|
Plagegeister aller Art und deren Bekämpfung: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.08.2012, 17:37 | #1 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hallo, auf meinem PC (win 7) ist seit heute der Bildschirm durch eine bildschirmfüllende Seite blockiert. Der Text auf dieser Seite fordert mich zur Zahlung auf und trägt die Überschrift "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Durch Neustart des Rechners im abgesicherten Modus konnte ich wieder unter anderem Opera nutzen. Auf trojaner-board.de bin ich Punkt 1 in "Vorgehen bei Verschlüsselungs-Trojaner" gefolgt. Nach der Installation von Malwarebytes Anti-Malware wurden durch einen Quickscan 3 Objekte identifiziert, die ich dann in Quarantäne gestellt habe. Die Logdatei hat nachfolgenden Inhalt. Könnt ihr mir bitte helfen? Danke! Grüsse, dobby Inhalt der Logdatei: --------- Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.02 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Tobias :: TG247PC [Administrator] Schutz: Deaktiviert 30.08.2012 14:46:01 mbam-log-2012-08-30 (14-46-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212940 Laufzeit: 7 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Tobias\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Tobias\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) -------------- |
30.08.2012, 17:57 | #2 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiertEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
30.08.2012, 18:00 | #3 |
/// Malware-holic | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
31.08.2012, 09:35 | #4 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi, Schritt 1 habe ich durchgeführt mit folgendem Logfile als Ergebnis: ------------- Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.31.04 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Tobias :: TG247PC [Administrator] Schutz: Deaktiviert 31.08.2012 08:30:43 mbam-log-2012-08-31 (08-30-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 640131 Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Tobias\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Tobias\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tobias\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ------------- Ich mache mich jetzt an Schritt 2. Grüsse, dobby Hi t'john, Schritt 2 habe ich nach Deiner bzw. der bebilderten Anleitung durchgeführt mit den folgenden 2 Logfiles als Ergebnis. (Hinweis: Den obigen Text aus dem Beitrag von markusg habe ich bisher NICHT eingefügt.) Grüsse, dobbyOTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 11:12:09 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Tobias\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,07% Memory free 5,99 Gb Paging File | 5,30 Gb Available in Paging File | 88,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,63 Gb Total Space | 21,33 Gb Free Space | 14,85% Space Free | Partition Type: NTFS Computer Name: TG247PC | User Name: Tobias | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Opera\program\plugins\NPSWF32.dll () ========== Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo) SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe () SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Texis Monitor) -- C:\ABAQUS\Documentation\monitor.exe (Expansion Programs International, Inc.) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes,DefaultScope = {B0721280-808A-4084-8D3D-56486E95EEF8} IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}: "URL" = hxxp://search.lycos.com/setup.php?src=ie&query={searchTerms} IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7ADFA_en IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}: "URL" = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.4.0.468 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll (NBC Universal) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2881: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.2799: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Tobias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\flashplugin@idm: C:\Users\Tobias\AppData\Roaming\IDM\bin\flash [2012.01.17 02:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2012.01.17 01:51:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.17 01:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.20 19:23:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\flashplugin@idm: C:\Users\Tobias\AppData\Roaming\IDM\bin\flash [2012.01.17 02:26:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2012.01.17 01:25:59 | 000,000,000 | ---D | M] [2012.01.17 02:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Extensions [2012.01.17 02:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\extensions [2012.01.17 02:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.07 09:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.17 02:26:15 | 000,000,000 | ---D | M] (IDM FlashPlugin) -- C:\USERS\TOBIAS\APPDATA\ROAMING\IDM\BIN\FLASH [2009.09.27 20:01:12 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2009.10.13 