Desktop\Motorola Xoom 2 Media Edition 8.2 inch 16GB Andriod Tablet (Wi-Fi Version) Amaz_2011-12-07_11-45-42.png
[2011.12.07 11:17:48 | 000,133,540 | ---- | C] () -- K:\User\Lewe\Desktop\02.12.11_12.41_Telefax.02118549066.pdf
[2011.12.06 16:54:42 | 000,072,548 | ---- | C] () -- K:\User\Lewe\Desktop\Mozilla Firefox_2011-12-06_16-54-32.png
[2011.12.06 16:53:21 | 000,161,435 | ---- | C] () -- K:\User\Lewe\Desktop\World of Pins - Mozilla Firefox_2011-12-06_16-53-08.png
[2011.12.06 12:57:32 | 000,152,308 | ---- | C] () -- K:\User\Lewe\Desktop\Verteilungsschlüssel.pdf
[2011.12.06 12:56:26 | 000,267,087 | ---- | C] () -- K:\User\Lewe\Desktop\Unbenannt.pdf
[2011.12.06 09:51:39 | 000,379,618 | ---- | C] () -- K:\User\Lewe\Desktop\Wash the world.pdf
[2011.12.02 15:51:43 | 000,339,088 | ---- | C] () -- K:\User\Lewe\Desktop\25.pdf
[2011.12.02 15:44:25 | 000,202,664 | ---- | C] () -- K:\User\Lewe\Desktop\invoice 11233.pdf
[2011.12.02 15:44:16 | 000,201,584 | ---- | C] () -- K:\User\Lewe\Desktop\invoice 11234.pdf
[2011.12.02 13:25:01 | 000,001,205 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
[2011.12.02 13:13:52 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2011.12.02 11:42:49 | 000,221,372 | ---- | C] () -- K:\User\Lewe\Desktop\vfl rathenow blau.jpeg
[2011.12.02 08:02:10 | 000,148,494 | ---- | C] () -- K:\User\Lewe\Desktop\Sales A-09-11-2011.pdf
[2011.11.30 16:03:01 | 000,247,224 | ---- | C] () -- K:\User\Lewe\Desktop\Tiffany & Co. Browse Charms United States - Mozilla Firefox_2011-11-30_16-02-52.png
[2011.11.30 11:42:11 | 000,358,269 | ---- | C] () -- K:\User\Lewe\Desktop\Schneeflocke.pdf
[2011.09.20 14:43:52 | 000,696,277 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\unins000.exe
[2011.09.20 14:43:52 | 000,001,287 | ---- | C] () -- C:\Users\Lewe\AppData\Roaming\unins000.dat
[2011.07.17 10:25:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.06.22 06:53:13 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011.06.22 06:51:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.18 20:56:32 | 000,026,440 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.04.12 08:02:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 19:08:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.01 14:38:36 | 000,007,589 | ---- | C] () -- C:\Users\Lewe\AppData\Local\Resmon.ResmonCfg
[2011.04.01 14:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.30 15:38:41 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.03.30 15:38:40 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.03.30 15:38:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.03.30 15:38:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.03.30 15:38:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.30 15:13:47 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.03.30 07:49:17 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.03.30 02:14:42 | 000,665,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.03.30 02:14:42 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.03.30 02:14:42 | 000,134,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.03.30 02:14:42 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,432,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,626,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Files - Unicode (All) ==========
[2011.08.11 14:32:36 | 000,000,285 | ---- | M] ()(K:\User\Lewe\Desktop\?) -- K:\User\Lewe\Desktop\�
[2011.08.11 14:32:36 | 000,000,285 | ---- | C] ()(K:\User\Lewe\Desktop\?) -- K:\User\Lewe\Desktop\�
[2011.07.21 14:25:04 | 001,055,738 | ---- | M] ()(K:\User\Lewe\Desktop\po_3422_artwork-???.pdf) -- K:\User\Lewe\Desktop\po_3422_artwork-工厂图.pdf
[2011.07.21 14:25:04 | 001,055,738 | ---- | C] ()(K:\User\Lewe\Desktop\po_3422_artwork-???.pdf) -- K:\User\Lewe\Desktop\po_3422_artwork-工厂图.pdf

