| |
| |||||||
Log-Analyse und Auswertung: Facebook.vbs auf USB StickWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.05.2013, 15:02
| #1 |
| |  Facebook.vbs auf USB Stick Hallo zusammen, erst einmal auch von mir kurze lobende Worte. Nach langer Recherche scheint mir Euer Forum das mit Abstand hilfreichste zu sein. Ich habe mein Problem sogar bereits bei Euch gefunden, jedoch scheint die Lösung individuell zugeschnitten zu sein, deshalb poste ich es hier noch einmal. Im zweifelsfall könnt ihr mich natürlich gerne verweisen und diesen thread löschen. Das Problem ist folgendes: Ich hab mir im Copyshop anscheinend einen Virus auf den USB-Key geholt. Denn danach waren alle vorhandenen Datein nur noch als Verknüpfungen vorhanden. Nach kurzer Recherche hat sich schnell rausgestellt, dass das anscheinend der facebook.vbs Trojaner ist - zumindest heißt er so bei mir. Es wäre super wenn ich die Daten vom USB-Key retten könnte, da dort sehr wichtige Daten für meine Masterarbeit drauf sind. Anbei ist der Log-File von OTL. Vielen Dank schon mal im Vorraus OTL.txt Code:
ATTFilter OTL logfile created on: 27.05.2013 15:08:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,61 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 44,63% Memory free 7,21 Gb Paging File | 4,40 Gb Available in Paging File | 61,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 331,97 Gb Free Space | 71,29% Space Free | Partition Type: NTFS Computer Name: F5NN-PC | User Name: Finn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 15:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Downloads\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 16:50:40 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2013.05.07 16:50:40 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2013.05.07 16:50:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.07 16:50:27 | 000,330,976 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe PRC - [2013.03.31 09:39:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.31 09:39:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.03 17:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.03 17:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\SysWOW64\AsusService.exe PRC - [2011.03.03 17:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 12:18:18 | 013,136,776 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.03.13 12:01:38 | 000,397,704 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.12 23:58:27 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.12 19:13:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.15 13:48:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.31 09:39:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.31 09:39:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.03.03 17:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\AsusService.exe -- (AsusService) SRV - [2010.05.21 15:38:30 | 000,947,488 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.31 09:39:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.31 09:39:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.31 09:39:50 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 13:26:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.30 14:05:50 | 001,452,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.05.13 00:41:20 | 009,358,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.12 23:20:29 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:45 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.24 10:13:00 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.09.27 09:24:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.05.21 09:46:34 | 000,341,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.05.21 09:45:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.05.21 09:45:44 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.05.21 09:45:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.05.21 09:45:42 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855 IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 08 3A F8 7B 8A CD 01 [binary data] IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes\{EC8FF79E-718F-474D-BFF5-1E7613D25674}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Finn\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Finn\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.30 20:45:18 | 000,000,000 | ---D | M] [2013.02.25 17:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions [2012.12.25 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions [2012.12.25 15:52:44 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Finn\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: BittorrentBar_DE = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\10.15.0.562_0\ CHR - Extension: BittorrentBar_DE = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\10.16.2.509_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyMon] C:\Windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\Windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001..\Run: [Facebook.vbs] C:\Users\Finn\AppData\Local\Temp\Facebook.vbs () O4 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001..\Run: [Hbioiv] C:\Users\Finn\AppData\Roaming\Hbioiv.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Finn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs () O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.55.96.84 193.55.99.70 193.55.97.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C894746-5BDF-436E-A9D4-0C14C27CA47E}: DhcpNameServer = 193.55.96.84 193.55.99.70 193.55.97.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37C3782-0756-4F1A-97C1-85E487FFE493}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{494c5b77-588c-11e1-8baa-742f68cfe2d5}\Shell - "" = AutoRun O33 - MountPoints2\{494c5b77-588c-11e1-8baa-742f68cfe2d5}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.21 11:00:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.21 11:00:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.21 11:00:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.21 11:00:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.21 11:00:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.21 11:00:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.21 11:00:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.21 11:00:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.21 11:00:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.21 11:00:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.21 11:00:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.21 11:00:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.21 11:00:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.21 11:00:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.21 11:00:23 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 13:44:37 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 13:44:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 