| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanercheckWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2012, 14:52
| #16 |
 |  TrojanercheckCode:
ATTFilter # AdwCleaner v2.007 - Datei am 10/11/2012 um 13:44:06 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : HIlo - HILO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HIlo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\HIlo\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\HIlo\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\CT2269050
Ordner Gelöscht : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\extensions\staged
Ordner Gelöscht : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\Smartbar
Ordner Gelöscht : C:\Users\HIlo\AppData\Roaming\Toolplugin
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B3A9A4F2-7FE3-4784-BC15-57C3BD3FAF74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B3A9A4F2-7FE3-4784-BC15-57C3BD3FAF74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v3.6.28 (de)
Profilname : default
Datei : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\prefs.js
C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.UserID", "UN01936673255226095");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.defaultSearch", "FALSE");
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Gelöscht : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "0");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337344479394");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1337344510297");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1338148463050");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337344479115");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1338148463209");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1337344479600");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337344479178");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1338148463475");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1338148462822");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337344479051");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1338148463056");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1338148462931");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "FALSE");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "18-5-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "27-5-2012");
Gelöscht : user_pref("CT2269050.toolbarDisabled", "true");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web");
Gelöscht : user_pref("browser.search.order.1", "Search the web");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "DE");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.Softonic.dspOld", "Search the web");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "85CB638C7A75A4115F780C6C2150F216");
Gelöscht : user_pref("extensions.Softonic.hmpg", true);
Gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Gelöscht : user_pref("extensions.Softonic.hpOld", "hxxp://www.searchqu.com/406");
Gelöscht : user_pref("extensions.Softonic.id", "e81bfb7a00000000000000247e6cb93c");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15474");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MON00015");
Gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.016:11:28");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", true);
Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.sg", "az");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.5.21.016:11:28");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gelöscht : user_pref("extensions.Softonic_i.dfltSrch", true);
Gelöscht : user_pref("extensions.Softonic_i.dnsErr", true);
Gelöscht : user_pref("extensions.Softonic_i.hmpg", true);
Gelöscht : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gelöscht : user_pref("extensions.Softonic_i.newTab", true);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.016:11:28");
-\\ Opera v12.10.1652.0
Datei : C:\Users\HIlo\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15537 octets] - [09/11/2012 22:53:25]
AdwCleaner[S1].txt - [15376 octets] - [10/11/2012 13:44:06]
########## EOF - C:\AdwCleaner[S1].txt - [15437 octets] ##########
Code:
ATTFilter net Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 31,78% Memory free 3,86 Gb Paging File | 2,52 Gb Available in Paging File | 65,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,00 Gb Free Space | 13,18% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 26,92 Gb Free Space | 11,35% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\HIlo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Gomez\GomezPEER\bin\GomezPEER.exe () PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Gomez\GomezPEER\jre\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) PRC - C:\Windows\System32\DTS.exe () PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Gomez\GomezPEER\bin\GomezPEER.exe () MOD - C:\Programme\Gomez\GomezPEER\jre\bin\SystemInfo.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\ManyCam\Bin\opencv_imgproc220.dll () MOD - C:\Programme\ManyCam\Bin\opencv_core220.dll () MOD - C:\Programme\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SystemStoreService) -- C:\Programme\Freetec\SystemStore\SystemStore.exe () SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (nlsvc) -- C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software) SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (dtsvc) -- C:\Windows\System32\DTS.exe () SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe () SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer Free\DfSdkS.exe (mst software GmbH, Germany) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Winflash) -- File not found DRV - (uGuru) -- system32\Drivers\uGuru.sys File not found DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (clwvd) -- system32\DRIVERS\clwvd.