| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 99 TANs Abfrage, Trojaner / Exploit.Drop.3PWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2012, 22:22
| #1 |
 |  99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hallo, auch uns hat es erwischt, beim Online Banking wurden alle 99 TANS abgefragt, ich habe immer 000000 eingegeben, um weiter zu kommen... Außerdem hatte ich in den Tagen davor 2 Anfragen von der Firewall wegen angeblicher Programme (die Namen habe ich leider nicht notiert, dürften aber evtl. zufällig generiert worden sein?), die ich aber bei google nicht gefunden habe, ich habe alle Rechte verboten. Antivir/Avira hat einige Viren gefunden, aber nur in ungeöffneten Mails im Papierkorb. Hier der Bericht von malwarebytes: ++++++++++++++ Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.13.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 13.06.2012 22:41:48 mbam-log-2012-06-13 (23-09-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291853 Laufzeit: 20 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\HP Berlin\AppData\Local\Temp\i4b3384111915216926048.tmp (Exploit.Drop.3P) -> Keine Aktion durchgeführt. (Ende) ++++++++++++++++++ defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:17 on 13/06/2012 (HP Berlin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ++++++++++++++++++++ OTL logfile created on: 13.06.2012 22:47:25 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 56,43% Memory free 11,90 Gb Paging File | 7,97 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 512,68 Gb Free Space | 74,94% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 158,10 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive O: | 1396,92 Gb Total Space | 933,09 Gb Free Space | 66,80% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe PRC - [2012.05.05 09:58:41 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.12.17 17:59:06 | 000,360,448 | ---- | M] () -- C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe PRC - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 20:53:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 20:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 14:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll MOD - [2012.04.14 12:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2012.02.12 00:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.12.17 17:59:06 | 000,360,448 | ---- | M] () -- C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.08.14 08:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.08.14 08:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.08.14 08:46:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll MOD - [2010.08.14 08:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.08.14 08:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.08.14 08:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.08.14 08:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.06.10 23:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 08:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.29 08:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 08:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.10.20 10:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 16:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 20:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 22:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Ebefuqkuub] C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7AE09C-7813-4011-8037-998009C97D5C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk O:\ O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 22:45:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe [2012.06.13 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C93530E5-4112-45E0-9229-CDA6C01125DD} [2012.06.13 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{21E384F2-1F97-4576-83DF-C2B7D85EAB7E} [2012.06.13 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Malwarebytes [2012.06.13 22:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B2A4A19C-E7D8-4EF2-ABE9-4C201E118809} [2012.06.13 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{41F77355-F864-4FA6-8812-1EFFD7126EC2} [2012.06.13 06:36:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DA17AF1B-14B8-417C-BCCD-B881CA8436A8} [2012.06.13 06:35:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED1F678F-C728-4640-B9FD-B39754FFCA78} [2012.06.12 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F994948-BD6F-4D86-9135-715B53E8D721} [2012.06.12 23:29:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F6AA7D4-9E2F-405D-B3EC-753434113481} [2012.06.12 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{05B08539-25FE-428D-909D-5D7B86A2BAAD} [2012.06.12 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E88E47CE-38CF-4F45-86B3-C90ADFAF861B} [2012.06.10 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7F4E82B1-2049-45A4-B1B7-A83618448794} [2012.06.10 19:30:14 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8AE92015-331C-4604-BD8A-EDE4B2B0B0C3} [2012.06.10 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89C6D965-B28D-4542-8530-85E13087D1FD} [2012.06.10 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{702E4C6B-5F5E-4FEE-BE17-51BC69E6794F} [2012.06.09 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{91E4E777-C8DC-4E3B-8024-41DF27EE66E5} [2012.06.09 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{588ADE41-B615-4F70-819D-4962D6012482} [2012.06.08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D280BC7C-107F-4C21-ACEB-1039DC55E5AD} [2012.06.08 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB3B61D4-5CBC-4CFE-8EE9-4647CE3780AE} [2012.06.08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{78A2691D-E025-44AE-BF6E-9B49F5149DE7} [2012.06.08 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{751D5D4B-D3F7-45E5-A61B-600E777E6BDE} [2012.06.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1A9FD92E-594B-4E9A-BD20-C45AD61C7F4E} [2012.06.08 08:48:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D0F561B-C136-4689-B399-2845EB1EE1B6} [2012.06.07 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{02C4F674-D42B-4B1F-A94A-99320018BD9F} [2012.06.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{99DD9D9A-D31A-4C62-8146-5F1B55EEC496} [2012.06.07 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A13B247E-7B0D-40E4-A69E-9D791663E3EE} [2012.06.07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BB853429-FE7E-470E-A2B4-248E014BA900} [2012.06.07 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C4C4AFB1-5CCA-4085-B6A2-B05174C15FD7} [2012.06.07 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8561BFDB-C767-4186-BF32-D74249563EEC} [2012.06.06 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A591E71-0880-4ADA-817D-1457972FA3B6} [2012.06.06 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1D66E8A-EBB6-4F05-AE9D-9A24F1149EBA} [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Ewse [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Biyva [2012.06.05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{016C9C0C-991F-4D39-AD45-47A997C95C08} [2012.06.05 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C33FE34C-AF6F-486C-AA71-4DE3F0DB4DD3} [2012.06.04 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B6FCFFDA-4145-4769-8A15-66D14AB119C8} [2012.06.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{44B1CA05-B2C6-43FE-B56E-56104DAC47A9} [2012.06.04 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52AD2894-91E1-4190-BF45-98E40C30FAC8} [2012.06.04 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B1FF7ABB-C49F-468F-A1E1-A2E6CE78C504} [2012.06.03 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{29D41DA3-3E48-463B-90FF-CB6C38B4C7A6} [2012.06.03 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{967F496F-F5B9-417E-98D6-871F062DCCCF} [2012.06.02 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{36CD9A83-08E9-46A0-B376-B14892821461} [2012.06.02 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{70651EC8-F7E3-4D92-A738-0B090CF715C2} [2012.06.01 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7E71045-3DCC-4D5F-868A-5A48934787E0} [2012.06.01 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B68912-AB2E-44BD-9D91-0F48FA173519} [2012.06.01 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B3A08925-89DC-4B51-A740-7DD18A761801} [2012.06.01 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C07747A3-E4BC-4C7B-95E0-AF81A6C13FB6} [2012.06.01 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C2CCB5B9-70DC-4F10-9ADF-BE8DE68AFF2B} [2012.06.01 10:06:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4DEEEBA4-1C84-4BAF-B321-0BD05E6F70B4} [2012.05.31 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9DBDA530-5DF4-45BB-BB8D-0365245384A1} [2012.05.31 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3A9499E8-D511-4C1E-A9D5-47A826963D11} [2012.05.29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{83D68B42-0980-46CC-B31C-034FFD0F0CBB} [2012.05.29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C6B222DA-5B5A-41B9-813D-E6B369F2B75F} [2012.05.28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6EF1CB32-E1C9-4D56-9F73-32663AFB2B7F} [2012.05.28 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{07A341F8-87EB-4F20-93A5-1EBE08D4B3D8} [2012.05.28 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{79DA05FE-0279-49C7-A867-9099207194C9} [2012.05.28 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{03AFFF09-7587-457C-883F-9602CC93DACF} [2012.05.28 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5297AF-3B92-4E4B-9F26-540468A6E08A} [2012.05.28 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B0C219A-7FA1-4678-B254-3A007B309DB5} [2012.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1A7149E-C5AC-493B-B777-624E95F3D442} [2012.05.27 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A7C9C192-28A4-43AD-8657-3F9B9AD0136C} [2012.05.27 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2AC8C6E5-FEBF-43C4-B6D5-B3A3DFD3F940} [2012.05.27 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A869FAF9-A86B-4BF4-9449-CCF243D1DE35} [2012.05.26 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{30715781-965E-4D55-8151-F30F02592B5E} [2012.05.26 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7CDC169F-F11D-40D6-8238-3096F5CFB260} [2012.05.26 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{733249B1-4B4C-4E7A-BE83-599F1078C63C} [2012.05.26 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{731D53D4-65C2-40E5-8EE8-89DE9112012F} [2012.05.25 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FC37021C-9691-49AC-8D99-FFF281ED82A9} [2012.05.25 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{297FEBBD-841F-4D13-BF68-1C51729C6FFC} [2012.05.25 17:25:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3A061B7-23F6-43BD-99DA-7353236F0AF8} [2012.05.25 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED10AE4E-1F6A-4AC8-AF71-50787C8C4765} [2012.05.25 17:18:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B36A1745-1B75-41AC-9484-FE4FD5D979D5} [2012.05.25 10:05:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CCF34A4F-51BA-473C-990C-B9C70D1407EB} [2012.05.25 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1E7C331-9645-4A66-83E2-1B976B0B9C83} [2012.05.24 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\Outlook-Dateien [2012.05.24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E9D48A18-40B6-49F5-A0D5-5BDC643009AD} [2012.05.24 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1707611-4F50-4123-9830-F098D75EA06C} [2012.05.24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D4D96CC-8F4C-4164-A930-F122634ABA3F} [2012.05.