< End of report >

OTL Extras logfile created on: 30.12.2011 11:04:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = K:\User\Lewe\Desktop\Virus
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,13% Memory free
3,98 Gb Paging File | 1,50 Gb Available in Paging File | 37,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,89 Gb Total Space | 0,84 Gb Free Space | 2,06% Space Free | Partition Type: NTFS
Drive J: | 14,73 Gb Total Space | 5,16 Gb Free Space | 35,04% Space Free | Partition Type: NTFS
Drive K: | 4,00 Gb Total Space | 1,63 Gb Free Space | 40,63% Space Free | Partition Type: NTFS

Computer Name: LEWE-THINKPAD | User Name: Lewe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26685F4A-E6B6-4EA6-B8C5-130AC6B2A288}" = Corporate Planner
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2EB44B16-05EF-42FD-9300-A85CDEF60864}" = Free Word Excel Password Wizard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{408CD2E8-3977-449B-8102-76F158D4885F}" = Oracle VM VirtualBox 4.0.4
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center
"{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang
"{5E16A144-5526-467F-9D8B-77F449E50F63}" = CP-Server
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FC019C3-5B20-4CA4-93D9-B2187E36D862}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9DA1BC-CDE6-458F-AE11-7124E881EF23}" = FileMaker Pro 9 Advanced
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{96212FB2-1E4D-4AAB-90CB-9AC31B946324}" = VMware vCenter Converter Standalone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B991B020-2968-11D8-AF23-444553540000}_is1" = FreeMind
"{BB828C7B-44A6-4A83-A96E-EF80B8680B8D}" = EpsonNet SetupManager
"{BF4DF3F7-5350-4F71-A656-F73E95D82E5F}" = Mindjet MindManager 8
"{C3EC469F-6296-42BF-B282-2EA2C6B80B06}" = BDE
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E20B2BBD-28B8-4378-97AD-C30F40ED13D2}" = Motorola Software Update
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"3309-7404-0599-8908" = yEd Graph Editor 3.7.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alf-BanCo4_is1" = ALF-BanCo 4
"Allway Sync_is1" = Allway Sync version 11.2.2
"BDE" = BDE
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Blender" = Blender
"Buchungs Plugin_is1" = Re/3 Import-Plugin 3.5
"CCleaner" = CCleaner
"CSV-Import_is1" = CSV-Import 3.9
"DYMO Label v.8" = DYMO Label v.8
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"EasyRide&Tax_is1" = EasyRide&Tax 1.3
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.4
"ECTPlugJavaScriptJournal_is1" = ECTPlugJavaScriptJournal 1.03
"ECTPlugWolframsJournal_is1" = ECTPlugWolframsJournal 1.03
"Elster-Export Plugin für EasyCash&Tax_is1" = Elster-Export 1.9
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"F-Secure Product 444" = F-Secure Internet Security 2011
"Google Desktop" = Google Desktop
"Greenshot_is1" = Greenshot
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 2.09
"InstallShield_{BB828C7B-44A6-4A83-A96E-EF80B8680B8D}" = EpsonNet SetupManager
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MapCreator 2" = MapCreator 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"o2DE" = Mobile Connection Manager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF-XChange 3_is1" = PDF-XChange 3
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Reisekostenabrechnung_is1" = Reisekostenabrechnung Version 2.10.1
"Simfy" = simfy
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 6" = TeamViewer 6
"TheGreenBow IPSec VPN Client" = TheGreenBow IPSec VPN Client
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"tigo-IT ReNo 2007 Add-In_is1" = ReNo Freeware 2007 Add-In
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 0.9.9
"WebCallDirect_is1" = WebCallDirect
"WinGimp-2.0_is1" = GIMP 2.6.11
"Worksheet-Server" = Worksheet-Server (nur entfernen!)
"XnView_is1" = XnView 1.98.2
"ZTE USB Driver" = ZTE USB Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

wie gehe ich am besten weiter vor? danke für Eure Hilfe!
Grüsse, Armin

Alt 30.12.2011, 13:00   #2
markusg
/// Malware-holic
 
p95 / Trojaner / Virenprogramm machtlos? - Standard

p95 / Trojaner / Virenprogramm machtlos?



hi
machst du mit dem pc onlinebanking einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb beruflcihes?
__________________

__________________

Alt 30.12.2011, 13:10   #3
Lewe
 
p95 / Trojaner / Virenprogramm machtlos? - Standard

p95 / Trojaner / Virenprogramm machtlos?