20:52:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009.10.13 20:52:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009.10.13 20:52:01 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009.10.13 20:52:01 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [DirectPlayerCore] C:\Program Files\NBC Direct\DirectPlayerCore.exe (NBC Universal) O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites) O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: skype.com ([www] http in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235102E4-975D-49D7-9ED3-1D0F3BA43B6F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235102E4-975D-49D7-9ED3-1D0F3BA43B6F}: Domain = eng.cam.ac.uk O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B77983E-9FA3-4B89-946C-A8571BDCCAD7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1680x1050-Canyon.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1680x1050-Canyon.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 10:41:25 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2012.08.30 15:07:41 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\trojaner [2012.08.30 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes [2012.08.30 14:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 14:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 14:43:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.30 14:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.22 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.08.22 12:53:48 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Htc [2012.08.22 12:53:27 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC [2012.08.22 12:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2012.08.22 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Outlook [2012.08.21 18:35:54 | 000,000,000 | R--D | C] -- C:\Users\Tobias\Dropbox [2012.08.21 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.08.21 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Dropbox [2012.08.21 08:40:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.21 08:40:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.21 08:40:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.21 08:40:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.21 08:40:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.21 08:40:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.21 08:40:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.20 14:54:48 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.20 14:33:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.20 14:32:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.08 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Mobile Atlas Creator [2012.08.08 18:54:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\BikeXperience [2012.08.08 18:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikeXperience [2012.08.08 18:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\BikeXperience [2012.08.07 09:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.08.07 09:31:41 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.08.07 09:31:41 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2007.11.05 18:44:12 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe [1 C:\Users\Tobias\*.tmp files -> C:\Users\Tobias\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.31 10:41:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2012.08.31 08:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 08:19:31 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 15:24:20 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 15:24:20 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 15:24:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.30 15:24:02 | 000,709,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 15:24:02 | 000,141,552 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 15:17:23 | 000,100,224 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001 [2012.08.30 15:17:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 15:16:29 | 000,025,406 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2012.08.30 15:15:07 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2012.08.30 14:09:36 | 000,100,224 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat [2012.08.30 13:31:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 23:40:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.28 23:40:30 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.22 12:53:10 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2012.08.22 12:00:25 | 000,001,113 | ---- | M] () -- C:\Users\Tobias\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012.08.21 18:35:54 | 000,001,051 | ---- | M] () -- C:\Users\Tobias\Desktop\Dropbox.lnk [2012.08.21 18:33:47 | 000,001,061 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.08.21 09:08:54 | 000,455,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.20 19:25:24 | 000,000,306 | ---- | M] () -- C:\Windows\ODBC.INI [2012.08.08 23:22:44 | 002,300,111 | ---- | M] () -- C:\Users\Tobias\Desktop\Trecking_uber_die_Alpen.pdf [2012.08.08 23:15:09 | 000,001,530 | ---- | M] () -- C:\Users\Tobias\Desktop\Mobile Atlas Creator.exe - Shortcut.lnk [2012.08.08 21:51:05 | 000,070,708 | ---- | M] () -- C:\Users\Tobias\Desktop\4102_schlegeis_fahrplan_so2012.pdf [2012.08.08 20:50:07 | 000,005,533 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\mainhst.zgh [2012.08.07 09:31:07 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.08.07 09:31:07 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [1 C:\Users\Tobias\*.tmp files -> C:\Users\Tobias\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.22 12:53:10 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2012.08.21 18:35:54 | 000,001,051 | ---- | C] () -- C:\Users\Tobias\Desktop\Dropbox.lnk [2012.08.21 18:33:47 | 000,001,061 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.08.08 23:22:44 | 002,300,111 | ---- | C] () -- C:\Users\Tobias\Desktop\Trecking_uber_die_Alpen.pdf [2012.08.08 23:15:09 | 000,001,530 | ---- | C] () -- C:\Users\Tobias\Desktop\Mobile Atlas Creator.exe - Shortcut.lnk [2012.08.08 21:51:05 | 000,070,708 | ---- | C] () -- C:\Users\Tobias\Desktop\4102_schlegeis_fahrplan_so2012.pdf [2012.02.16 22:21:45 | 000,004,608 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.17 22:37:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.01.17 22:34:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.01.17 02:50:30 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.12.27 12:26:53 | 003,023,175 | ---- | C] () -- C:\Users\Tobias\Party Rock Anthem - LMFAO Cover by KarminMusic.mp3 [2009.07.31 18:01:27 | 011,574,784 | ---- | C] () -- C:\Program Files\Vodafone Mobile Connect.msi [2009.07.31 18:01:27 | 000,003,584 | ---- | C] () -- C:\Program Files\2057.MST [2007.11.07 02:39:47 | 000,000,852 | ---- | C] () -- C:\Users\Tobias\ifortvars_test.bat [2007.10.02 10:57:24 | 000,011,798 | ---- | C] () -- C:\Users\Tobias\gsview32.ini [2007.10.02 10:38:51 | 000,005,533 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\mainhst.zgh [2007.09.14 19:22:49 | 000,008,502 | ---- | C] () -- C:\Users\Tobias\abaqus_v6.7.gpr [2007.09.13 16:21:40 | 000,000,016 | ---- | C] () -- C:\Users\Tobias\persistent_state [2007.09.12 15:11:40 | 000,100,224 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001 [2007.09.12 15:11:33 | 000,100,224 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat ========== LOP Check ========== [2012.01.17 02:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Buhl Data Service [2012.01.17 02:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\CoreFTP [2012.08.30 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dropbox [2012.01.17 02:26:13 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\eMule [2012.04.07 12:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\eTeks [2012.01.17 02:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Facebook [2012.08.22 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HTC [2012.08.22 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.01.17 02:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\IDM [2012.01.17 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Lenovo [2012.01.17 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Lexware [2012.08.08 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Mobile Atlas Creator [2012.08.29 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\NBC Direct [2012.01.17 02:26:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Nokia [2012.01.17 02:26:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Opera [2012.08.22 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Outlook [2012.01.17 02:27:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\PC Suite [2012.01.17 02:27:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\RhinoSoft.com [2012.01.17 02:27:19 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Vodafone [2012.07.11 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\WinEdt [2012.01.17 02:27:21 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ZipGenius [2012.06.04 20:32:24 | 000,011,276 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 11:12:09 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Tobias\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,07% Memory free 5,99 Gb Paging File | 5,30 Gb Available in Paging File | 88,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,63 Gb Total Space | 21,33 Gb Free Space | 14,85% Space Free | Partition Type: NTFS Computer Name: TG247PC | User Name: Tobias | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{207679AA-5DFA-4DDE-89A5-9348FAD88758}" = lport=20000 | protocol=6 | dir=in | name=abaqus license manager | "{2E3629C3-D144-4E7E-B2E4-9B438828DAE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{496D7C87-5CA5-4123-9569-3DC58D845E20}" = lport=2869 | protocol=6 | dir=in | app=system | "{4F7DD8B6-9FD0-479D-AFA1-79C368057B55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{5ECBDEC6-DA87-4191-AFEB-BA1A44A5C564}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5EF70806-D216-424B-A3E5-A7055EDEEC2A}" = lport=59092 | protocol=6 | dir=in | name=pando media booster | "{64BCFF8D-87EF-4116-8F21-A7AA9DF91326}" = lport=27000 | protocol=6 | dir=in | name=abaqus license manager | "{7B438E40-034D-4904-8907-4A1AC2778543}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{815B3C50-F0F2-4680-A95D-32F1FC48D196}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{822C4A5C-CE82-4B94-99CB-0A0A828B04E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C24A000C-D9D8-4AF3-BB4C-9473BB845D1D}" = lport=59092 | protocol=17 | dir=in | name=pando media booster | "{C367C793-EA74-42C5-8F5A-44DD1E40F95B}" = rport=10243 | protocol=6 | dir=out | app=system | "{D3671DBD-14EC-4A82-A0E3-ED6A4DE5101F}" = lport=10243 | protocol=6 | dir=in | app=system | "{E59F9C6E-D588-4C95-A44E-1156B85BE904}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F550854D-7445-498D-8479-772050787984}" = lport=2869 | protocol=6 | dir=in | app=system | "{FE3AF518-9040-48D7-A3CE-1664B303AD17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C34BB2-4D57-4935-82DE-5D47FE2E6285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{078AD35A-60B9-48AD-841E-4B1B034B3ED1}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "{0ECB4A63-DAB8-42A4-ADF7-CB7040889817}" = protocol=17 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe | "{16DA97F8-898A-4AB6-BE46-7DD4B009AC2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{20513FCB-A197-4F7F-9A38-8BE39A028BF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{220A9D46-1AF1-49A9-B6D1-37946CC6C16A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{2A9882A4-F473-4B8A-8519-3989CFD3FF8F}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{31762AEB-FFA6-4862-B227-36354C178AC5}" = protocol=6 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe | "{3A4608E8-665A-44B3-AB19-DDF115BB6975}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3D052757-DE6E-4FB2-B45D-9BDADEC38922}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3DE352C2-D10E-4817-B117-C371C0473F36}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | "{3E166D70-60BE-4F2E-A1CC-6E950883A35C}" = protocol=6 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\ftpvoyager.exe | "{4123792B-14BA-4295-B8B9-5DFEDE200D84}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{41BB45FE-279E-4D1E-BC0F-32177C2203F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5688AF1F-8C38-432A-B395-F4D4EF8BD11B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{571B8F18-48D9-4802-B77C-FEE07D5C5222}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5845C259-1D91-4EBB-9E8F-2883A88A87E4}" = protocol=17 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\ftpvoyager.exe | "{6BAEA1B9-33A4-46AF-B0CB-DA0288E91E1E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{7314EFC8-9206-4169-A5EF-FAB9FCA7C528}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B8EABE0-9690-4ED2-BC31-755761690CC4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{88FDE643-3C79-4368-B9EC-3C6865A817B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8ED9E957-AB1F-459A-9550-8FD46AB3CD61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{93C9D738-9DBC-4B05-9735-50300F3CF308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A880C37C-AA4F-41B4-A32D-D9EF04C3F649}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{ABE68DD8-932B-48DB-84F8-77B0137F3BEE}" = protocol=6 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | "{BA8F4022-B90A-4340-BD75-C781015CC09B}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe | "{C18C2964-F9B5-4828-B97A-2161F3E9A3C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C62AB318-53A4-4D08-AB5E-F64F49DDCFA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CBB0D4D1-006E-4C01-9C17-ACB84E5CBD81}" = protocol=17 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\fvscheduler.exe | "{CE519FB5-665C-4745-9107-2112403297B8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{D78C60AD-66F3-4DF1-880F-417A9B30D9C7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{D79C7CD3-1465-4751-8816-80A0338AC3E3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{E3FAE099-E206-4705-8CE4-F562F74201A8}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{ECE5F4C8-24A5-430D-9049-E4E305D0AE38}" = protocol=17 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | "{F023EB5F-ECD9-4E34-A319-90B98F898527}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F064AE43-2B40-430E-8544-D8F74F1E46DF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{F6B7307E-3553-4121-9524-154AF4556021}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FA29AC43-7860-4DA1-895F-52ABBC792B43}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | "{FCD979D2-CFCC-4D02-9006-8B9027FCE755}" = protocol=6 | dir=out | app=system | "{FD526547-A4D2-4C6B-A31E-76F32EDA6133}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "{FF105C59-189F-47B3-BFE3-4A14851FDE14}" = protocol=6 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\fvscheduler.exe | "TCP Query User{0D73332C-F2CC-4EC3-879C-6C7E13932C61}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{1C16A77A-0706-4E63-835F-61B0149CB3FA}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "TCP