13:44:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 13:44:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 13:44:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 13:44:21 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.07 16:52:29 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.02 10:00:42 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.02 10:00:42 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.02 10:00:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.02 10:00:41 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.02 10:00:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.02 10:00:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.02 10:00:41 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.02 10:00:41 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.02 10:00:41 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.02 10:00:41 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.02 10:00:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.02 10:00:41 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.02 10:00:41 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.02 10:00:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.02 10:00:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.02 10:00:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.02 10:00:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.02 10:00:40 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.02 10:00:40 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.02 10:00:40 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.02 10:00:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.02 10:00:40 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.02 10:00:40 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.02 10:00:40 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.02 10:00:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.02 10:00:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.02 10:00:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.02 10:00:40 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.02 10:00:39 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.02 10:00:39 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.02 10:00:39 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.02 10:00:39 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.02 10:00:39 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.02 10:00:39 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.02 10:00:39 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.02 10:00:39 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.02 10:00:39 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.02 10:00:39 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.02 10:00:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.02 10:00:39 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.02 10:00:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.02 10:00:39 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.02 10:00:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.02 10:00:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.02 10:00:39 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.02 10:00:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.02 10:00:38 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.02 10:00:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.02 10:00:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.02 10:00:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.02 10:00:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.02 10:00:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.02 10:00:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.02 09:57:53 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.05.02 09:57:53 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.05.02 09:57:53 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.05.02 09:57:53 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.02 09:57:53 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.05.02 09:57:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.02 09:57:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.02 09:57:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.02 09:57:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.02 09:57:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.02 09:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.02 09:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.02 09:57:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.02 09:57:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.02 09:57:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.02 09:57:52 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.05.02 09:57:52 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.05.02 09:57:52 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.05.02 09:57:52 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.05.02 09:57:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.05.02 09:57:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.05.02 09:57:52 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.05.02 09:57:51 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.05.02 09:57:51 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.05.02 09:57:51 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.05.02 09:57:51 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.05.02 09:57:51 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.05.02 09:57:51 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.05.02 09:57:51 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.05.02 09:57:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.05.02 09:57:51 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.05.02 09:57:51 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll ========== Files - Modified Within 30 Days ========== [2013.05.27 14:46:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.27 14:26:22 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.27 14:26:22 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.27 14:26:22 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.27 14:26:22 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.27 14:26:22 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.27 14:24:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001UA.job [2013.05.27 14:18:51 | 000,356,272 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131230.pdf [2013.05.27 14:18:47 | 000,001,150 | ---- | M] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.27 14:18:34 | 000,457,554 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131305.pdf [2013.05.27 14:18:18 | 000,564,449 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131327.pdf [2013.05.27 14:17:56 | 000,021,998 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131409.pdf [2013.05.27 14:17:34 | 000,656,016 