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control) DRV - (cpuidlep) -- C:\Windows\System32\drivers\cpuidlep.sys () DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (NLNdisPT) -- C:\Windows\System32\drivers\nlndis.sys (Locktime Software) DRV - (NLNdisMP) -- C:\Windows\System32\drivers\nlndis.sys (Locktime Software) DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (CXSONORA) -- C:\Windows\System32\drivers\A885VCap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\HIlo\Desktop\Drumstepftw IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 99 A5 00 12 7B CC 01 [binary data] IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{514EEF3A-6F99-49FD-A418-81A056B81463}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE471 IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=60BCEAD5-A879-4FAD-A37E-0F5B240F30D2&apn_sauid=64DF60C8-6482-49FC-8E73-BB27B672CADD IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:3.0.3 FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.10.27.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\HIlo\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\HIlo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 02:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 05:27:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.02.10 22:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Extensions [2012.11.10 13:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions [2012.08.26 14:28:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.09 16:49:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\https-everywhere@eff.org [2012.11.09 14:38:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.05 20:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.07 18:15:32 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.11.06 16:56:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.20 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.20 16:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.28 20:06:58 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 12:59:40 | 000,444,767 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15274 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000..\Run: [KeePass Password Safe 2] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C72CD9E-87F6-4CC1-A174-66E7AE539A03}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell - "" = AutoRun O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 03:09:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HIlo\Desktop\OTL.exe [2012.11.09 19:59:45 | 026,980,600 | ---- | C] (Igor Pavlov) -- C:\Users\HIlo\Desktop\tor-im-browser-1.3.21_de.exe [2012.11.08 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\CrashDumps [2012.11.08 20:02:16 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\SUPERAntiSpyware.com [2012.11.08 19:40:16 | 000,000,000 | ---D | C] -- C:\AuthLog [2012.11.08 01:29:49 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.11.08 00:57:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.08 00:55:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.07 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.07 23:02:39 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.11.07 23:02:38 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.11.07 23:02:31 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.11.07 23:02:29 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.11.07 23:02:26 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.11.07 23:02:23 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.11.07 23:00:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.07 23:00:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.11.07 19:54:55 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.11.07 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\ESET [2012.11.07 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\ESET [2012.11.07 19:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012.11.07 18:55:42 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.07 18:55:42 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.07 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GomezPEER [2012.11.07 17:57:31 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\GlarySoft [2012.11.07 17:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.07 17:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities [2012.11.07 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2012.11.07 17:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.07 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.11.07 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.11.07 14:44:28 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2012.11.07 14:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo [2012.11.07 14:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.11.07 06:47:31 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\MFAData [2012.11.07 06:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.11.07 06:47:31 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Avg2013 [2012.11.06 23:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.06 23:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.11.06 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.05 20:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012.11.04 19:21:05 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.11.04 19:14:40 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll [2012.11.04 18:24:16 