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{028C8DBE-8C31-475B-B954-99D4DA1E92D0} [2012.05.23 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{72FD4A28-3B84-4F66-8783-D3EA31F8238E} [2012.05.23 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB95AF26-5746-4317-9987-49441EE7CE67} [2012.05.22 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Fotobuch screenshots [2012.05.22 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CE5F9612-F1CE-4E57-B581-B47C1B3E2027} [2012.05.22 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{358BF8BD-2E8C-4D65-B3F3-03DBB6825280} [2012.05.21 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D3A5E67B-9AA8-4A68-B16D-6F8DA9F9E770} [2012.05.21 08:49:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53816118-0DBA-47F4-8218-04DF976DE8BC} [2012.05.20 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3B3184D-3ADF-457E-B060-6A353D1E1862} [2012.05.20 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64DD1566-429F-4725-9528-3BD48C394807} [2012.05.19 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E2B2F258-B9D8-4BB3-8BF6-9D5FE146D6B1} [2012.05.19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A4807FA-BC3E-40FE-9D56-2965F7092B8E} [2012.05.19 10:49:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{65829C0E-3DD2-4445-A18E-C1D69A826AC1} [2012.05.19 10:49:46 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B0CAE6FB-6CDD-41C9-B17C-4EDA9A35AFB1} [2012.05.19 10:20:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F238CA0-CC66-4561-8C86-DE833726C082} [2012.05.19 10:19:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B708D32B-0A79-4A72-8765-DFFA65A50DB7} [2012.05.18 22:42:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FF7E2E0B-60BE-43B6-AF47-9AAB33449487} [2012.05.18 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{95E3847B-119F-4DD2-B3F5-F14312CDD449} [2012.05.18 21:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.18 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.18 21:50:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AAED0176-2F73-4F88-8DB1-7C4D560F6E72} [2012.05.18 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64C4FA4A-0B42-4BCF-9187-457CF28BF424} [2012.05.18 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2E5AEE87-E27F-4EEF-A354-4B7DF8CD93F8} [2012.05.18 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E0AA62AC-D028-4700-A1CF-572FC383BB92} [2012.05.18 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8AF9130-D0C4-4F16-A2A5-3F210B07AF82} [2012.05.18 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7B61B503-3EE7-480A-BC63-A07928153E83} [2012.05.17 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B84FC4-84D0-40F7-9753-D530474498FD} [2012.05.17 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0C21AD88-B114-4057-A23F-CEFAB6B16C8C} [2012.05.16 20:41:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E175EA24-EC93-4795-83BD-930CF4CF9295} [2012.05.16 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{101363F6-4850-44F5-BD7C-A540431C1B7F} [2012.05.15 19:23:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CF39A5E8-B3C5-4ADF-9C18-7329D8D5159B} [2012.05.15 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F3BDE033-C33B-4824-93C8-17A9074A0535} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe [2012.06.13 22:45:36 | 000,050,477 | ---- | M] () -- C:\Users\HP Berlin\Desktop\Defogger.exe [2012.06.13 22:40:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 22:07:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.13 18:27:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:27:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:26:38 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 18:26:38 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 18:26:38 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 18:26:38 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 18:26:38 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 18:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 18:19:24 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.06.09 20:12:36 | 001,757,754 | ---- | M] () -- C:\Users\HP Berlin\Desktop\phishing.psd [2012.05.26 12:43:35 | 000,000,340 | ---- | M] () -- C:\Users\HP Berlin\Desktop\CD-Laufwerk - Verknüpfung.lnk [2012.05.25 17:16:14 | 001,740,203 | ---- | M] () -- C:\Users\HP Berlin\Desktop\04 Choral _ In Dir ist Freude.mp3 [2012.05.25 17:15:29 | 018,738,834 | ---- | M] () -- C:\Users\HP Berlin\Desktop\BBIS - End Of The Year Celebration - 5c.zip [2012.05.18 21:52:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 22:45:35 | 000,050,477 | ---- | C] () -- C:\Users\HP Berlin\Desktop\Defogger.exe [2012.06.13 22:40:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.09 20:12:36 | 001,757,754 | ---- | C] () -- C:\Users\HP Berlin\Desktop\phishing.psd [2012.05.26 12:43:35 | 000,000,340 | ---- | C] () -- C:\Users\HP Berlin\Desktop\CD-Laufwerk - Verknüpfung.lnk [2012.05.25 17:15:28 | 018,738,834 | ---- | C] () -- C:\Users\HP Berlin\Desktop\BBIS - End Of The Year Celebration - 5c.zip [2012.05.18 21:52:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.23 21:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 16:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 16:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 16:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 16:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 16:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 16:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 16:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 16:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 16:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 16:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 16:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 16:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 16:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 16:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 16:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.10.14 21:08:49 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.06.15 20:57:35 | 000,005,120 | ---- | C] () -- C:\Users\HP Berlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report > +++++++++++++++++++++++++ OTL Extras logfile created on: 13.06.2012 22:47:25 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 56,43% Memory free 11,90 Gb Paging File | 7,97 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 512,68 Gb Free Space | 74,94% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 158,10 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive O: | 1396,92 Gb Total Space | 933,09 Gb Free Space | 66,80% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*  esigner.exe -- ()"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:* esigner.exe -- ()========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A6723F1-3AA5-4178-A134-378DFD45C9DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2F5FB749-1B56-4F53-8ADB-1AE77AC19E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{30F7E1EA-4ACC-4B21-90F4-3266647E4E0B}" = lport=139 | protocol=6 | dir=in | app=system | "{37982EEA-E668-4804-983F-16B4ECADA90A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3FE195CA-DACC-45C3-A17B-B519D76A3FA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{445CAABC-9528-4371-BE02-38A95611AD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46198814-B7C6-442B-84A0-9915B1F345AF}" = lport=10243 | protocol=6 | dir=in | app=system | "{4F7C2CFA-DF80-45BF-A619-7FD42A20FF3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{57C75115-701B-4DDB-A8D3-C6C2FC0E73F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5C139211-916A-4472-B674-4F9588905141}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{66C05EB8-41FA-432B-978B-F81DD97BD24C}" = lport=445 | protocol=6 | dir=in | app=system | "{73AB7051-BCB8-4F39-8850-013CBE62F07E}" = rport=139 | protocol=6 | dir=out | app=system | "{7B127F56-E23A-40B6-A3E1-0BFBE18201C4}" = lport=137 | protocol=17 | dir=in | app=system | "{7B8EB3BD-48B0-410B-BB7B-729068BF66AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7B915E9C-D0BD-497E-96FC-7D73C7A094F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EAF5E7C-22AA-425E-9236-D9AE254B7768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{893E1496-5BAF-4611-B4F3-35F6958A15AF}" = rport=445 | protocol=6 | dir=out | app=system | "{A11796D3-B610-4572-B96B-B5733AD49081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A789C1F8-BDA6-4E11-AB15-94B64B29EAEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B99B63A6-6704-4806-A31A-CBD27FF86385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C46FD838-F370-4FB8-9BBD-BFE2BB3D21AE}" = rport=138 | protocol=17 | dir=out | app=system | "{D570279A-C23E-45E3-98B9-6293B8109E35}" = rport=137 | protocol=17 | dir=out | app=system | "{D83548CD-891C-4AF8-A147-227D4CEEBE80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3DCE4C2-A6BA-40DF-A559-C756A07A84E2}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC62FB21-724A-4002-8F9B-45D678464F21}" = rport=10243 | protocol=6 | dir=out | app=system | "{FF93FBAD-D33D-44A0-8823-5E1F2B265085}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00426580-9ED5-4086-84F4-BCD2D955E7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{04157473-AD19-427C-A1EC-E2E2B8A5B405}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | "{06011756-9F1E-488C-8488-0BEFA68DB070}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{0E644D02-DA0A-4740-97A5-1DFC549EBB46}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | "{1038B6B3-8008-4289-91FA-BB024639C61F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1246896F-3FB6-4B4A-AE7E-76A6D712B4BD}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | "{49D25E51-A077-455D-BBFD-EFDDE6F92F4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4A6B2281-4B33-4A87-B3D4-C1FC43DEAEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5D9632EA-5BF4-47E5-BA2E-A24ADBA0F1EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{62C37E21-43C8-45B1-9CCF-948FC7DC5C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6FD5C595-8E48-45E4-ABD5-E063803224B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{73E77AE3-AB57-48D1-A9EC-557C04A8C3F3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | "{75E23F31-B9E5-4DB8-AFFF-79297D1D67F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7AC716B8-197A-465E-A9B9-04815AC0B2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88EE2069-9573-4CF0-9FA2-B178C3A5849E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{89F109EA-945C-48CA-8C36-1810DD70A418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BB68255-F14C-48C0-A050-AA89F03C896A}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | "{9ACDEE99-9124-4EFE-B3AA-AF8F9D5BE477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9D04A4BE-A3FB-40C5-B433-60432A99EA17}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | "{9E39D92A-B621-4941-AE43-902B9C4FBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F5CD7B7-9201-45E5-942F-F93CAA8E8ECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9FFDAA89-1AB4-46DC-B94C-8FFE4C74FB54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AD814EF6-5D1A-427D-8497-13D08AA46E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ADAAE05A-71EB-4674-A1C2-72D8370ED6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C5F1BEA8-0071-44F1-AA8A-E83DBF173EED}" = protocol=6 | dir=out | app=system | "{CA37F01F-C9E8-4534-BE0C-5819A8AB164F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CBFBAAD6-7115-40EE-94B9-9CE0054EF007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD11C58A-E577-48D9-B13F-31E458643A14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D112E899-0A10-4EDF-8B84-7032A3705F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{DD37C8FA-FBA3-4D7C-BEEC-AED4EB6E5D57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EEA85D8E-D5B6-489E-A41B-6642922D4302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8AC9631-8608-4EEB-A96B-B424083CC915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{102458A7-93BA-4D2D-B502-45DF3BB2900A}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "TCP Query User{84C1C32E-56CB-4A32-B885-A62A7503272E}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | "TCP Query User{A5A45BC6-9DCF-4B5B-A37A-EA078AEC33B8}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "TCP Query User{E52E0D2E-1531-4222-BDA3-D944DD821488}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | "UDP Query User{541FCEAC-C572-4E00-962C-F65FB624CE20}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | "UDP Query User{7DC7B10E-DB97-4F83-88FD-6ECF7E8525C0}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | "UDP Query User{E869A862-D593-4352-B36B-50FBC58E2511}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "UDP Query User{FA483786-E7FA-404E-9D26-E6AC6A497359}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu "{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10 "{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0 "{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007 "PC-Doctor for Windows" = Hardwarediagnosetools "PremElem100" = Adobe Premiere Elements 10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj "{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8 "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only) "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{ADFB7C0D-854E-4FDA-8861-9447F182AEF9}" = Dynamic Draw 5.4 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers) "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8781-9705-0578-2960" = Medienmanager 1.3.0 "8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1" = Accord CD Ripper Free 6.3.2 "Adobe AIR" = Adobe AIR "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10 "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "Astrorix Gold" = Astrorix Gold "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode) "Aura Video Converter_is1" = Aura Video Converter 1.2.3 "Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Carlton Books Demo" = Carlton Books Demo "CassetteMate" = CassetteMate "Cell_Biology_Interactive" = Cell Biology Interactive "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CSCLIB" = Canon Camera Support Core Library "Cuber Extreme" = Cuber Extreme "Designer 2.0_is1" = Designer 2.0 "EasyBits Magic Desktop" = Magic Desktop "EOS Utility" = Canon Utilities EOS Utility "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "FFsim" = Feuerwehr-Simulator 2010 "Free 3D Video Maker_is1" = Free 3D Video Maker version 1.0.1.426 "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Audio Converter_is1" = Free Audio Converter version 2.2.9 "Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602 "Free Video Dub_is1" = Free Video Dub version 1.8.12.602 "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602 "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.25.602 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "HijackThis" = HijackThis 2.0.2 "HP Remote Solution" = HP Remote Solution "InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "IrfanView" = IrfanView (remove only) "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MultitrackStudio_is1" = MultitrackStudio Lite 6.0 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PDF reDirect" = PDF reDirect (remove only) "PhotoStitch" = Canon Utilities PhotoStitch "PixelNet Foto Client" = PixelNet Foto Client 4.8 "Rainlendar2" = Rainlendar2 (remove only) "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 12.0" = RealPlayer "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Scratch" = Scratch "StarBall_is1" = Star Ball "TeamViewer 5" = TeamViewer 5 "TFA_Nexus" = TFA_Nexus "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.10 "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent-Spiele "WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite" = Windows Live Essentials "Winsyntax" = Winsyntax 2.0 "WMBackup-BackupfürWindowsMail" = WMBackup - Windows Mail Backup "WS_FTP Pro" = Ipswitch WS_FTP Pro "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.06.2012 14:20:31 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 09.06.2012 14:20:31 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.06.2012 07:09:06 | Computer Name = HPBerlin-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7b0 Startzeit: 01cd46de4b934026 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: b0145009-b2ec-11e1-b46b-841cc42f7090 Error - 10.06.2012 18:13:49 | Computer Name = HPBerlin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: designer.exe, Version: 0.0.0.0, Zeitstempel: 0x4ec50df4 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.3.3.0, Zeitstempel: 0x475599d5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000acf7 ID des fehlerhaften Prozesses: 0x283c Startzeit der fehlerhaften Anwendung: 0x01cd473c88738bd5 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\fotobuch\Designer 2.0\designer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\fotobuch\Designer 2.0\QtCore4.dll Berichtskennung: 8d509e00-b349-11e1-8fb3-aae99c273e92 Error - 12.06.2012 17:22:00 | Computer Name = HPBerlin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avgnt.exe, Version: 10.0.13.18, Zeitstempel: 0x4beab9be Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015146 ID des fehlerhaften Prozesses: 0xf7c Startzeit der fehlerhaften Anwendung: 0x01cd48e14b4782ba Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a5157435-b4d4-11e1-820e-ed0319ecffe2 Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 05.06.2012 02:54:52 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.06.2012 11:50:29 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10005 Description = Error - 07.06.2012 11:50:28 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 07.06.2012 11:50:29 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 09.06.2012 12:48:47 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 09.06.2012 14:17:36 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10016 Description = Error - 09.06.2012 14:17:36 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10016 Description = Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10005 Description = Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > ++++++++++++++++++++++++++ Jetzt wisst ihr alles über mich... shopgirl86 |
|
14.06.2012, 07:12
| #2 |
  |  99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi,
__________________von einem sauberen Rechner aus alles Paswörter (Ebay, Amazon etc.) ändern! Fix für OTL:
 Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Ebefuqkuub] C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
[2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab
[2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Ewse
[2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Biyva
:Commands
[emptytemp]
[Reboot]
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
|
14.06.2012, 17:42
| #3 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hallo,
__________________danke, dass du dich des Problems angenommen hast. Hier mal die Sache mit OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ebefuqkuub deleted successfully.
C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
C:\Users\HP Berlin\AppData\Roaming\Undoab folder moved successfully.
C:\Users\HP Berlin\AppData\Roaming\Ewse folder moved successfully.
C:\Users\HP Berlin\AppData\Roaming\Biyva folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: HP Berlin
->Temp folder emptied: 1793729469 bytes
->Temporary Internet Files folder emptied: 1164206065 bytes
->Java cache emptied: 21948826 bytes
->Flash cache emptied: 225126 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 308416312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 19410207648 bytes
Total Files Cleaned = 21.647,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_181231
Files\Folders moved on Reboot...
C:\Users\HP Berlin\AppData\Local\Temp\Low\VGXA313.tmp moved successfully.
C:\Users\HP Berlin\AppData\Local\Temp\Low\VGXA3A1.tmp moved successfully.
C:\Users\HP Berlin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\HP Berlin\AppData\Local\Temp\~DF4D0782B051F7875D.TMP not found!
File\Folder C:\Users\HP Berlin\AppData\Local\Temp\~DFCDF8DE05D694EBC6.TMP not found!
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QNR25CHJ\117294-99-tans-abfrage-trojaner-exploit-drop-3p[1].html moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QNR25CHJ\12[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QNR25CHJ\facebook_com[6].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKM19ZSN\ads[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6G7AGX6\ads[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVBZX0BI\4-Das-BZ-Forum[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVBZX0BI\ai[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVBZX0BI\render[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVBZX0BI\si[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CCJS1KRD\activityi;src=3418202;type=landi605;cat=landi112;u20=DE;u4=;u2=Berlin;ord=198454822844[1].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3270JNZL\ai[2].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18JS0VJE\berlin[5].htm moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18JS0VJE\PIE[1].htc moved successfully.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18JS0VJE\si[1].htm moved successfully.