Query User{34AAF80F-3D0D-468C-9619-E4AA4F38D28A}C:\abaqus\6.7-1\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqcaek.exe | "TCP Query User{5748A238-EEDD-4FCB-9A58-A4AD157B819F}C:\abaqus\license\lmgrd.exe" = protocol=6 | dir=in | app=c:\abaqus\license\lmgrd.exe | "TCP Query User{59AD3F92-2E57-46E7-91FB-4F78E2E514FB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{64D75103-3B98-4E2E-8E91-1BD024322518}C:\abaqus\license\abaquslm.exe" = protocol=6 | dir=in | app=c:\abaqus\license\abaquslm.exe | "TCP Query User{6A6D3B8B-5107-4B9B-B554-B5BABB1898B0}C:\program files\nbc direct\directplayercore.exe" = protocol=6 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | "TCP Query User{8487FBC2-D8B4-4D5E-A252-401555F4E075}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe | "TCP Query User{87F2EA38-1825-4831-A588-4A39BFFAE81F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{9BCFFC17-DDED-4E05-A17A-894B4E57E7E7}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe | "TCP Query User{A35F20FE-3F0B-480D-906E-A820F202F928}C:\program files\maple 11\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe | "TCP Query User{A4A25548-7F13-4C76-917D-080ABF150E83}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe | "TCP Query User{AC31A44D-D7C6-4B2D-A374-1E8195A9EB73}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{B0927E46-B2FC-4E48-AB27-53B6FB89BFD2}C:\abaqus\license\abaquslm.exe" = protocol=6 | dir=in | app=c:\abaqus\license\abaquslm.exe | "TCP Query User{DFF1B94F-C66E-4457-A898-0FAE02825358}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe | "TCP Query User{ED64F69E-3B10-4BA0-8C2B-203C2F94CB33}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{F4629DE9-AD49-48E0-B2A3-6DDCC4CAA764}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{0234A206-1316-403C-9B3D-6E4782C5E43A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{096A8BBF-B745-4153-B904-EF1D2932F797}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{28A65868-97AF-4A9C-B1DA-0BB3E91F22FC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2E071E35-8FD2-452C-988B-6CD8704B2E74}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{38761B61-F35C-4707-BF4E-E44CBDC93CE9}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe | "UDP Query User{4CB5AECC-7B25-452B-B62D-E0EFCBB75BF8}C:\abaqus\license\abaquslm.exe" = protocol=17 | dir=in | app=c:\abaqus\license\abaquslm.exe | "UDP Query User{4E239EF2-EE01-4F32-AFAE-326F53AE04FD}C:\abaqus\license\abaquslm.exe" = protocol=17 | dir=in | app=c:\abaqus\license\abaquslm.exe | "UDP Query User{57E8E192-CD29-4223-8BE2-4D7F2FB006E3}C:\program files\maple 11\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe | "UDP Query User{5F0117B9-CDE6-43A0-8DEB-C00A2CD5E15E}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe | "UDP Query User{86735315-96D1-4992-9F14-B8C8E95A985C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9DB02787-3000-44C7-A99C-BB82FA31C449}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{A1E890F6-FA66-4D28-B3E4-BD996CB4BF03}C:\abaqus\license\lmgrd.exe" = protocol=17 | dir=in | app=c:\abaqus\license\lmgrd.exe | "UDP Query User{A32F954E-8E53-4248-9639-AB816DBCB26D}C:\abaqus\6.7-1\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqcaek.exe | "UDP Query User{AC3DE7FC-BD95-46C6-A77C-F6FFC9723BCA}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe | "UDP Query User{C6891D82-22DA-486A-A428-CCF2835A2536}C:\program files\nbc direct\directplayercore.exe" = protocol=17 | dir=in | app=c:\program files\nbc direct\directplayercore.exe | "UDP Query User{C85B67C6-5A9B-4111-A1F8-652DF07636D6}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "UDP Query User{D9787C89-4709-4A72-BE11-898B3E7D9F24}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3 "{00E2C4DA-6A1F-4E4D-8947-426EC6F9106F}" = Intel(R) Visual Fortran Compiler 9.1, Extended Memory 64 Technology Edition "{0272A63A-84D1-4EBD-A5BC-39963D188ED3}_is1" = APlus Viewer "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 "{073DDB50-D21A-424E-859A-D438B6638184}" = Intel(R) Visual Fortran Compiler 9.1 Integrations in Microsoft Visual Studio* "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10 "{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720) "{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005 "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3 "{58A12D43-D312-4995-9D8F-9E654694C113}" = Gigaset QuickSync "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 "{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement "{641D6C0F-386D-407D-A342-8489B5510554}" = Intel(R) Visual Fortran Compiler 9.1 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU "{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus "{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver "{A6F29FDB-2E1E-46CF-8EB9-F4D66DF6262B}" = Intel(R) Debugger 9.1 "{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization "{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE6AE703-BDAA-11D5-BDCA-00C04F019809}" = SolidWorks Education