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2012.11.04 18:18:08 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.11.04 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.11.04 18:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data [2012.11.04 18:09:44 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Downloaded Installations [2012.11.02 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\KeePass [2012.11.02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2 [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 01:57:27 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Malwarebytes [2012.11.02 01:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.31 21:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prio [2012.10.31 16:24:43 | 000,071,680 | ---- | C] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.31 16:03:50 | 000,050,688 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\AC2005DLL.dll [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\InstallShield [2012.10.30 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Gameforge4d [2012.10.30 15:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\GameforgeLive [2012.10.30 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.10.30 12:17:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.30 12:16:35 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.30 12:16:34 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.30 12:16:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.30 12:16:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.30 12:16:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.30 12:16:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.30 12:16:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.30 12:16:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.30 12:16:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.30 12:16:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.30 12:16:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.30 12:16:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.30 12:16:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.30 12:16:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.30 12:16:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.30 12:16:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.30 12:16:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.30 12:15:31 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.30 12:15:30 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.30 03:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.28 16:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.10.24 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\PokerStars.EU [2012.10.24 19:56:44 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012.10.24 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2012.10.23 08:53:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2012.10.23 08:53:16 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2012.10.23 08:53:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012.10.23 08:53:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012.10.23 08:40:24 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\{7B8087AA-02B0-4278-9F19-9CE69FC5D6A5} [2012.10.20 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.20 16:18:20 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.10.20 16:18:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.10.20 16:18:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files - Modified Within 30 Days ========== [2012.11.10 14:23:30 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 14:23:30 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 14:18:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 14:14:33 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.11.10 14:14:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.10 14:13:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 14:13:53 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.10 14:08:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.10 05:17:09 | 439,340,905 | ---- | M] () -- C:\Users\HIlo\Desktop\VA-Kontor_Top_Of_The_Clubs_Vol._56-3CD-2012-WUS.rar [2012.11.10 03:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HIlo\Desktop\OTL.exe [2012.11.10 03:06:30 | 007,797,884 | ---- | M] () -- C:\Users\HIlo\Desktop\Zedd Feat. Matthew Koma - Spectrum (Radio Mix)-www.manomuzika.net(1).mp3 [2012.11.10 00:03:11 | 000,000,596 | ---- | M] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.09 22:52:03 | 000,541,569 | ---- | M] () -- C:\Users\HIlo\Desktop\adwcleaner.exe [2012.11.09 22:48:23 | 000,001,048 | ---- | M] () -- C:\Users\HIlo\Desktop\mp3DirectCut.lnk [2012.11.09 20:00:24 | 026,980,600 | ---- | M] (Igor Pavlov) -- C:\Users\HIlo\Desktop\tor-im-browser-1.3.21_de.exe [2012.11.09 00:22:20 | 000,000,032 | ---- | M] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.08 21:05:40 | 000,001,276 | ---- | M] () -- C:\Users\HIlo\Desktop\taskmgr - Verknüpfung.lnk [2012.11.08 19:34:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.08 00:47:47 | 003,725,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.07 23:02:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.07 21:00:59 | 000,001,319 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube Download.lnk [2012.11.07 18:55:42 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.07 18:55:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.07 18:37:58 | 000,001,431 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube to MP3 Converter.lnk [2012.11.07 18:36:12 | 000,000,020 | ---- | M] () -- C:\Windows\Ì÷} [2012.11.07 18:27:21 | 000,001,278 