Registry entries deleted on Reboot...
|
|
15.06.2012, 06:46
| #4 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi, bitten noch das Log von MAM posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
15.06.2012, 08:06
| #5 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P na klar ;-) das hat nur länger gedauert, wie du eh am log siehst. hier ists: +++++++++++ Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 14.06.2012 18:42:51 mbam-log-2012-06-14 (18-42-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1243262 Laufzeit: 5 Stunde(n), 10 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ++++++++++++++ ist er jetzt weider sauber? *hoff* danke, shopgirl86 |
|
15.06.2012, 21:10
| #6 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi, sieht gut aus, erstelle und poste nochmal ein neues OTL-Log... chris
__________________ --> 99 TANs Abfrage, Trojaner / Exploit.Drop.3P |
|
15.06.2012, 22:27
| #7 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P hier das neue log von otl: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2012 23:18:14 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 70,16% Memory free 11,90 Gb Paging File | 9,29 Gb Available in Paging File | 78,06% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 533,98 Gb Free Space | 78,05% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 165,30 Gb Free Space | 23,66% Space Free | Partition Type: NTFS Drive L: | 3,69 Gb Total Space | 1,50 Gb Free Space | 40,72% Space Free | Partition Type: FAT32 Drive O: | 1396,92 Gb Total Space | 933,09 Gb Free Space | 66,80% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe PRC - [2012.05.05 09:58:41 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 20:53:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 20:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 14:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll MOD - [2012.04.14 12:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2012.02.12 00:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.08.14 08:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.08.14 08:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.08.14 08:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.08.14 08:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.08.14 08:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.06.10 23:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 08:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.29 08:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 08:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.10.20 10:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 16:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 20:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 22:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7AE09C-7813-4011-8037-998009C97D5C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk O:\ O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 09:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{27B777CF-3248-406B-A7B8-DE8E4B996FFA} [2012.06.14 22:32:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\AntiSpyware [2012.06.14 19:08:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F77815C2-9F64-4410-B709-A9FE18846751} [2012.06.14 19:08:27 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8372F9F-8B69-4653-B30C-464046C9B6F3} [2012.06.14 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab [2012.06.14 18:12:31 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52FD6A03-42F1-4F44-ACDC-3E8BA288BBAF} [2012.06.14 18:07:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1726ED0D-92EC-4721-9812-4E2B098A22F4} [2012.06.13 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C93530E5-4112-45E0-9229-CDA6C01125DD} [2012.06.13 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{21E384F2-1F97-4576-83DF-C2B7D85EAB7E} [2012.06.13 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Malwarebytes [2012.06.13 22:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B2A4A19C-E7D8-4EF2-ABE9-4C201E118809} [2012.06.13 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{41F77355-F864-4FA6-8812-1EFFD7126EC2} [2012.06.13 06:36:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DA17AF1B-14B8-417C-BCCD-B881CA8436A8} [2012.06.13 06:35:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED1F678F-C728-4640-B9FD-B39754FFCA78} [2012.06.12 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F994948-BD6F-4D86-9135-715B53E8D721} [2012.06.12 23:29:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F6AA7D4-9E2F-405D-B3EC-753434113481} [2012.06.12 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{05B08539-25FE-428D-909D-5D7B86A2BAAD} [2012.06.12 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E88E47CE-38CF-4F45-86B3-C90ADFAF861B} [2012.06.10 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7F4E82B1-2049-45A4-B1B7-A83618448794} [2012.06.10 19:30:14 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8AE92015-331C-4604-BD8A-EDE4B2B0B0C3} [2012.06.10 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89C6D965-B28D-4542-8530-85E13087D1FD} [2012.06.10 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{702E4C6B-5F5E-4FEE-BE17-51BC69E6794F} [2012.06.09 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{91E4E777-C8DC-4E3B-8024-41DF27EE66E5} [2012.06.09 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{588ADE41-B615-4F70-819D-4962D6012482} [2012.06.08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D280BC7C-107F-4C21-ACEB-1039DC55E5AD} [2012.06.08 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB3B61D4-5CBC-4CFE-8EE9-4647CE3780AE} [2012.06.08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{78A2691D-E025-44AE-BF6E-9B49F5149DE7} [2012.06.08 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{751D5D4B-D3F7-45E5-A61B-600E777E6BDE} [2012.06.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1A9FD92E-594B-4E9A-BD20-C45AD61C7F4E} [2012.06.08 08:48:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D0F561B-C136-4689-B399-2845EB1EE1B6} [2012.06.07 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{02C4F674-D42B-4B1F-A94A-99320018BD9F} [2012.06.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{99DD9D9A-D31A-4C62-8146-5F1B55EEC496} [2012.06.07 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A13B247E-7B0D-40E4-A69E-9D791663E3EE} [2012.06.07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BB853429-FE7E-470E-A2B4-248E014BA900} [2012.06.07 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C4C4AFB1-5CCA-4085-B6A2-B05174C15FD7} [2012.06.07 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8561BFDB-C767-4186-BF32-D74249563EEC} [2012.06.06 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A591E71-0880-4ADA-817D-1457972FA3B6} [2012.06.06 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1D66E8A-EBB6-4F05-AE9D-9A24F1149EBA} [2012.06.05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{016C9C0C-991F-4D39-AD45-47A997C95C08} [2012.06.05 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C33FE34C-AF6F-486C-AA71-4DE3F0DB4DD3} [2012.06.04 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B6FCFFDA-4145-4769-8A15-66D14AB119C8} [2012.06.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{44B1CA05-B2C6-43FE-B56E-56104DAC47A9} [2012.06.04 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52AD2894-91E1-4190-BF45-98E40C30FAC8} [2012.06.04 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B1FF7ABB-C49F-468F-A1E1-A2E6CE78C504} [2012.06.03 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{29D41DA3-3E48-463B-90FF-CB6C38B4C7A6} [2012.06.03 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{967F496F-F5B9-417E-98D6-871F062DCCCF} [2012.06.02 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{36CD9A83-08E9-46A0-B376-B14892821461} [2012.06.02 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{70651EC8-F7E3-4D92-A738-0B090CF715C2} [2012.06.01 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7E71045-3DCC-4D5F-868A-5A48934787E0} [2012.06.01 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B68912-AB2E-44BD-9D91-0F48FA173519} [2012.06.01 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B3A08925-89DC-4B51-A740-7DD18A761801} [2012.06.01 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C07747A3-E4BC-4C7B-95E0-AF81A6C13FB6} [2012.06.01 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C2CCB5B9-70DC-4F10-9ADF-BE8DE68AFF2B} [2012.06.01 10:06:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4DEEEBA4-1C84-4BAF-B321-0BD05E6F70B4} [2012.05.31 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9DBDA530-5DF4-45BB-BB8D-0365245384A1} [2012.05.31 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3A9499E8-D511-4C1E-A9D5-47A826963D11} [2012.05.29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{83D68B42-0980-46CC-B31C-034FFD0F0CBB} [2012.05.29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C6B222DA-5B5A-41B9-813D-E6B369F2B75F} [2012.05.28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6EF1CB32-E1C9-4D56-9F73-32663AFB2B7F} [2012.05.28 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{07A341F8-87EB-4F20-93A5-1EBE08D4B3D8} [2012.05.28 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{79DA05FE-0279-49C7-A867-9099207194C9} [2012.05.28 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{03AFFF09-7587-457C-883F-9602CC93DACF} [2012.05.28 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5297AF-3B92-4E4B-9F26-540468A6E08A} [2012.05.28 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B0C219A-7FA1-4678-B254-3A007B309DB5} [2012.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1A7149E-C5AC-493B-B777-624E95F3D442} [2012.05.27 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A7C9C192-28A4-43AD-8657-3F9B9AD0136C} [2012.05.27 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2AC8C6E5-FEBF-43C4-B6D5-B3A3DFD3F940} [2012.05.27 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A869FAF9-A86B-4BF4-9449-CCF243D1DE35} [2012.05.26 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{30715781-965E-4D55-8151-F30F02592B5E} [2012.05.26 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7CDC169F-F11D-40D6-8238-3096F5CFB260} [2012.05.26 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{733249B1-4B4C-4E7A-BE83-599F1078C63C} [2012.05.26 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{731D53D4-65C2-40E5-8EE8-89DE9112012F} [2012.05.25 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FC37021C-9691-49AC-8D99-FFF281ED82A9} [2012.05.25 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{297FEBBD-841F-4D13-BF68-1C51729C6FFC} [2012.05.25 17:25:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3A061B7-23F6-43BD-99DA-7353236F0AF8} [2012.05.25 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED10AE4E-1F6A-4AC8-AF71-50787C8C4765} [2012.05.25 17:18:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B36A1745-1B75-41AC-9484-FE4FD5D979D5} [2012.05.25 10:05:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CCF34A4F-51BA-473C-990C-B9C70D1407EB} [2012.05.25 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1E7C331-9645-4A66-83E2-1B976B0B9C83} [2012.05.24 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\Outlook-Dateien [2012.05.24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E9D48A18-40B6-49F5-A0D5-5BDC643009AD} [2012.05.24 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1707611-4F50-4123-9830-F098D75EA06C} [2012.05.24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D4D96CC-8F4C-4164-A930-F122634ABA3F} [2012.05.