Edition "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D598F0A5-B6F3-4450-B95A-843AC81CB049}" = SolidWorks Toolbox Education Edition "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1140) "{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F}" = NBC Direct "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Abaqus 6.7 HTML Documentation" = Abaqus 6.7 HTML Documentation "Abaqus 6.7-1" = Abaqus 6.7-1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional "Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Agere Systems Soft Modem" = Agere Systems HDA Modem "AnyCount_is1" = AnyCount, Version 6.0 "AudibleManager" = AudibleManager "AwayTask" = Maintenance Manager "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "FTP Voyager_is1" = FTP Voyager 15.1 "GPL Ghostscript 8.61" = GPL Ghostscript 8.61 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "GSview 4.9" = GSview 4.9 "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "InterActual Player" = InterActual Player "Lenovo Registration" = Lenovo Registration "LENOVO.SMIIF" = Lenovo System Interface Driver "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Magic Utilities 2008_is1" = Magic Utilities 2008 Version 5.50 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Maple 11" = Maple 11 "MatlabR2007a" = MATLAB R2007a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU "MiKTeX 2.7" = MiKTeX 2.7 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "NVIDIA Drivers" = NVIDIA Drivers "OnScreenDisplay" = On Screen Display "Opera 12.01.1532" = Opera 12.01 "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "PhotoModeler 6" = PhotoModeler 6 "Picasa2" = Picasa 2 "PROPLUS" = Microsoft Office Professional Plus 2007 "PuTTY_is1" = PuTTY version 0.60 "RealPlayer 6.0" = RealPlayer "Recuva" = Recuva "Screenshot Pilot (full)_is1" = Screenshot Pilot version 1.46.01 "SynTPDeinstKey" = Synaptics Pointing Device Driver "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "VISPROR" = Microsoft Office Visio Professional 2007 "WinEdt_is1" = WinEdt ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "idm_flash" = IDM Flash 4.4.0.468 "NBC Direct" = NBC Direct "Sweet Home 3D" = Sweet Home 3D ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.08.2012 04:01:48 | Computer Name = tg247pc | Source = Application Error | ID = 1000 Description = Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a Exception code: 0xc0000005 Fault offset: 0x00004660 Faulting process id: 0x1c80 Faulting application start time: 0x01cd85bc8965b004 Faulting application path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\Windows\system32\OLEAUT32.dll Report Id: c80c2b61-f1af-11e1-a313-00197efe09a3 Error - 29.08.2012 06:07:21 | Computer Name = tg247pc | Source = Application Error | ID = 1000 Description = Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a Exception code: 0xc0000005 Fault offset: 0x00004660 Faulting process id: 0x1840 Faulting application start time: 0x01cd85ce136ebd85 Faulting application path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\Windows\system32\OLEAUT32.dll Report Id: 51ffcc80-f1c1-11e1-a313-00197efe09a3 Error - 29.08.2012 12:42:45 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Lenovo\System Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 29.08.2012 12:42:45 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Lenovo\Rescue and Recovery\instfilt.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 29.08.2012 12:43:04 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 30.08.2012 07:21:42 | Computer Name = tg247pc | Source = Symantec AntiVirus | ID = 16711725 Description = SYMANTEC TAMPER PROTECTION ALERT Target: LDVP_LPC_SEM Event Info: Open Internal Event Action Taken: Blocked Actor Process: C:\Program Files\Symantec AntiVirus\VPTray.exe (PID 4296) Time: 30 August 2012 13:21:41 Error - 30.08.2012 07:21:42 | Computer Name = tg247pc | Source = Symantec AntiVirus | ID = 16711725 Description = SYMANTEC TAMPER PROTECTION ALERT Target: LDVP_LPC_SEM Event Info: Open Internal Event Action Taken: Blocked Actor Process: C:\Program Files\Symantec AntiVirus\VPTray.exe (PID 4296) Time: 30 August 2012 13:21:42 Error - 30.08.2012 07:22:36 | Computer Name = tg247pc | Source = Application Error | ID = 1000 Description = Faulting application name: LEXPPS.EXE, version: 0.0.0.0, time stamp: 0x3c5016cf Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0001f8c4 Faulting process id: 0x698 Faulting application start time: 0x01cd804c205a7b65 Faulting application path: C:\Windows\System32\LEXPPS.