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk [2012.11.07 17:28:46 | 000,001,067 | ---- | M] () -- C:\Users\HIlo\Desktop\Glary Utilities.lnk [2012.11.07 14:44:51 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer Free.lnk [2012.11.06 16:47:34 | 000,005,758 | ---- | M] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.05 22:44:34 | 000,007,620 | ---- | M] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.05 00:07:28 | 000,852,670 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.11.05 00:07:28 | 000,045,813 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.11.04 19:25:55 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.04 19:25:55 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.04 19:25:55 | 000,107,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.04 19:25:54 | 000,131,216 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.04 19:21:05 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.11.04 19:14:43 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.11.04 18:24:16 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2012.11.03 17:47:01 | 000,000,020 | ---- | M] () -- C:\Users\HIlo\defogger_reenable [2012.11.02 15:42:18 | 001,147,932 | ---- | M] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 15:08:35 | 000,002,642 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.11.02 12:59:40 | 000,444,767 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.01 23:07:56 | 004,780,634 | ---- | M] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:54:06 | 003,245,543 | ---- | M] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:52:44 | 000,002,791 | ---- | M] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.10.30 01:46:53 | 000,027,556 | ---- | M] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.26 05:16:23 | 000,000,034 | ---- | M] () -- C:\Windows\AvastEmUpdate.ini [2012.10.24 19:56:45 | 000,001,077 | ---- | M] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.20 17:15:12 | 008,944,820 | ---- | M] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys ========== Files Created - No Company Name ========== [2012.11.10 03:06:20 | 007,797,884 | ---- | C] () -- C:\Users\HIlo\Desktop\Zedd Feat. Matthew Koma - Spectrum (Radio Mix)-www.manomuzika.net(1).mp3 [2012.11.10 02:53:21 | 439,340,905 | ---- | C] () -- C:\Users\HIlo\Desktop\VA-Kontor_Top_Of_The_Clubs_Vol._56-3CD-2012-WUS.rar [2012.11.09 22:51:38 | 000,541,569 | ---- | C] () -- C:\Users\HIlo\Desktop\adwcleaner.exe [2012.11.09 22:48:23 | 000,001,048 | ---- | C] () -- C:\Users\HIlo\Desktop\mp3DirectCut.lnk [2012.11.08 21:05:40 | 000,001,276 | ---- | C] () -- C:\Users\HIlo\Desktop\taskmgr - Verknüpfung.lnk [2012.11.07 21:00:59 | 000,001,319 | ---- | C] () -- C:\Users\HIlo\Desktop\Free YouTube Download.lnk [2012.11.07 18:55:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 18:36:12 | 000,000,020 | ---- | C] () -- C:\Windows\Ì÷} [2012.11.07 18:27:21 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk [2012.11.07 17:28:49 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2012.11.07 17:28:46 | 000,001,067 | ---- | C] () -- C:\Users\HIlo\Desktop\Glary Utilities.lnk [2012.11.07 17:27:15 | 000,001,431 | ---- | C] () -- C:\Users\HIlo\Desktop\Free YouTube to MP3 Converter.lnk [2012.11.07 14:44:51 | 000,001,245 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer Free.lnk [2012.11.05 00:07:28 | 000,852,670 | ---- | C] () -- C:\Windows\System32\sig.bin [2012.11.05 00:07:28 | 000,045,813 | ---- | C] () -- C:\Windows\System32\nmp.map [2012.11.03 17:45:45 | 000,000,020 | ---- | C] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:12:04 | 000,000,032 | ---- | C] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.02 17:45:56 | 000,005,758 | ---- | C] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.02 15:42:03 | 001,147,932 | ---- | C] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 13:26:33 | 000,000,596 | ---- | C] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.02 13:25:07 | 000,231,936 | ---- | C] ( ) -- C:\Users\HIlo\Desktop\BES.exe [2012.11.02 03:07:03 | 000,007,620 | ---- | C] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.01 23:04:47 | 004,780,634 | ---- | C] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:22:09 | 003,245,543 | ---- | C] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 14:18:30 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:51:49 | 000,002,791 | ---- | C] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 01:46:50 | 000,027,556 | ---- | C] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.24 19:56:45 | 000,001,077 | ---- | C] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.20 17:15:03 | 008,944,820 | ---- | C] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.15 15:29:22 | 1555,587,072 | -HS- | C] () -- C:\hiberfil.sys [2012.09.10 16:56:48 | 000,366,160 | ---- | C] () -- C:\Users\HIlo\IMG_0183.JPG [2012.09.10 16:56:48 | 000,294,015 | ---- | C] () -- C:\Users\HIlo\IMG_0207.JPG [2012.09.10 16:56:48 | 000,247,166 | ---- | C] () -- C:\Users\HIlo\IMG_0219.JPG [2012.09.10 16:56:48 | 000,242,912 | ---- | C] () -- C:\Users\HIlo\IMG_0156.JPG [2012.09.10 16:56:48 | 000,238,848 | ---- | C] () -- C:\Users\HIlo\IMG_0195.JPG [2012.09.10 16:56:48 | 000,219,645 | ---- | C] () -- C:\Users\HIlo\IMG_0201.JPG [2012.09.10 16:56:48 | 000,217,815 | ---- | C] () -- C:\Users\HIlo\IMG_0203.JPG [2012.09.10 16:56:48 | 000,217,283 | ---- | C] () -- C:\Users\HIlo\IMG_0220.JPG [2012.09.10 16:56:48 | 000,217,132 | ---- | C] () -- C:\Users\HIlo\IMG_0218.JPG [2012.09.10 16:56:48 | 000,214,516 | ---- | C] () -- C:\Users\HIlo\IMG_0180.JPG [2012.09.10 16:56:48 | 000,210,120 | ---- | C] () -- C:\Users\HIlo\IMG_0159.JPG [2012.09.10 16:56:48 | 000,205,347 | ---- | C] () -- C:\Users\HIlo\IMG_0181.JPG [2012.09.10 16:56:48 | 000,204,411 | ---- | C] () -- C:\Users\HIlo\IMG_0158.JPG [2012.09.10 16:56:48 | 000,203,242 | ---- | C] () -- C:\Users\HIlo\IMG_0202.JPG [2012.09.10 16:56:48 | 000,203,240 | ---- | C] () -- C:\Users\HIlo\IMG_0172.JPG [2012.09.10 16:56:48 | 000,202,540 | ---- | C] () -- C:\Users\HIlo\IMG_0200.JPG [2012.09.10 16:56:48 | 000,197,683 | ---- | C] () -- C:\Users\HIlo\IMG_0173.JPG [2012.09.10 16:56:48 | 000,192,276 | ---- | C] () -- C:\Users\HIlo\IMG_0197.JPG [2012.09.10 16:56:48 | 000,192,192 | ---- | C] () -- C:\Users\HIlo\IMG_0170.JPG [2012.09.10 16:56:48 | 000,191,185 | ---- | C] () -- C:\Users\HIlo\IMG_0164.JPG [2012.09.10 16:56:48 | 000,190,484 | ---- | C] () -- C:\Users\HIlo\IMG_0177.JPG [2012.09.10 16:56:48 | 000,190,245 | ---- | C] () -- C:\Users\HIlo\IMG_0169.JPG [2012.09.10 16:56:48 | 000,187,186 | ---- | C] () -- C:\Users\HIlo\IMG_0171.JPG [2012.09.10 16:56:48 | 000,186,537 | ---- | C] () -- C:\Users\HIlo\IMG_0178.JPG [2012.09.10 16:56:48 | 000,184,973 | ---- | C] () -- C:\Users\HIlo\IMG_0174.JPG [2012.09.10 16:56:48 | 000,178,575 | ---- | C] () -- C:\Users\HIlo\IMG_0204.JPG [2012.09.10 16:56:48 | 000,176,010 | ---- | C] () -- C:\Users\HIlo\IMG_0179.JPG [2012.09.10 16:56:48 | 000,166,273 | ---- | C] () -- C:\Users\HIlo\IMG_0206.JPG [2012.09.10 16:56:48 | 000,163,328 | ---- | C] () -- C:\Users\HIlo\IMG_0198.JPG [2012.09.10 16:56:48 | 000,157,614 | ---- | C] () -- C:\Users\HIlo\IMG_0205.JPG [2012.09.10 16:56:48 | 000,156,800 | ---- | C] () -- C:\Users\HIlo\IMG_0182.JPG [2012.09.10 16:56:48 | 000,153,109 | ---- | C] () -- C:\Users\HIlo\IMG_0167.JPG [2012.09.10 16:56:48 | 000,107,572 | ---- | C] () -- C:\Users\HIlo\IMG_0163.JPG [2012.09.10 16:56:48 | 000,097,796 | ---- | C] () -- C:\Users\HIlo\IMG_0162.JPG [2012.08.25 19:42:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.08.17 13:59:34 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini [2012.07.20 21:49:43 | 000,002,642 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.06 16:45:33 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI [2011.12.04 01:48:14 | 000,000,057 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.03 21:39:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.03 21:33:43 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.05.25 18:03:27 | 000,000,990 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.19 22:31:02 | 000,003,584 | ---- | C] () -- C:\Users\HIlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.05 16:34:37 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Weiße Edition.nds [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Schwarze Edition.nds [2011.01.05 02:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.04 22:56:21 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.04 22:56:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.04 21:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.11.2012 14:20:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HIlo\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 31,78% Memory free
3,86 Gb Paging File | 2,52 Gb Available in Paging File | 65,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,69 Gb Total Space | 8,00 Gb Free Space | 13,18% Space Free | Partition Type: NTFS
Drive D: | 237,30 Gb Total Space | 26,92 Gb Free Space | 11,35% Space Free | Partition Type: NTFS
Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{194F92B6-5166-4CCE-B424-82F81A9B8244}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EAF7512-CA7B-4B0C-83B3-1FC3ED3834C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{218282BC-EDB8-4CE9-8EB6-0ED6C576C2FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{332C4088-4DC5-4FF6-9B55-A228DAEE8AD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{348163CE-C4A9-419C-B26A-AD24A41D6AFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B55D995-5A9E-4EAB-9437-97368F15D7F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EDF00F2-5F06-49E4-853B-ABF25A0B1663}" = rport=139 | protocol=6 | dir=out | app=system |
"{432A998C-8CA0-42CA-A2EC-74FF4674F577}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D75F68C-D28B-4AA2-AA72-174525F830D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70ADE8F8-E574-4256-B4FD-85F4D85969C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{94379A23-5DEC-48F8-AA6E-F4005298247C}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8EE19EF-7890-4207-A45F-3B1AFBFD35FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B27F1B80-ECED-4BD7-8D6F-5AF33DC40078}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B90CCFEC-19C3-46FF-B9B0-7EFC7CB1CDBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C50B511C-12CC-4DDB-9999-5C1FE09D5631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9B0B8AE-4F87-4411-BC2D-E5E91C47E05D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D13DC87C-EB50-4FEA-AEAE-96A0C22384EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46F93D8-C4B9-4F7D-829C-D1264136E8FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3BFA921-AB32-4384-92EA-B10FC755C560}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F1642DF5-A5EC-446F-AF92-563CA8A23A76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18A2094A-1C32-42D7-9649-27EDCED3D2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{281674EF-A129-4112-8936-1626D7116287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C94AD6C-9A9E-4714-9B97-07FC39D502DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{339AF70A-F258-4A26-BBE3-ADB20A2706D9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{378E34B6-63BC-4C5F-BB25-1B72A3D09365}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