Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte


Log-Analyse und Auswertung: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.09.2012, 03:10   #1
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte


Hallo zusammen!

Toll, dass es dieses Board gibt! Ich hoffe, dass ich mit eurer Hilfe mein Notebook "putzen" kann.

Über meine externe Festplatte, die ich zur Datenübertragung an einen anderen PC angeschlossen hatte, habe ich mir einen Virus namens "Worm.Dorkbot" eingefangen. Was mich aufmerksam gemacht hat, war, dass auf der Festplatte all meine Ordner nur noch als Verknüpfungen angezeigt wurden. Auf die Daten kann ich aber noch zugreifen, wenn ich die geschützten Systemdateien anzeigen lasse (unter Windows 7 in "Ordneroptionen").

Leider hat sich der Wurm, wie es scheint, trotz meines bezahlten Anti-Viren-Programms (Avira Antivirus Premium 2012) auf meinen Computer (Windows 7 Professional, 64 Bit, SP1) übertragen. Im Verzeichnis C:\User\Cornelia\AppData\Roaming finden sich mehrere .EXE-Dateien, allen voran "tlrsrl.ex". Außerdem finde ich nach jedem Neustart des Computers in den Prozessen im Task-Manager ein Programm mit dem vier Buchstaben "xxxx.exe", das etwa 25% meiner CPU-Leistung frisst und den PC sehr heiß laufen lässt und den Lüfter und Akku extrem belastet.

Bei einem erneuten Anstecken der Festplatte kommt von meinem Antivirus dann folgende Fehlermeldung:
"In der Datei 'E:\RECYCLER\e621ca05.exe' wurde ein Virus oder unerwünschtes Programm 'WORM/Dorkbot.A.2312' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern"
Über den Eingabebefehl der Attributänderung habe ich die Ordner auf meiner externen Festplatte wieder hergestellt und die Verknüpfungen gelöscht. Nach dem Löschen der besagten Datei "e621ca05.exe" auf der externen Festplatte sah es auch gut aus. Beim erneuten Anstecken der Festplatte waren aber wieder alle Ordner zu Verknüpfungen geworden, und die Datei wieder da.

Beim googlen nach dem Wurm und dem Problem bin ich unter anderem auf folgenden Thread in Eurem Board gestoßen, bei dem mir das Problem ähnlich erscheint: http://www.trojaner-board.de/103380-...uepfungen.html

Ein kompletter Suchlauf mit Antivirus brachte heute 3 Funde, die ich erst in Quarantäne verschieben ließ und dann gelöscht habe. Dennoch sind die verdächtigen Dateien weiterhin im Verzeichnis "AppData\Roaming" vorhanden. Das LOG-File des AntivirusScans poste ich im Anhang.

Eure Anweisungen habe ich ebenfalls durchgeführt. Das LOG-File vom Defogger poste ich unten, ebenso wie die OTL.txt. Bei Ausführen dieser Programme hatte ich meine externe Festplatte, die den Virus übertrage hat, angeschlossen, damit sie gegebenenfalls mit durchsucht wird. Da sich auf dieser meine Datensicherungen (erstellt mit Acronis True Image Home) befinden, wäre es gut, wenn die Platte mit bereinigt werden könnte und ich sie nicht komplett formatieren muss.

Da ich zur Zeit in Chile studiere und unser Internet manchmal recht instabil ist, kann es sein, dass ich mit dem Antworten manchmal ein bisschen länger brauche (es kann natürlich auch an den 5 Stunden Zeitverschiebung nach Deutschland liegen).
Vielen Dank auf jeden Fall schon mal für Eure Bemühungen!!!
Herzliche Grüße, Cornelia

Hier die Datei "defogger_disable.log":
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:55 on 19/09/2012 (Cornelia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
Und hier die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 19.09.2012 21:58:40 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Cornelia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,93% Memory free
7,69 Gb Paging File | 5,91 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 55,94 Gb Free Space | 57,28% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 452,27 Gb Free Space | 48,55% Space Free | Partition Type: NTFS
Drive M: | 330,50 Gb Total Space | 69,99 Gb Free Space | 21,18% Space Free | Partition Type: NTFS
Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS
 
Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 07:56:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 14:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.08.11 06:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 05:03:34 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 04:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 05:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 09:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 18:17:06 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
PRC - [2008.10.03 18:58:58 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.10.03 18:55:12 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.10.03 17:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.04.06 04:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 04:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
MOD - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.09 06:23:04 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.11.12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 12:14:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 14:03:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011.08.31 14:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.08.31 14:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.07.27 16:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 15:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.07.08 12:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.05.18 16:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.03 18:17:04 | 000,965,408 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.09.22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.03 17:41:22 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.12.14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.14 15:53:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 15:53:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.01.22 09:31:01 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm140.sys -- (tdrpman140)
DRV:64bit: - [2012.01.22 09:30:58 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.01.22 09:30:58 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.01.22 09:30:56 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380)
DRV:64bit: - [2011.12.23 09:08:27 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.23 09:08:27 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.23 00:32:25 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.15 10:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 14:03:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011.08.31 14:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.09 10:32:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.03 12:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.05.19 08:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.25 22:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.09 06:23:04 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010.12.09 06:23:04 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.12.08 00:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.01 08:15:30 | 000,426,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010.11.24 08:24:24 | 000,145,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.11.20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 02:06:22 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.11.20 02:06:20 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.11.12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.10.19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 13:14:10 | 000,164,992 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.09.07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.08.26 23:14:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 04:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.07.08 12:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.13 08:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.homitrlz.in
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112454&tt=060612_6_&babsrc=SP_ss&mntrId=942b238f000000000000081196ea00a0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE467
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.homitrlz.in"
FF - prefs.js..extensions.enabledAddons: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Cornelia\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.21 11:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Extensions
[2012.09.16 00:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions
[2012.08.21 10:06:49 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.08.18 10:54:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.01.22 17:21:29 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 00:48:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.22 17:21:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com
[2012.01.21 18:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.26 15:26:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\finder@meingutscheincode.de.xpi
[2011.05.16 17:21:21 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2010.09.10 05:54:17 | 000,002,354 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\searchplugins\ecosia.xml
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 12:14:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 21:27:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 17:43:40 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.28 20:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 21:27:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 21:27:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 21:27:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 21:27:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
 
O1 HOSTS File: ([2009.06.10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Tlrsrl] C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: Domain = uni-tuebingen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: NameServer = 134.2.200.1,134.2.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E24BAF-9711-4E6E-86CB-541DF48FAB5D}: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell - "" = AutoRun
O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell\AutoRun\command - "" = F:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 21:56:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.08 01:37:02 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.07 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.02 12:54:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Facebook
[2012.08.30 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.08.30 10:50:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.08.29 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{48E1F8FF-1C7B-4A56-9CED-376BB26251A2}
[2012.08.28 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{349B95A0-1296-4E8D-A8F8-FDE0E8F47A6B}
[2012.08.28 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Macromedia
[3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 21:59:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.19 21:57:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.19 21:57:15 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.19 21:57:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.19 21:57:15 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.19 21:57:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.19 21:55:09 | 000,000,000 | ---- | M] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | M] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:46:26 | 000,167,936 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe
[2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 21:36:29 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe
[2012.09.19 21:36:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 21:35:29 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.09.19 21:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 21:35:19 | 3095,773,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 21:28:36 | 000,775,620 | ---- | M] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.19 21:17:23 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 20:03:25 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe
[2012.09.19 13:02:53 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe
[2012.09.19 12:59:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.09.19 12:52:34 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe
[2012.09.19 12:04:08 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe
[2012.09.16 17:42:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe
[2012.09.16 16:50:08 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe
[2012.09.16 13:29:42 | 594,592,768 | ---- | M] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.16 12:47:47 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe
[2012.09.16 12:12:22 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe
[2012.09.16 11:41:26 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe
[2012.09.16 03:49:21 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe
[2012.09.16 02:58:55 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe
[2012.09.16 00:46:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe
[2012.09.12 10:36:23 | 000,006,656 | ---- | M] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.06 13:37:58 | 000,002,133 | ---- | M] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.03 12:30:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.09.03 12:29:58 | 000,361,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.30 10:50:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 21:55:09 | 000,000,000 | ---- | C] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | C] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:46:26 | 000,167,936 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe
[2012.09.19 21:36:29 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe
[2012.09.19 21:28:36 | 000,775,620 | ---- | C] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.19 20:03:25 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe
[2012.09.19 13:02:53 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe
[2012.09.19 12:52:34 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe
[2012.09.19 12:04:08 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe
[2012.09.16 17:42:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe
[2012.09.16 16:50:08 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe
[2012.09.16 12:47:47 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe
[2012.09.16 12:22:38 | 594,592,768 | ---- | C] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.16 12:12:22 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe
[2012.09.16 11:41:26 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe
[2012.09.16 03:49:21 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe
[2012.09.16 02:58:55 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe
[2012.09.16 00:46:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe
[2012.09.06 13:37:58 | 000,002,133 | ---- | C] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.02 12:54:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.02 12:54:32 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.08.30 10:50:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.04.11 17:04:58 | 000,000,698 | ---- | C] () -- C:\Users\Cornelia\.ufrawrc
[2012.04.10 23:53:03 | 000,006,656 | ---- | C] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 13:50:20 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.23 13:16:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.23 08:54:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.23 00:24:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 00:24:40 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 00:24:40 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 00:24:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 00:24:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.01.22 09:57:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Acronis
[2012.05.15 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ahnenblatt
[2012.03.03 17:10:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\AnvSoft
[2012.06.23 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Babylon
[2012.04.04 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DesktopIconForAmazon
[2012.06.11 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft
[2012.01.21 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.07 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\FileZilla
[2012.01.21 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Flo & Seb Engineering
[2012.06.27 01:44:09 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Groovedown
[2012.08.22 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\gtk-2.0
[2012.04.12 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\hdbADS
[2012.09.19 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\ICQ
[2012.02.22 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\IrfanView
[2012.01.20 19:07:53 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Leadertech
[2012.01.20 19:18:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Lenovo
[2012.01.23 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MAGIX
[2012.09.16 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MediaMonkey
[2012.04.12 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MrJobs
[2012.03.04 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Nvu
[2012.01.21 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\OpenOffice.org
[2012.01.20 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PCDr
[2012.01.20 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PwrMgr
[2012.01.22 08:54:45 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Thunderbird
[2012.01.21 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ulead Systems
[2012.06.23 22:41:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\uTorrent
[2012.04.04 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte
antivirus, avg, avira, bho, computer, converter, fehlermeldung, festplatte, firefox, google, home, internet, lenovo, logfile, mozilla, mp3, plug-in, problem, prozesse, pwmtr64v.dll, realtek, registry, rundll, search the web, software, virus, windows, worm.dorkbot, wurm, übertragung