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: ff84601d-f294-11e1-a313-00197efe09a3 Error - 30.08.2012 07:27:14 | Computer Name = tg247pc | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30.08.2012 08:02:35 | Computer Name = tg247pc | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30.08.2012 08:09:47 | Computer Name = tg247pc | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30.08.2012 09:16:19 | Computer Name = tg247pc | Source = VMCService | ID = 0 Description = conflictManagerTypeValue [ Media Center Events ] Error - 17.04.2008 11:48:04 | Computer Name = tg247pc | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 12.09.2009 16:40:38 | Computer Name = tg247pc | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. [ OSession Events ] Error - 21.08.2012 15:41:36 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 308 seconds with 240 seconds of active time. This session ended with a crash. Error - 22.08.2012 07:30:44 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.08.2012 07:23:44 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 431570 seconds with 1080 seconds of active time. This session ended with a crash. Error - 27.08.2012 07:24:26 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.08.2012 14:32:57 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6056 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.08.2012 04:45:54 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.08.2012 05:03:30 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1048 seconds with 840 seconds of active time. This session ended with a crash. Error - 29.08.2012 04:01:41 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.08.2012 04:01:48 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.08.2012 06:07:21 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 31.08.2012 05:01:26 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report > |
31.08.2012, 19:29 | #5 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes,DefaultScope = {B0721280-808A-4084-8D3D-56486E95EEF8} IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms} IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7ADFA_en IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.4.0.468 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found O3 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] :Files C:\Users\Tobias\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Tobias\AppData\Local\Temp\*.exe C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk %SystemRoot%\System32\*.tmp %SystemRoot%\SysWOW64\*.tmp ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
31.08.2012, 21:13 | #6 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi t'john, hier der Inhalt des Logfiles: ------- All processes killed ========== OTL ========== Service VGPU stopped successfully! Service VGPU deleted successfully! File System32\drivers\rdvgkmd.sys File not found not found. Service tsusbhub stopped successfully! Service tsusbhub deleted successfully! File system32\drivers\tsusbhub.sys File not found not found. Service Synth3dVsc stopped successfully! Service Synth3dVsc deleted successfully! File System32\drivers\synth3dvsc.sys File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19295D85-735E-455F-8F20-3EB50B792914}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B3520AB-820A-46D9-AE8E-66C590C939AE}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19295D85-735E-455F-8F20-3EB50B792914}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637363C8-A3EE-4013-9187-33BCA3D3A125}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C005691-A18A-40B2-9C1A-4073594EFD89}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAFA224A-45FC-4C5E-899A-E813321395EC}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0721280-808A-4084-8D3D-56486E95EEF8}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}\ not found. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}\ not found. HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "about:blank" removed from browser.startup.homepage Prefs.js: flashplugin@idm:4.4.0.468 removed from extensions.enabledItems Prefs.js: "*.local" removed from network.proxy.no_proxies_on Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SyncHostps deleted successfully. C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully. C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll moved successfully. Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elsteronline.de\www\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\Windows\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. ========== FILES ========== C:\Users\Tobias\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1} folder moved successfully. C:\Users\Tobias\AppData\Local\{F9ABF6FF-B068-4877-9373-3B5353A65A36} folder moved successfully. File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. C:\Users\Tobias\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe moved successfully. C:\Users\Tobias\AppData\Local\Temp\setup_3.2.20.exe moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. File/Folder C:\Windows\System32\*.tmp not found. File/Folder C:\Windows\SysWOW64\*.tmp not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Tobias\Desktop\cmd.bat deleted successfully. C:\Users\Tobias\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 57257 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: TEMP User: Tobias ->Temp folder emptied: 3585783 bytes ->Temporary Internet Files folder emptied: 62175312 bytes ->FireFox cache emptied: 84507619 bytes ->Opera cache emptied: 162217133 bytes ->Flash cache emptied: 2049095 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 143186850 bytes RecycleBin emptied: 768908127 bytes Total Files Cleaned = 1.170,00 mb OTL by OldTimer - Version 3.2.59.1 log created on 08312012_214110 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... ------- Grüsse, dobby |