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{028C8DBE-8C31-475B-B954-99D4DA1E92D0} [2012.05.23 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{72FD4A28-3B84-4F66-8783-D3EA31F8238E} [2012.05.23 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB95AF26-5746-4317-9987-49441EE7CE67} [2012.05.22 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Fotobuch screenshots [2012.05.22 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CE5F9612-F1CE-4E57-B581-B47C1B3E2027} [2012.05.22 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{358BF8BD-2E8C-4D65-B3F3-03DBB6825280} [2012.05.21 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D3A5E67B-9AA8-4A68-B16D-6F8DA9F9E770} [2012.05.21 08:49:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53816118-0DBA-47F4-8218-04DF976DE8BC} [2012.05.20 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3B3184D-3ADF-457E-B060-6A353D1E1862} [2012.05.20 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64DD1566-429F-4725-9528-3BD48C394807} [2012.05.19 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E2B2F258-B9D8-4BB3-8BF6-9D5FE146D6B1} [2012.05.19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A4807FA-BC3E-40FE-9D56-2965F7092B8E} [2012.05.19 10:49:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{65829C0E-3DD2-4445-A18E-C1D69A826AC1} [2012.05.19 10:49:46 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B0CAE6FB-6CDD-41C9-B17C-4EDA9A35AFB1} [2012.05.19 10:20:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F238CA0-CC66-4561-8C86-DE833726C082} [2012.05.19 10:19:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B708D32B-0A79-4A72-8765-DFFA65A50DB7} [2012.05.18 22:42:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FF7E2E0B-60BE-43B6-AF47-9AAB33449487} [2012.05.18 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{95E3847B-119F-4DD2-B3F5-F14312CDD449} [2012.05.18 21:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.18 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.18 21:50:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AAED0176-2F73-4F88-8DB1-7C4D560F6E72} [2012.05.18 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64C4FA4A-0B42-4BCF-9187-457CF28BF424} [2012.05.18 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2E5AEE87-E27F-4EEF-A354-4B7DF8CD93F8} [2012.05.18 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E0AA62AC-D028-4700-A1CF-572FC383BB92} [2012.05.18 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8AF9130-D0C4-4F16-A2A5-3F210B07AF82} [2012.05.18 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7B61B503-3EE7-480A-BC63-A07928153E83} [2012.05.17 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B84FC4-84D0-40F7-9753-D530474498FD} [2012.05.17 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0C21AD88-B114-4057-A23F-CEFAB6B16C8C} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.15 23:17:24 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.15 23:17:24 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.15 23:17:24 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.15 23:17:24 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.15 23:17:24 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.15 23:10:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 23:10:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 23:07:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 23:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 23:02:01 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 23:15:56 | 000,000,000 | ---- | M] () -- C:\Users\HP Berlin\defogger_reenable [2012.05.18 21:52:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 23:15:56 | 000,000,000 | ---- | C] () -- C:\Users\HP Berlin\defogger_reenable [2012.05.18 21:52:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.23 21:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 16:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 16:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 16:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 16:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 16:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 16:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 16:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 16:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 16:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 16:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 16:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 16:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 16:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 16:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 16:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.10.14 21:08:49 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2010.08.31 10:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.05.18 10:20:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > das extras file hat er nicht neu angelegt? kann das sein? danke, shopgirl86 |
|
15.06.2012, 22:51
| #8 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi, hmm, da ist noch was faul/gefällt mir nicht...(ein Verzeichnis ist wieder aufgetaucht und die vielen CLS-IDs)... In den abgesicherten Modus (F8 beim Booten drücken) und dann CF laufen lassen: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
16.06.2012, 11:09
| #9 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P hier das logfile: Code:
ATTFilter ComboFix 12-06-15.06 - HP Berlin 16.06.2012 11:33:00.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.8183.6024 [GMT 2:00]
ausgeführt von:: c:\users\HP Berlin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\HP Berlin\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
K:\Autorun.inf
O:\Autorun.inf
O:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-16 bis 2012-06-16 ))))))))))))))))))))))))))))))
.
.
2012-06-14 16:13 . 2012-06-14 16:13 -------- d-----w- c:\users\HP Berlin\AppData\Roaming\Undoab
2012-06-14 16:12 . 2012-06-14 16:12 -------- d-----w- C:\_OTL
2012-06-13 20:40 . 2012-06-13 20:40 -------- d-----w- c:\users\HP Berlin\AppData\Roaming\Malwarebytes
2012-06-13 20:40 . 2012-06-13 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 20:40 . 2012-06-13 20:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 20:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 19:52 . 2012-05-18 19:52 -------- d-----w- c:\program files\iPod
2012-05-18 19:52 . 2012-05-18 19:52 -------- d-----w- c:\program files\iTunes
2012-05-18 19:52 . 2012-05-18 19:52 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 07:58 . 2012-04-14 07:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 07:58 . 2011-08-17 07:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TVTip"="c:\programme\TV Movie\TV Movie ClickFinder\tvstart.exe" [2010-07-29 102400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 835224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-07-01 6951680]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-07-01 56064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2012-2-11 2430464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2010-10-14 4562944]
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
Spamihilator.lnk - c:\program files (x86)\Spamihilator\spamihilator.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/24 16:32];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 18:45 146928]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2010-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"combofix"="c:\combofix\CF3004.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cell_Biology_Interactive - c:\windows\iun6002.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\programme\TV Movie\TV Movie ClickFinder\tvtip.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-16 11:50:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-16 09:50
.
Vor Suchlauf: 9 Verzeichnis(se), 572.917.088.256 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 572.642.021.376 Bytes frei
.
- - End Of File - - 0D66F37B31B1EB28711DB67C82794D17
und gleich noch mal otl, falls du das brauchst: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2012 12:01:00 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 72,90% Memory free 11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 533,39 Gb Free Space | 77,96% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 161,71 Gb Free Space | 23,15% Space Free | Partition Type: NTFS Drive K: | 931,28 Gb Total Space | 501,26 Gb Free Space | 53,82% Space Free | Partition Type: FAT32 Drive O: | 1396,92 Gb Total Space | 924,69 Gb Free Space | 66,20% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe PRC - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 20:53:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 20:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 14:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll MOD - [2012.04.14 12:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2012.02.12 00:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.08.14 08:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.08.14 08:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.08.14 08:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.08.14 08:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.08.14 08:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.08.14 08:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 08:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.29 08:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 08:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 16:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 20:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 22:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2012.06.16 11:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7AE09C-7813-4011-8037-998009C97D5C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 11:50:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.16 11:44:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.16 11:30:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.16 11:30:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.16 11:30:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.16 11:28:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.16 11:28:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.16 11:28:14 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\HP Berlin\Desktop\ComboFix.exe [2012.06.15 09:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{27B777CF-3248-406B-A7B8-DE8E4B996FFA} [2012.06.14 22:32:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\AntiSpyware [2012.06.14 19:08:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F77815C2-9F64-4410-B709-A9FE18846751} [2012.06.14 19:08:27 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8372F9F-8B69-4653-B30C-464046C9B6F3} [2012.06.14 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab [2012.06.14 18:12:31 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52FD6A03-42F1-4F44-ACDC-3E8BA288BBAF} [2012.06.14 18:07:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1726ED0D-92EC-4721-9812-4E2B098A22F4} [2012.06.13 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C93530E5-4112-45E0-9229-CDA6C01125DD} [2012.06.13 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{21E384F2-1F97-4576-83DF-C2B7D85EAB7E} [2012.06.13 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Malwarebytes [2012.06.13 22:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B2A4A19C-E7D8-4EF2-ABE9-4C201E118809} [2012.06.13 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{41F77355-F864-4FA6-8812-1EFFD7126EC2} [2012.06.13 06:36:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DA17AF1B-14B8-417C-BCCD-B881CA8436A8} [2012.06.13 06:35:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED1F678F-C728-4640-B9FD-B39754FFCA78} [2012.06.12 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F994948-BD6F-4D86-9135-715B53E8D721} [2012.06.12 23:29:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F6AA7D4-9E2F-405D-B3EC-753434113481} [2012.06.12 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{05B08539-25FE-428D-909D-5D7B86A2BAAD} [2012.06.12 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E88E47CE-38CF-4F45-86B3-C90ADFAF861B} [2012.06.10 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7F4E82B1-2049-45A4-B1B7-A83618448794} [2012.06.10 19:30:14 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8AE92015-331C-4604-BD8A-EDE4B2B0B0C3} [2012.06.10 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89C6D965-B28D-4542-8530-85E13087D1FD} [2012.06.10 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{702E4C6B-5F5E-4FEE-BE17-51BC69E6794F} [2012.06.09 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{91E4E777-C8DC-4E3B-8024-41DF27EE66E5} [2012.06.09 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{588ADE41-B615-4F70-819D-4962D6012482} [2012.06.08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D280BC7C-107F-4C21-ACEB-1039DC55E5AD} [2012.06.08 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB3B61D4-5CBC-4CFE-8EE9-4647CE3780AE} [2012.06.08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{78A2691D-E025-44AE-BF6E-9B49F5149DE7} [2012.06.08 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{751D5D4B-D3F7-45E5-A61B-600E777E6BDE} [2012.06.