{51472ECD-41F5-4F17-BC9F-AE50428AAAE3}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{51D65E47-3CB8-42AC-8B06-1400486D3D71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{566DB6B8-5AD4-4D88-9A20-DE1D99EDD477}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{987F6667-277B-4674-8E4E-52C97B128E3E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{98F5982F-FA3D-47C1-9269-432BDFC8CF58}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B76AE97B-F48E-4618-AEF7-200B14CD1F03}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{B7EB5C4D-2A6B-4EC4-8660-26CA116E5341}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{D257A0C3-99EC-4462-B579-EFA36C4EDFD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5165636-A1C5-4D75-ADE3-CB7AC06980E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{E145C08F-9385-433A-8F3C-492AD40CF22F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E3B6CE2C-B7A2-4D04-B196-8021A84B044D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6FE9665-9D13-4C21-A885-AD355D16D06A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E843DD68-C316-437F-8841-41F991CFB5A4}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{EFE1DF38-8FB5-485F-AAA8-7B9A1ED63FCC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{FD2C5F9A-63FF-4062-B320-1971BD2448AD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{2AE3B932-FA19-48E9-BFC8-18657973F741}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9F666719-44D1-4076-ADB2-BAF66D64CA17}C:\program files\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"TCP Query User{A6CF1B7F-066B-4A9F-B344-BEAD5E91C404}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe |
"TCP Query User{AAFFFE36-818F-460C-BFE3-6345CC9740F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C18FD6AC-FAF0-4AE9-B95F-22CF0DEDC565}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{104CC787-157D-4896-80A3-34AA0DD98274}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe |
"UDP Query User{27C6005C-5917-4697-9871-840BCFC13840}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4E6F7B5E-D7EF-488B-9AF6-C09A190192A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8439BBC4-A55F-4284-BD19-A2EB73A6B778}C:\program files\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"UDP Query User{E1113EB5-3C6D-4D09-B4A8-A858E62D7E4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0331FC5B-948B-8AC2-66FC-0D812EE03C47}" = ccc-core-static
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{143C595E-6E6A-D847-8D5D-B17192C13028}" = CCC Help Italian
"{1784BBBA-2820-AE9B-041C-29F1F536911F}" = CCC Help English
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets
"{4EC85AD2-5AAE-0F7D-97A2-906F094FBC2C}" = Catalyst Control Center Graphics Full New
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64FDAF43-0317-91AF-DCC0-8FF63FA1C262}" = Catalyst Control Center Graphics Light
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CC3CCF-DEFE-6E46-FF24-EEDE75355195}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8C97A120-7300-9FDB-CD8F-E035741A1156}" = ccc-core-preinstall
"{8D58AC2A-6952-CCDE-14B6-505D263BE5F0}" = CCC Help Dutch
"{8D58B4D9-3F0F-BFF8-498E-627059551AE5}" = Catalyst Control Center Localization All
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8F8DC6F6-B93E-78E9-4F16-5E5AE6589EBD}" = CCC Help Chinese Traditional
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C08E956F-97FC-26E3-4523-06A7743480CA}" = Skins
"{C24A79B5-4FC9-EF28-A11D-4B378B618F18}" = CCC Help Korean
"{C26968D9-FA2D-10E0-79AC-9714A769EC40}" = CCC Help German
"{C59D305B-4E19-A823-714D-5A393E19B898}" = CCC Help French
"{CA2D75F9-19F0-74F5-2C4C-0E37C198FC6A}" = CCC Help Chinese Standard
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{CDF2602A-D09F-18CC-AC6E-216124FC975B}" = Catalyst Control Center Core Implementation
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45BEFCD-72A1-042C-D484-7F39EAC2CCD9}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB61BE4A-1E09-CA85-F03C-A78C357CA743}" = CCC Help Swedish
"{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter
"{E2D2B19D-F3D0-AAE7-E94C-72435EBC8663}" = ccc-utility
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E838C67D-6D64-A995-F8D0-4F397D278635}" = CCC Help Portuguese
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE383F29-6C0D-EF89-C8A1-CCD87349A2E3}" = Catalyst Control Center Graphics Full Existing
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Anti-Twin 2012-08-25 17.22.56" = Anti-Twin (Installation 25.08.2012)
"Ashampoo WinOptimizer Free_is1" = Ashampoo WinOptimizer Free v.1.0.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"avast" = avast! Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"GomezPEER" = GomezPEER
"HECI" = Intel(R) Management Engine Interface
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"ManyCam" = ManyCam 3.0.80 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NosTale(DE)_is1" = Nostale(DE)
"OnScreenDisplay" = Anzeige am Bildschirm
"Opera 12.10.1652" = Opera 12.10
"Origin" = Origin
"PhotoScape" = PhotoScape
"PokerStars.eu" = PokerStars.eu
"Power Management Driver" = ThinkPad Power Management Driver
"Recuva" = Recuva
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sandboxie" = Sandboxie 3.74 (32-bit)
"TeamViewer 7" = TeamViewer 7
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tunatic" = Tunatic
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.4
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kalydo App Nostale" = Nostale
"KalydoPlayer" = Kalydo Player 4.10.01
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2012 21:17:26 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax.