31.08.2012, 22:57 | #7 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
01.09.2012, 12:22 | #8 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi, der Rechner läuft noch :-) Ich starte allerdings noch im abgesicherten Modus. Einen normalen Start habe ich noch nicht probiert. 1. Schritt: Der Scan mit Malwarebytes ergab keine infizierten Objekte. 2. Schritt: # AdwCleaner v2.000 - Logfile created 09/01/2012 at 13:12:28 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Tobias - TG247PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Tobias\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\.autoreg ***** [Registry] ***** Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.5.3 (en-GB) Profile name : default File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\prefs.js [OK] File is clean. -\\ Opera v12.1.1532.0 File : C:\Users\Tobias\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1031 octets] - [01/09/2012 13:12:28] ########## EOF - C:\AdwCleaner[R1].txt - [1091 octets] ########## Grüsse, dobby |
01.09.2012, 16:47 | #9 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
01.09.2012, 22:48 | #10 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi, ich habe beide Schritte durchgeführt. Hier sind die beiden Logfiles: # AdwCleaner v2.000 - Logfile created 09/01/2012 at 19:11:12 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Tobias - TG247PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Tobias\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\.autoreg ***** [Registry] ***** Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v3.5.3 (en-GB) Profile name : default File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\prefs.js [OK] File is clean. -\\ Opera v12.1.1532.0 File : C:\Users\Tobias\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1160 octets] - [01/09/2012 13:12:28] AdwCleaner[S1].txt - [1516 octets] - [01/09/2012 19:11:12] ########## EOF - C:\AdwCleaner[S1].txt - [1576 octets] ########## Emsisoft Anti-Malware - Version 6.6 Letztes Update: 01.09.2012 19:52:58 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\ Archiv Scan: An ADS Scan: An Scan Beginn: 01.09.2012 20:06:36 C:\_OTL\MovedFiles\08312012_214110\C_Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe gefunden: Trojan.Dropper.Win32.Dapato.bqji.AMN!E1 C:\Users\Tobias\Documents\Fortran\IMP\impaniso2\Debug\testIMP.exe gefunden: Backdoor.Win32.Shiz!E2 C:\Users\Tobias\Documents\Fortran\IMP\IMPaniso\Debug\testIMP.exe gefunden: Backdoor.Win32.Shiz!E2 C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\5ef9bbe6 gefunden: Trojan.Win32.Ransom!E2 C:\ABAQUS\6.7-1\External\Interop_32\intel_a\code\bin\chcatenv.exe gefunden: P2P-Worm.Win32.Palevo!E2 Gescannt 867810 Gefunden 5 Scan Ende: 01.09.2012 22:15:22 Scan Zeit: 2:08:46 Grüsse, dobby |
02.09.2012, 09:20 | #11 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Sehr gut! Lasse die Funde in Quarantaene verschieben, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
02.09.2012, 11:37 | #12 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi t'john, beim Versuch Emisoft Anti-Malware zu starten, um die Funde in Quarantäne zu verschieben kommt die Fehlermeldung "Access violation at address 03D1E9E6 in module 'a2update.dll'. Read of address 00000004." Hinweis: Ich habe den Rechner wie bisher während der Bereinigung im "SafeMode mit Networking" gestartet. Soll ich versuchen normal zu starten? Grüsse, dobby |
02.09.2012, 14:47 | #13 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Aber klar, alles im Normalmodus! Nochmal Emsisoft, dann ESET |
04.09.2012, 06:56 | #14 |
| Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hi t'john, die Emisoft-Funde habe ich manuell in Quarantäne verschoben und anschliessend Emisoft Anti-Malware deinstalliert. ESET: Mein erster Scan (über Nacht) wurde leider durch ein automatisches Update abgebrochen. Danach habe ich zweimal Scans gestartet über OnlineScannerApp.exe in C:\Programme\Eset\EsetOnlineScanner\log.txt. (Während der beiden Scans hingen unterschiedliche externe Laufwerke dran.) Beide Scans hatten als Ergebnis "No threats found". Das Logfile enthält sehr wenig Information: ------ ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ------ Grüsse, dobby |
04.09.2012, 18:19 | #15 |
/// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. |
Themen zu Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert |
abgesicherten, administrator, anti-malware, appdata, autostart, bildschirm, blockiert, computer, dateien, der computer ist für die verletzung, explorer, gelöscht, ide, installation, logdatei, malwarebytes, neustart, opera, quarantäne, roaming, seite, service, speicher, test, trojaner computer blockiert, version, win, zahlung |