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1A9FD92E-594B-4E9A-BD20-C45AD61C7F4E} [2012.06.08 08:48:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D0F561B-C136-4689-B399-2845EB1EE1B6} [2012.06.07 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{02C4F674-D42B-4B1F-A94A-99320018BD9F} [2012.06.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{99DD9D9A-D31A-4C62-8146-5F1B55EEC496} [2012.06.07 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A13B247E-7B0D-40E4-A69E-9D791663E3EE} [2012.06.07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BB853429-FE7E-470E-A2B4-248E014BA900} [2012.06.07 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C4C4AFB1-5CCA-4085-B6A2-B05174C15FD7} [2012.06.07 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8561BFDB-C767-4186-BF32-D74249563EEC} [2012.06.06 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A591E71-0880-4ADA-817D-1457972FA3B6} [2012.06.06 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1D66E8A-EBB6-4F05-AE9D-9A24F1149EBA} [2012.06.05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{016C9C0C-991F-4D39-AD45-47A997C95C08} [2012.06.05 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C33FE34C-AF6F-486C-AA71-4DE3F0DB4DD3} [2012.06.04 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B6FCFFDA-4145-4769-8A15-66D14AB119C8} [2012.06.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{44B1CA05-B2C6-43FE-B56E-56104DAC47A9} [2012.06.04 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52AD2894-91E1-4190-BF45-98E40C30FAC8} [2012.06.04 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B1FF7ABB-C49F-468F-A1E1-A2E6CE78C504} [2012.06.03 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{29D41DA3-3E48-463B-90FF-CB6C38B4C7A6} [2012.06.03 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{967F496F-F5B9-417E-98D6-871F062DCCCF} [2012.06.02 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{36CD9A83-08E9-46A0-B376-B14892821461} [2012.06.02 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{70651EC8-F7E3-4D92-A738-0B090CF715C2} [2012.06.01 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7E71045-3DCC-4D5F-868A-5A48934787E0} [2012.06.01 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B68912-AB2E-44BD-9D91-0F48FA173519} [2012.06.01 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B3A08925-89DC-4B51-A740-7DD18A761801} [2012.06.01 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C07747A3-E4BC-4C7B-95E0-AF81A6C13FB6} [2012.06.01 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C2CCB5B9-70DC-4F10-9ADF-BE8DE68AFF2B} [2012.06.01 10:06:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4DEEEBA4-1C84-4BAF-B321-0BD05E6F70B4} [2012.05.31 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9DBDA530-5DF4-45BB-BB8D-0365245384A1} [2012.05.31 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3A9499E8-D511-4C1E-A9D5-47A826963D11} [2012.05.29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{83D68B42-0980-46CC-B31C-034FFD0F0CBB} [2012.05.29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C6B222DA-5B5A-41B9-813D-E6B369F2B75F} [2012.05.28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6EF1CB32-E1C9-4D56-9F73-32663AFB2B7F} [2012.05.28 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{07A341F8-87EB-4F20-93A5-1EBE08D4B3D8} [2012.05.28 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{79DA05FE-0279-49C7-A867-9099207194C9} [2012.05.28 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{03AFFF09-7587-457C-883F-9602CC93DACF} [2012.05.28 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5297AF-3B92-4E4B-9F26-540468A6E08A} [2012.05.28 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B0C219A-7FA1-4678-B254-3A007B309DB5} [2012.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1A7149E-C5AC-493B-B777-624E95F3D442} [2012.05.27 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A7C9C192-28A4-43AD-8657-3F9B9AD0136C} [2012.05.27 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2AC8C6E5-FEBF-43C4-B6D5-B3A3DFD3F940} [2012.05.27 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A869FAF9-A86B-4BF4-9449-CCF243D1DE35} [2012.05.26 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{30715781-965E-4D55-8151-F30F02592B5E} [2012.05.26 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7CDC169F-F11D-40D6-8238-3096F5CFB260} [2012.05.26 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{733249B1-4B4C-4E7A-BE83-599F1078C63C} [2012.05.26 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{731D53D4-65C2-40E5-8EE8-89DE9112012F} [2012.05.25 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FC37021C-9691-49AC-8D99-FFF281ED82A9} [2012.05.25 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{297FEBBD-841F-4D13-BF68-1C51729C6FFC} [2012.05.25 17:25:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3A061B7-23F6-43BD-99DA-7353236F0AF8} [2012.05.25 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED10AE4E-1F6A-4AC8-AF71-50787C8C4765} [2012.05.25 17:18:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B36A1745-1B75-41AC-9484-FE4FD5D979D5} [2012.05.25 10:05:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CCF34A4F-51BA-473C-990C-B9C70D1407EB} [2012.05.25 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1E7C331-9645-4A66-83E2-1B976B0B9C83} [2012.05.24 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\Outlook-Dateien [2012.05.24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E9D48A18-40B6-49F5-A0D5-5BDC643009AD} [2012.05.24 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1707611-4F50-4123-9830-F098D75EA06C} [2012.05.24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D4D96CC-8F4C-4164-A930-F122634ABA3F} [2012.05.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{028C8DBE-8C31-475B-B954-99D4DA1E92D0} [2012.05.23 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{72FD4A28-3B84-4F66-8783-D3EA31F8238E} [2012.05.23 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB95AF26-5746-4317-9987-49441EE7CE67} [2012.05.22 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Fotobuch screenshots [2012.05.22 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CE5F9612-F1CE-4E57-B581-B47C1B3E2027} [2012.05.22 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{358BF8BD-2E8C-4D65-B3F3-03DBB6825280} [2012.05.21 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D3A5E67B-9AA8-4A68-B16D-6F8DA9F9E770} [2012.05.21 08:49:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53816118-0DBA-47F4-8218-04DF976DE8BC} [2012.05.20 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3B3184D-3ADF-457E-B060-6A353D1E1862} [2012.05.20 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64DD1566-429F-4725-9528-3BD48C394807} [2012.05.19 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E2B2F258-B9D8-4BB3-8BF6-9D5FE146D6B1} [2012.05.19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A4807FA-BC3E-40FE-9D56-2965F7092B8E} [2012.05.19 10:49:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{65829C0E-3DD2-4445-A18E-C1D69A826AC1} [2012.05.19 10:49:46 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B0CAE6FB-6CDD-41C9-B17C-4EDA9A35AFB1} [2012.05.19 10:20:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F238CA0-CC66-4561-8C86-DE833726C082} [2012.05.19 10:19:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B708D32B-0A79-4A72-8765-DFFA65A50DB7} [2012.05.18 22:42:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FF7E2E0B-60BE-43B6-AF47-9AAB33449487} [2012.05.18 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{95E3847B-119F-4DD2-B3F5-F14312CDD449} [2012.05.18 21:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.18 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.18 21:50:10 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.05.18 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AAED0176-2F73-4F88-8DB1-7C4D560F6E72} [2012.05.18 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64C4FA4A-0B42-4BCF-9187-457CF28BF424} [2012.05.18 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2E5AEE87-E27F-4EEF-A354-4B7DF8CD93F8} [2012.05.18 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E0AA62AC-D028-4700-A1CF-572FC383BB92} [2012.05.18 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8AF9130-D0C4-4F16-A2A5-3F210B07AF82} [2012.05.18 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7B61B503-3EE7-480A-BC63-A07928153E83} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 11:51:49 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 11:51:49 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 11:50:18 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.16 11:50:18 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.16 11:50:18 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.16 11:50:18 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.16 11:50:18 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.16 11:44:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.16 11:43:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 11:43:21 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 11:28:17 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\HP Berlin\Desktop\ComboFix.exe [2012.06.16 11:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.13 23:15:56 | 000,000,000 | ---- | M] () -- C:\Users\HP Berlin\defogger_reenable [2012.05.18 21:52:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.16 11:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.16 11:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.16 11:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.16 11:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.16 11:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.13 23:15:56 | 000,000,000 | ---- | C] () -- C:\Users\HP Berlin\defogger_reenable [2012.05.18 21:52:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.23 21:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 16:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 16:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 16:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 16:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 16:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 16:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 16:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 16:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 16:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 16:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 16:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 16:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 16:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 16:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 16:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini ========== LOP Check ========== [2010.08.31 10:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.05.18 10:20:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > danke, shopgirl86 |
|
18.06.2012, 07:07
| #10 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi, zur Sicherheit noch eine Überprüfung von zwei Files... Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.sys
c:\windows\SysWOW64\bgsvcgen.exe
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.06.2012, 08:43
| #11 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hallo, hier die ergebnisse: +++++ c:\windows\SysWOW64\bgsvcgen.exe +++++ SHA256: 24ff3254680e46b5f3822d26e9aa5020b4b9809ac7b4ff32d95b7d4ead808ad5 SHA1: 02f2cf9d63038a46243837e723224b00668aa55e MD5: acc9c8c560c567fad6f79c977ab2ea09 File size: 142.1 KB ( 145504 bytes ) File name: C:\Windows\SysWOW64\bgsvcgen.exe File type: Win32 EXE Detection ratio: 0 / 42 Analysis date: 2012-06-18 07:32:41 UTC ( 0 Minuten ago ) ++++++++++++++++++++++++ außerdem steht beim teufelchen eine 2 und beim engelchen eine 0. Die zweite Datei sehe ich zwar im Windows Explorer, aber nicht im Auswahlmenü vom Scanner (da sehe ich überhaupt nur 5 oder 6 Dateien in diesem Ordner), ich konnte sie daher nicht scannen lassen... Die Zugriffsberechtigungen kann ich dank W7 (obwohl Admin) auch nicht ändern, falls es daran liegt. Danke, shopgirl86 |
|
18.06.2012, 09:21
| #12 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi, kopiere den Pfad/Datei direkt in das Auswahlfenster von Virustotal... Code:
ATTFilter C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.sys
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.06.2012, 09:24
| #13 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P das habe ich schon versucht, geht nicht. wenn sich das fenster öffnet, wo ich die datei auswählen kann, kann ichs zwar reinkopieren, wenn ich dann aber auf "öffnen" klicke, meint windows, dass es diese datei nicht gibt. ich weiß aber, dass sie da ist... |
|
18.06.2012, 09:38
| #14 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hi,
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
winlogon.exe
userinit.exe
WS2_32.dll
WS2IFSL.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.06.2012, 10:31
| #15 |
| | 99 TANs Abfrage, Trojaner / Exploit.Drop.3P here it is: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2012 11:05:05 - Run 4 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,51% Memory free 11,90 Gb Paging File | 9,50 Gb Available in Paging File | 79,90% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 532,52 Gb Free Space | 77,84% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 161,70 Gb Free Space | 23,15% Space Free | Partition Type: NTFS Drive O: | 1396,92 Gb Total Space | 924,69 Gb Free Space | 66,20% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe PRC - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 20:53:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 20:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 08:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.29 08:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 08:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 16:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 20:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 22:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2012.06.16 11:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7AE09C-7813-4011-8037-998009C97D5C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files (x86)\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 09:27:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA3F48BE-67A0-4600-AAAC-A3C10A352B58} [2012.06.16 11:50:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.16 11:44:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.16 11:30:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.16 11:30:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.16 11:30:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.16 11:28:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.16 11:28:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.16 11:28:14 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\HP Berlin\Desktop\ComboFix.exe [2012.06.15 09:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{27B777CF-3248-406B-A7B8-DE8E4B996FFA} [2012.06.14 22:32:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\AntiSpyware [2012.06.14 19:08:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F77815C2-9F64-4410-B709-A9FE18846751} [2012.06.14 19:08:27 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8372F9F-8B69-4653-B30C-464046C9B6F3} [2012.06.14 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab [2012.06.14 18:12:31 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52FD6A03-42F1-4F44-ACDC-3E8BA288BBAF} [2012.06.14 18:07:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1726ED0D-92EC-4721-9812-4E2B098A22F4} [2012.06.13 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C93530E5-4112-45E0-9229-CDA6C01125DD} [2012.06.13 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{21E384F2-1F97-4576-83DF-C2B7D85EAB7E} [2012.06.13 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Malwarebytes [2012.06.13 22:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B2A4A19C-E7D8-4EF2-ABE9-4C201E118809} [2012.06.13 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{41F77355-F864-4FA6-8812-1EFFD7126EC2} [2012.06.13 06:36:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DA17AF1B-14B8-417C-BCCD-B881CA8436A8} [2012.06.13 06:35:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED1F678F-C728-4640-B9FD-B39754FFCA78} [2012.06.12 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F994948-BD6F-4D86-9135-715B53E8D721} [2012.06.12 23:29:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F6AA7D4-9E2F-405D-B3EC-753434113481} [2012.06.12 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{05B08539-25FE-428D-909D-5D7B86A2BAAD} [2012.06.12 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E88E47CE-38CF-4F45-86B3-C90ADFAF861B} [2012.06.10 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7F4E82B1-2049-45A4-B1B7-A83618448794} [2012.06.10 19:30:14 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8AE92015-331C-4604-BD8A-EDE4B2B0B0C3} [2012.06.10 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89C6D965-B28D-4542-8530-85E13087D1FD} [2012.06.10 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{702E4C6B-5F5E-4FEE-BE17-51BC69E6794F} [2012.06.09 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{91E4E777-C8DC-4E3B-8024-41DF27EE66E5} [2012.06.09 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{588ADE41-B615-4F70-819D-4962D6012482} [2012.06.08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D280BC7C-107F-4C21-ACEB-1039DC55E5AD} [2012.06.08 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB3B61D4-5CBC-4CFE-8EE9-4647CE3780AE} [2012.06.08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{78A2691D-E025-44AE-BF6E-9B49F5149DE7} [2012.06.08 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{751D5D4B-D3F7-45E5-A61B-600E777E6BDE} [2012.06.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1A9FD92E-594B-4E9A-BD20-C45AD61C7F4E} [2012.06.08 08:48:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D0F561B-C136-4689-B399-2845EB1EE1B6} [2012.06.07 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{02C4F674-D42B-4B1F-A94A-99320018BD9F} [2012.06.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{99DD9D9A-D31A-4C62-8146-5F1B55EEC496} [2012.06.07 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A13B247E-7B0D-40E4-A69E-9D791663E3EE} [2012.06.07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BB853429-FE7E-470E-A2B4-248E014BA900} [2012.06.07 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C4C4AFB1-5CCA-4085-B6A2-B05174C15FD7} [2012.06.07 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8561BFDB-C767-4186-BF32-D74249563EEC} [2012.06.06 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A591E71-0880-4ADA-817D-1457972FA3B6} [2012.06.06 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1D66E8A-EBB6-4F05-AE9D-9A24F1149EBA} [2012.06.05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{016C9C0C-991F-4D39-AD45-47A997C95C08} [2012.06.05 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C33FE34C-AF6F-486C-AA71-4DE3F0DB4DD3} [2012.06.04 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B6FCFFDA-4145-4769-8A15-66D14AB119C8} [2012.06.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{44B1CA05-B2C6-43FE-B56E-56104DAC47A9} [2012.06.04 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52AD2894-91E1-4190-BF45-98E40C30FAC8} [2012.06.04 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B1FF7ABB-C49F-468F-A1E1-A2E6CE78C504} [2012.06.03 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{29D41DA3-3E48-463B-90FF-CB6C38B4C7A6} [2012.06.03 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{967F496F-F5B9-417E-98D6-871F062DCCCF} [2012.06.02 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{36CD9A83-08E9-46A0-B376-B14892821461} [2012.06.02 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{70651EC8-F7E3-4D92-A738-0B090CF715C2} [2012.06.01 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7E71045-3DCC-4D5F-868A-5A48934787E0} [2012.06.01 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B68912-AB2E-44BD-9D91-0F48FA173519} [2012.06.01 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B3A08925-89DC-4B51-A740-7DD18A761801} [2012.06.01 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C07747A3-E4BC-4C7B-95E0-AF81A6C13FB6} [2012.06.01 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C2CCB5B9-70DC-4F10-9ADF-BE8DE68AFF2B} [2012.06.01 10:06:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4DEEEBA4-1C84-4BAF-B321-0BD05E6F70B4} [2012.05.31 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9DBDA530-5DF4-45BB-BB8D-0365245384A1} [2012.05.31 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3A9499E8-D511-4C1E-A9D5-47A826963D11} [2012.05.29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{83D68B42-0980-46CC-B31C-034FFD0F0CBB} [2012.05.29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C6B222DA-5B5A-41B9-813D-E6B369F2B75F} [2012.05.28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6EF1CB32-E1C9-4D56-9F73-32663AFB2B7F} [2012.05.28 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{07A341F8-87EB-4F20-93A5-1EBE08D4B3D8} [2012.05.28 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{79DA05FE-0279-49C7-A867-9099207194C9} [2012.05.28 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{03AFFF09-7587-457C-883F-9602CC93DACF} [2012.05.28 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5297AF-3B92-4E4B-9F26-540468A6E08A} [2012.05.28 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B0C219A-7FA1-4678-B254-3A007B309DB5} [2012.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1A7149E-C5AC-493B-B777-624E95F3D442} [2012.05.27 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A7C9C192-28A4-43AD-8657-3F9B9AD0136C} [2012.05.27 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2AC8C6E5-FEBF-43C4-B6D5-B3A3DFD3F940} [2012.05.27 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A869FAF9-A86B-4BF4-9449-CCF243D1DE35} [2012.05.26 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{30715781-965E-4D55-8151-F30F02592B5E} [2012.05.26 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7CDC169F-F11D-40D6-8238-3096F5CFB260} [2012.05.26 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{733249B1-4B4C-4E7A-BE83-599F1078C63C} [2012.05.26 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{731D53D4-65C2-40E5-8EE8-89DE9112012F} [2012.05.25 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FC37021C-9691-49AC-8D99-FFF281ED82A9} [2012.05.25 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{297FEBBD-841F-4D13-BF68-1C51729C6FFC} [2012.05.25 17:25:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3A061B7-23F6-43BD-99DA-7353236F0AF8} [2012.05.25 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED10AE4E-1F6A-4AC8-AF71-50787C8C4765} [2012.05.25 17:18:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B36A1745-1B75-41AC-9484-FE4FD5D979D5} [2012.05.25 10:05:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CCF34A4F-51BA-473C-990C-B9C70D1407EB} [2012.05.25 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1E7C331-9645-4A66-83E2-1B976B0B9C83} [2012.05.24 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\Outlook-Dateien [2012.05.24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E9D48A18-40B6-49F5-A0D5-5BDC643009AD} [2012.05.24 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1707611-4F50-4123-9830-F098D75EA06C} [2012.05.24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D4D96CC-8F4C-4164-A930-F122634ABA3F} [2012.05.