Error - 06.05.2012 21:21:16 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.05.2012 21:21:17 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2012 01:15:03 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax.
Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.05.2012 21:13:12 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax.
Error - 11.05.2012 21:06:44 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax.
Error - 11.05.2012 21:10:14 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.05.2012 21:10:14 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ NetLimiter 3 Events ]
Error - 05.11.2012 10:54:29 | Computer Name = HIlo-PC | Source = NetLimiter 3 Client | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>1</err-code> <hresult code='80004005'>Unbekannter
Fehler</hresult> <module>NetLimiter.PlgLib.NVNode.1055</module> </nl-error> <nl-error>
<err-code>2160</err-code>
<module>NetLimiter.Security.204</module>
<desc>NetLimiter
registration or trial period expired.</desc> </nl-error> </nl-error-list>
Error - 05.11.2012 16:09:38 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 05.11.2012 16:28:52 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 05.11.2012 19:27:00 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 06.11.2012 11:51:07 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 06.11.2012 18:11:11 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 06.11.2012 19:09:27 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 07.11.2012 02:07:15 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 07.11.2012 12:10:53 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 07.11.2012 12:45:04 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
[ OSession Events ]
Error - 18.04.2011 13:08:28 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 3198
seconds with 1620 seconds of active time. This session ended with a crash.
Error - 18.04.2011 13:13:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 282
seconds with 240 seconds of active time. This session ended with a crash.
Error - 19.04.2011 10:48:19 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 1677
seconds with 420 seconds of active time. This session ended with a crash.
Error - 19.04.2011 10:54:37 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 351
seconds with 300 seconds of active time. This session ended with a crash.
Error - 20.04.2011 06:57:20 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 156
seconds with 120 seconds of active time. This session ended with a crash.
Error - 20.04.2011 07:27:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 309
seconds with 240 seconds of active time. This session ended with a crash.
Error - 22.04.2011 07:26:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 92
seconds with 60 seconds of active time. This session ended with a crash.
Error - 24.04.2011 13:31:09 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 197
seconds with 180 seconds of active time. This session ended with a crash.
Error - 24.04.2011 13:42:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 569
seconds with 540 seconds of active time. This session ended with a crash.
Error - 25.04.2011 14:46:48 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 756
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.11.2012 19:02:03 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool sfdrv01 sfvfs02 uGuru
Error - 09.11.2012 12:43:16 | Computer Name = HIlo-PC | Source = DCOM | ID = 10016
Description =
Error - 09.11.2012 15:32:48 | Computer Name = HIlo-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 10.11.2012 09:12:30 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 10.11.2012 09:13:47 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
Error - 10.11.2012 09:13:47 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 10.11.2012 09:13:58 | Computer Name = HIlo-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10.11.2012 09:13:58 | Computer Name = HIlo-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10.11.2012 09:15:15 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ATITool sfdrv01 sfvfs02 uGuru
Error - 10.11.2012 09:15:32 | Computer Name = HIlo-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
11.11.2012, 21:21
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojanercheck Ein Paar Rest die nur noch wegmüssen
__________________Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=60BCEAD5-A879-4FAD-A37E-0F5B240F30D2&apn_sauid=64DF60C8-6482-49FC-8E73-BB27B672CADD
IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}: "URL" = http://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3824738219-3423491312-65945004-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
:Files
C:\Windows\Ì*
C:\found.0??