« BKA Trojaner Österreich | Mein Avira meldet mir den BDS/ZeroAccess.Gen! »


Ähnliche Themen: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte


  1. Virusbefall auf externer Festplatte und nun auf dem Notebook?
    Log-Analyse und Auswertung - 11.08.2015 (36)
  2. keine Internetconnektivität nach Anschluss externer Festplatte und gleichzeitiger Software-Installation auf neuem win7-rechner
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (15)
  3. Win 7, Zonealarm findet Trojan-Spy.Win32.VB.qu und Worm.Win32.VB.fp auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (9)
  4. Avira Antivir findet WORM/Dorkbot.I.388
    Log-Analyse und Auswertung - 01.11.2012 (13)
  5. Worm.Dorkbot ; Malware.Trace ; Stolen.Data was ist damit zu tun?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (3)
  6. WORM/Dorkbot.A.894 auf externen Laufwerken
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (4)
  7. Daten auf Externer Festplatte durch Virus unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (6)
  8. WORM/Dorkbot.A.2325
    Log-Analyse und Auswertung - 22.09.2012 (1)
  9. Archivbomben auf externer Festplatte durch Avast gemeldet
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (12)
  10. WORM/Kido.IX und WORM/Confick.164228 auf externer Festplatte
    Log-Analyse und Auswertung - 03.06.2012 (16)
  11. Vista Home Premium friert ein bei Anschluss externer Festplatte
    Alles rund um Windows - 18.02.2012 (0)
  12. USB-Fuckup nach Anschluss externer Festplatte
    Alles rund um Windows - 22.11.2011 (10)
  13. Dorkbot.D Worm - Dateien auf USB-Stick nur noch Verknüpfungen
    Log-Analyse und Auswertung - 16.10.2011 (27)
  14. Gefahr für Mac durch Trojaner/Malware auf externer Festplatte?
    Alles rund um Mac OSX & Linux - 07.04.2011 (39)
  15. "WORM/Conficker.AK" & "WORM/Kido.IH.40" nach USB-Stick-Anschluss durch AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (28)
  16. Daten von verseuchtem Vista-Notebook vor Neuaufsetzen mittels externer Festplatte retten - aber wie?
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (19)
  17. autorun.inf auf externer Festplatte (WORM/Kido.IX)
    Plagegeister aller Art und deren Bekämpfung - 11.12.2009 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Hallo zusammen! Toll, dass es dieses Board gibt! Ich hoffe, dass ich mit eurer Hilfe mein Notebook "putzen" kann. Über meine externe Festplatte, die ich zur Datenübertragung an einen anderen - WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte...
Archiv
Du betrachtest: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19