Ja, sowohl als auch, onlinebanking via software, bleibt eine Option ohne formatieren?
Danke & Gruss, Armin
__________________

Alt 30.12.2011, 14:13   #4
markusg
/// Malware-holic
 
p95 / Trojaner / Virenprogramm machtlos? - Standard

p95 / Trojaner / Virenprogramm machtlos?



nein, denke ich nicht.
ich möchte mir aber noch 1 log ansehen um malware einzusammeln, diese kann dan analysiert werden und den antimalware herstellern zu gute kommen, das bedeutet für uns alle besseren schutz.
dauert auch nicht lange.
danach zeige ich dir dann die schritte zur absicherung bzw neu aufsetzen.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu p95 / Trojaner / Virenprogramm machtlos?
0x00000001, adblock, application/pdf, application/pdf:, autorun, bho, converter, danke für eure hilfe!, desktop, downloader, druck, entfernen, error, excel, festplatte, firewall deaktiviert, flash player, free download, homepage, host.exe, hotspot, hotspot shield, installation, intranet, karte, kreditkarte, lenovo, logfile, malware, mbamservice.exe, mediashift, mozilla, mozilla thunderbird, p95 mediashift, pdfforge toolbar, plug-in, problem, programm, registry, rundll, scan, security, sketchup, software, tablet, taskhost.exe, trojaner, version=1.0, virtualbox, webcheck, windows, youtube downloader




Ähnliche Themen: p95 / Trojaner / Virenprogramm machtlos?


  1. GVU-Trojaner, Abgesicherter Modus + WindowsUnlocker machtlos!
    Mülltonne - 20.07.2014 (3)
  2. BKA-Trojaner und Machtlos (XP Pro)
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (9)
  3. Virenprogramm aht bei mir einen Trojaner entdeckt. Jedoch via Internet keine Infos gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (29)
  4. Trojaner: Anti-Virenprogramm und Windows-Update funktionieren nicht mehr
    Log-Analyse und Auswertung - 28.05.2012 (18)
  5. Trojaner, der Virenprogramm vorgaukelt eingefangen + Firewall lässt sich nicht mehr einschalten
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (2)
  6. BKA-Virus: unmöglich von CD zu booten; bin machtlos
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (3)
  7. BKA Trojaner, Rescue CD aufgrund Überhitzung des CPU machtlos?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (3)
  8. Google-Ergebnisse werden auf anderen Websites umgeleitet - Virenprogramm findet 7 Trojaner
    Log-Analyse und Auswertung - 06.07.2011 (49)
  9. Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (13)
  10. Hilfe...Virenprogramm findet dauernt trojaner und weitere probleme..
    Log-Analyse und Auswertung - 20.02.2009 (2)
  11. Virus oder Trojaner - Virenprogramm, Firewall etc. geblockt
    Mülltonne - 06.12.2008 (0)
  12. Trojaner, der sich als Virenprogramm ausgiebt!?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2008 (3)
  13. TR/Dldr.ConHook.aku bin machtlos
    Plagegeister aller Art und deren Bekämpfung - 08.06.2008 (6)
  14. Trojaner läßt sich weder finden, noch vom Anti-Virenprogramm löschen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2008 (2)
  15. Trojaner an Bord - HJT/Adaware/Spybot machtlos?!
    Plagegeister aller Art und deren Bekämpfung - 09.09.2007 (3)
  16. trotz Entfernung mit Virenprogramm immer noch Trojaner?
    Log-Analyse und Auswertung - 16.11.2006 (2)
  17. bin ratlos und machtlos, hilfe!!!!!!!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 25.11.2004 (5)

Zum Thema p95 / Trojaner / Virenprogramm machtlos? - Guten Tag, bin auf Euer Forum gestoßen, und bin beeindruckt von der Hilfsbereitschaft und dem guten Support. Habe ein Problem, das anscheinend gerade herum geht: Firefox leitet mich auf mediashift - p95 / Trojaner / Virenprogramm machtlos?...
Archiv
Du betrachtest: p95 / Trojaner / Virenprogramm machtlos? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.