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
12.11.2012, 00:28
| #18 |
| | Trojanercheck hier
__________________ Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}\ not found.
HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
========== FILES ==========
C:\Windows\Ì÷} moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\found.001\dir0001.chk\epfwlwf folder moved successfully.
C:\found.001\dir0001.chk\eamonm folder moved successfully.
C:\found.001\dir0001.chk folder moved successfully.
C:\found.001\dir0000.chk\Mozilla Thunderbird\Components folder moved successfully.
C:\found.001\dir0000.chk\Mozilla Thunderbird folder moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HIlo\Desktop\cmd.bat deleted successfully.
C:\Users\HIlo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: HIlo
->Temp folder emptied: 2830663603 bytes
->Temporary Internet Files folder emptied: 20666969 bytes
->Java cache emptied: 11650004 bytes
->FireFox cache emptied: 807270324 bytes
->Opera cache emptied: 40626 bytes
->Flash cache emptied: 506 bytes
User: Public
User: sebastian
User: user
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13480108 bytes
RecycleBin emptied: 292380 bytes
Total Files Cleaned = 3.513,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11122012_001131
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3268.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.11.2012, 10:48
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 00:12
| #20 |
| | Trojanercheck Hallo MAlwarebytes läuft leider nicht mehr richtig bei mir. Es kommt immer ! ein Bluescreen ,sobald etwa die 6000. Datei kontrolliert wurde. Das ändert sich auch nicht,wenn ich zum vollständigen Suchlauf wechsel. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb8852c6932a0f40ba072cba4fa65321
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-12 08:41:02
# local_time=2012-11-12 09:41:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=770 16774141 16 2 8929022 8929022 0 0
# compatibility_mode=5893 16776573 100 94 56079 104359531 0 0
# compatibility_mode=8192 67108863 100 0 3761 3761 0 0
# scanned=168449
# found=2
# cleaned=0
# scan_time=24520
C:\Users\Public\Downloads\WarlordsBattlecryIIISetup-dm (2).exe a variant of Win32/Adware.Trymedia.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Downloads\WarlordsBattlecryIIISetup-dm.exe a variant of Win32/Adware.Trymedia.A application (unable to clean) 00000000000000000000000000000000 I
|
|
13.11.2012, 10:02
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Probier bitte den Scan mit Malwarebytes mal im abgesicherten Modus mit Netzwerktreibern aus
__________________ --> Trojanercheck |
|
14.11.2012, 20:40
| #22 |
| | Trojanercheck okay ,hat endlich geklappt Keine Infizierung gefunden. |
|
14.11.2012, 21:25
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Log bitte trotzdem immer posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2012, 21:28
| #24 |
| | Trojanercheck hier Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.14.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 HIlo :: HILO-PC [Administrator] Schutz: Deaktiviert 14.11.2012 15:52:17 mbam-log-2012-11-14 (15-52-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199949 Laufzeit: 7 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.11.2012, 22:32
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Ok, hast richtig gemacht, auch die Signaturen waren aktuell. Die Funde in ESET sind die bekannt? Hast du selbst runtergeladen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2012, 12:06
| #26 |
| | Trojanercheck NEin ,sind mir nicht bekannt. Wahrscheinlich hat die mein Bruder heruntergeladen. Scheint ein Spiel zu sein |
|
15.11.2012, 17:46
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Lösch die zwei Dateien bitte Sieht sonst soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2012, 18:43
| #28 |
| | Trojanercheck okay , ich danke dir für deine Hilfe ! |
|
15.11.2012, 22:00
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojanercheck |
| audacity, avira, bho, canon, converter, desktop, document, error, excel, festplatte, flash player, google, home, iexplore.exe, install.exe, jdownloader, lenovo, logfile, mp3, msvcrt, object, office 2007, origin, popup, programm, recuva, richtlinie, scan, search the web, security, senden, server, software, svchost.exe, trojaner, virus, windows |
Linear-Darstellung