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{028C8DBE-8C31-475B-B954-99D4DA1E92D0} [2012.05.23 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{72FD4A28-3B84-4F66-8783-D3EA31F8238E} [2012.05.23 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB95AF26-5746-4317-9987-49441EE7CE67} [2012.05.22 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Fotobuch screenshots [2012.05.22 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CE5F9612-F1CE-4E57-B581-B47C1B3E2027} [2012.05.22 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{358BF8BD-2E8C-4D65-B3F3-03DBB6825280} [2012.05.21 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D3A5E67B-9AA8-4A68-B16D-6F8DA9F9E770} [2012.05.21 08:49:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53816118-0DBA-47F4-8218-04DF976DE8BC} [2012.05.20 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3B3184D-3ADF-457E-B060-6A353D1E1862} [2012.05.20 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64DD1566-429F-4725-9528-3BD48C394807} [2012.05.19 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E2B2F258-B9D8-4BB3-8BF6-9D5FE146D6B1} [2012.05.19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A4807FA-BC3E-40FE-9D56-2965F7092B8E} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 11:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 09:34:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 09:34:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 09:31:24 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.18 09:31:24 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.18 09:31:24 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.18 09:31:24 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.18 09:31:24 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 09:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 09:23:55 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 11:44:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.16 11:28:17 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\HP Berlin\Desktop\ComboFix.exe [2012.06.13 23:15:56 | 000,000,000 | ---- | M] () -- C:\Users\HP Berlin\defogger_reenable [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.16 11:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.16 11:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.16 11:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.16 11:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.16 11:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.13 23:15:56 | 000,000,000 | ---- | C] () -- C:\Users\HP Berlin\defogger_reenable [2011.08.23 21:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 16:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 16:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 16:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 16:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 16:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 16:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 16:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 16:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 16:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 16:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 16:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 16:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 16:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 16:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 16:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini ========== LOP Check ========== [2010.08.31 10:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.05.18 10:20:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.05.25 12:48:22 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=8C48DA9DFA0139189BCF6A740BE07879 -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 5.0 HD\Core\EventLog\EventLog.dll [2010.05.25 12:48:22 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=8C48DA9DFA0139189BCF6A740BE07879 -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 5.0 HD\Core\Spec\AVCHD\BDCore\EventLog.dll [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\hp\drivers\Intel_Storage\IaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a012329c4d1be4fd\iaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_023f2cfe3fa02200\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\erdnt\cache64\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache86\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache86\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\erdnt\cache64\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2_32.DLL > [2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\erdnt\cache64\ws2_32.dll [2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll [2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\erdnt\cache86\ws2_32.dll [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < c:\windows\system32\drivers\*.sys /lockedfiles > < c:\windows\system32\*.dll /lockedfiles > [2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- c:\windows\system32\expsrv.dll [2010.12.21 07:35:19 | 010,989,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- c:\windows\system32\ieframe.dll [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- c:\windows\system32\msvbvm60.dll < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2010.05.29 19:12:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AccordCDRipperFree [2012.02.12 00:41:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2012.02.11 12:53:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Download Assistant [2010.05.19 22:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon [2011.10.03 12:56:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AON_MedienManager [2011.10.12 10:44:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update [2010.01.16 21:42:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Astrorix [2010.03.03 13:49:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity1.3Beta [2010.06.15 20:52:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Aura4You [2010.10.14 21:25:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira [2010.10.09 22:02:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belkin [2011.10.12 10:44:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour [2010.01.08 11:11:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Camera Suite [2010.01.05 13:33:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon [2010.07.22 13:56:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Carlton Books [2012.03.11 14:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CassetteMate [2011.07.09 19:33:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CellBiologyInteractive [2012.02.04 11:18:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CheckPoint [2011.07.12 09:54:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco Systems [2012.04.14 12:29:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citavi 3 [2012.06.16 11:39:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2010.01.16 21:36:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CuberExtreme [2009.09.24 16:32:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink [2011.06.08 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft [2010.01.05 20:38:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DynamicDraw5.4 [2009.12.06 21:50:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EasyBits For Kids [2010.01.15 20:07:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Everest [2010.12.10 00:51:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\fotobuch [2010.08.15 10:21:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0 [2011.12.19 17:42:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google [2009.09.24 16:50:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard [2009.09.24 16:35:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\hp [2010.05.08 21:01:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games [2010.11.04 21:19:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ7.2 [2012.02.12 00:31:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2009.09.24 16:25:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2011.04.02 20:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010.01.05 20:36:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView [2012.05.18 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes [2010.01.05 20:32:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2010.05.02 13:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame_for_Audacity [2010.01.05 18:53:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Macromedia [2012.06.13 22:40:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.12 00:54:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.02.12 00:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2011.01.06 13:08:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2011.06.08 16:49:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.02.12 00:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework [2011.06.08 16:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.01.06 10:43:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2012.02.12 00:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2010.01.04 20:50:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010.03.03 13:38:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MtStudio [2010.10.14 21:08:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NETGEAR [2010.01.05 19:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NOS [2009.12.06 21:45:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services [2010.01.05 20:30:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Open Workbench [2010.01.05 19:34:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3 [2010.01.05 20:30:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenProj [2011.06.08 16:49:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panasonic [2010.10.12 13:37:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF reDirect [2010.01.17 20:15:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PhotoExplorer6.0 [2010.01.05 19:14:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photoshop 7.0 [2010.10.02 12:32:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photoshop Elements 5.0 [2010.12.12 13:18:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PixelNet Foto Client [2011.03.22 11:30:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime [2010.05.19 22:41:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real [2009.09.24 16:26:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2011.01.27 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SCHLECKER [2010.11.27 12:01:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Scratch [2010.02.11 20:32:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sibelius Software [2010.12.22 22:00:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2012.02.12 00:30:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software [2010.03.07 11:52:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spamihilator [2010.01.16 21:46:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarBall [2010.05.15 19:52:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer [2009.09.24 16:27:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2011.08.23 21:26:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TFA_Nexus [2011.06.08 19:30:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TIVistadriver [2010.01.05 00:23:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro [2009.07.14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2011.06.08 17:02:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2012.02.06 17:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vstep [2010.01.16 21:29:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames [2009.09.25 02:14:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2012.02.13 19:54:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2011.04.02 20:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2011.04.02 20:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2011.04.02 20:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2011.04.02 20:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2011.04.02 20:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2010.01.05 20:05:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winsyntax [2010.01.05 12:30:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WMBackup [2010.01.07 21:22:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WsFTP [2010.01.07 21:23:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WS_FTP Pro [2011.08.26 22:27:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\xp-Iso-Builder [2010.05.08 11:03:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YouTubetoMP3Converter < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
| Themen zu 99 TANs Abfrage, Trojaner / Exploit.Drop.3P |
| 7-zip, audacity, bho, bonjour, canon, converter, dateisystem, document, downloader, error, exploit.drop.3p, fehler, firefox, flash player, frage, google, google earth, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, home, iexplore.exe, logfile, microsoft office word, mp3, netgear, nexus, object, pixel, plug-in, realtek, registry, searchscopes, security, sketchup, spyware, svchost.exe, tan-abfrage, trojaner, usb 2.0, version=1.0, viren |
Linear-Darstellung