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131351.pdf [2013.05.27 14:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 12:40:49 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001Core.job [2013.05.24 10:36:35 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 10:36:35 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 18:36:15 | 000,034,375 | ---- | M] () -- C:\Users\Finn\Desktop\Inequaloity and the Environment for real.lyx [2013.05.23 12:20:42 | 000,004,191 | ---- | M] () -- C:\Users\Finn\Desktop\amstext.sty [2013.05.21 11:39:27 | 000,418,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.21 11:37:32 | 2903,826,432 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 13:48:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 13:48:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.07 16:52:05 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:44:28 | 000,000,081 | ---- | M] () -- C:\Users\Finn\Untitled2.m [2013.05.06 15:02:03 | 000,000,115 | ---- | M] () -- C:\Users\Finn\Untitled.m [2013.05.02 10:00:42 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.02 10:00:42 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.02 10:00:42 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.02 10:00:41 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.02 10:00:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.02 10:00:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.02 10:00:41 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.02 10:00:41 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.02 10:00:41 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.02 10:00:41 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.02 10:00:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.02 10:00:41 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.02 10:00:41 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.02 10:00:41 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.02 10:00:41 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.02 10:00:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.02 10:00:41 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.02 10:00:40 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.02 10:00:40 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.02 10:00:40 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.02 10:00:40 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.02 10:00:40 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.02 10:00:40 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.02 10:00:40 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.02 10:00:40 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.02 10:00:40 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.02 10:00:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.02 10:00:40 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.02 10:00:40 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.02 10:00:39 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.02 10:00:39 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.02 10:00:39 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.02 10:00:39 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.02 10:00:39 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.02 10:00:39 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.02 10:00:39 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.02 10:00:39 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.02 10:00:39 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.02 10:00:39 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.02 10:00:39 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.02 10:00:39 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.02 10:00:39 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.02 10:00:39 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.02 10:00:39 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.02 10:00:39 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.02 10:00:39 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.02 10:00:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.02 10:00:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.02 10:00:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.02 10:00:38 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.02 10:00:38 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.02 10:00:38 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.02 10:00:38 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.02 10:00:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.02 10:00:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.02 09:57:53 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.05.02 09:57:53 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.05.02 09:57:53 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.05.02 09:57:53 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.05.02 09:57:53 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.02 09:57:53 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.05.02 09:57:53 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.02 09:57:53 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.02 09:57:53 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.02 09:57:53 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.02 09:57:53 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.02 09:57:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.02 09:57:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.02 09:57:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.02 09:57:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.02 09:57:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.02 09:57:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.02 09:57:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.02 09:57:52 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.05.02 09:57:52 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.05.02 09:57:52 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.05.02 09:57:52 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.05.02 09:57:52 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.05.02 09:57:52 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.05.02 09:57:51 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.05.02 09:57:51 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.05.02 09:57:51 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.05.02 09:57:51 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.05.02 09:57:51 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.05.02 09:57:51 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.05.02 09:57:51 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.05.02 09:57:51 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.05.02 09:57:51 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.05.02 09:57:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.04.30 15:21:00 | 000,000,201 | ---- | M] () -- C:\Users\Finn\Graphs.m ========== Files Created - No Company Name ========== [2013.05.27 14:18:51 | 000,356,272 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131230.pdf [2013.05.27 14:18:34 | 000,457,554 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131305.pdf [2013.05.27 14:18:18 | 000,564,449 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131327.pdf [2013.05.27 14:17:56 | 000,021,998 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131409.pdf [2013.05.27 14:17:34 | 000,656,016 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131351.pdf [2013.05.27 14:16:02 | 000,006,796 | -H-- | C] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs [2013.05.27 14:16:01 | 000,001,150 | ---- | C] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.23 18:36:55 | 000,034,375 | ---- | C] () -- C:\Users\Finn\Desktop\Inequaloity and the Environment for real.lyx [2013.05.23 12:20:30 | 000,004,191 | ---- | C] () -- C:\Users\Finn\Desktop\amstext.sty [2013.05.07 15:48:47 | 000,000,081 | ---- | C] () -- C:\Users\Finn\Untitled2.m [2013.05.06 14:53:33 | 000,000,115 | ---- | C] () -- C:\Users\Finn\Untitled.m [2013.05.02 10:00:40 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.02 10:00:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 15:03:11 | 000,000,201 | ---- | C] () -- C:\Users\Finn\Graphs.m [2012.02.06 12:20:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.06 12:10:36 | 000,224,680 | ---- | C] () -- C:\Windows\SysWow64\AsusService.exe [2012.02.06 12:10:34 | 000,025,616 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini [2012.02.06 11:58:18 | 000,036,353 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.02.06 11:57:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.06 11:57:46 | 000,023,099 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.06 11:57:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.02.06 11:40:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.06 11:35:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.05.2013 15:08:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,61 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 44,63% Memory free
7,21 Gb Paging File | 4,40 Gb Available in Paging File | 61,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 331,97 Gb Free Space | 71,29% Space Free | Partition Type: NTFS
Computer Name: F5NN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F569D-EDD3-47BB-81F2-3BC01E36631C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{00C196C0-9210-4348-AC36-23E15E5C9157}" = rport=138 | protocol=17 | dir=out | app=system |
"{010CE272-53B0-44DA-BA32-1E9DB740FEAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06C85061-C297-4E2B-872E-885789CB98E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3872BBD5-FDEB-44D0-BAC7-0A70E1F9EA32}" = lport=445 | protocol=6 | dir=in | app=system |
"{4036C8AD-CA05-4A85-A2AA-6CF67DA53D00}" = lport=10243 | protocol=6 | dir=in | app=system |
"{427B9993-40B4-46EB-BD70-C62D03B0B00C}" = rport=137 | protocol=17 | dir=out | app=system |
"{516F43C0-B795-47A3-A558-3A3ADE11930B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5235078C-3DB6-42A1-86EE-ABD33C64448B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{639D0D01-9B21-49A7-A71A-0D3669F19107}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7E6A1CAA-5704-4E08-A19D-92C94B8DB89E}" = lport=138 | protocol=17 | dir=in | app=system |
"{8529BFFF-1562-4642-B0B6-5E0A241AF4BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{935B87B3-42E7-4563-B4FF-E84115689295}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93C8151C-3C07-43C8-9FA3-6445F296702B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A4D6FFAF-9975-4E80-A6AD-0C2007A33350}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC23D884-C83D-4BD0-B1BF-7A856B151879}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADD24A73-650B-49B8-BD2F-D72C41C85ACC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B757B630-0CE3-42D6-94C0-1FD5CCA20664}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0FCE5A7-9724-4A51-9B45-C616BD2D750A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1DF7CB1-9B47-493E-B975-2C6500AC6673}" = rport=139 | protocol=6 | dir=out | app=system |
"{F65CB229-FC45-42F7-A8A5-9A783359B030}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB1D9CF3-1D19-4019-83B7-FC590C7912B5}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03785222-DF18-4D0C-9A5A-FCC8638C9C01}" = protocol=6 | dir=out | app=system |
"{1442F3D2-C949-40AF-BED9-72404B5EBCC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22CAFFFD-7BAF-4655-A44C-D82A4CE33FFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25607898-DBA5-41B3-9E5D-BF5260CCAC3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29FF7E3F-4E80-4244-AAA0-42A65FA8E712}" = protocol=6 | dir=in | app=c:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe |
"{3618AFB7-F45C-4CCA-8465-6F5812D37C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3E1D823E-8B7C-4179-A46B-F5E964E4024F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5157EFA8-EFB1-43C8-BF7A-C2BA5C6E74A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58A3DEEC-2F6A-4A50-90A1-2E8070156D75}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64BC6838-E122-4023-977A-58AA9E0A575D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EF00F3D-4D1A-4BA7-BA9B-EB2CDD866E94}" = protocol=17 | dir=in | app=c:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B494611-0749-4754-903C-F5BA2A7B83A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9225C7FE-2595-400B-869A-929DA8F0285B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9D987D00-BDC2-4ACE-92CB-DED8F7682742}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E7E5780-5359-4B22-96ED-9602A949D892}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B11D33E9-6BEB-4E92-AE95-0D83BAAAA100}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B13659CA-B0E3-42C8-9235-56A541ABA501}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B92B943F-7BBE-405D-AA02-E3253D42EDD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C08343C1-81D6-44A6-A4AD-07788CE5720A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C356EBED-01E1-4544-A2D1-203BB76CB580}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C543E3CA-BDBF-497F-97DC-309145EC4DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C71297D5-E3AA-479C-B0DE-F05AE4B93BBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB213B2D-BF03-47C6-B2C6-EBA0900A506F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D19956B0-B110-4B51-AE39-FE411BD873C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC47611F-E403-404C-8794-CB3EF94EBE86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFE07B94-2314-4365-B7AB-DFA931A28142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC2A64F1-92F4-41A9-AF1E-C490DF81DC93}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{FBC230AD-1C2F-4C77-9A86-5414D9654EE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{516B1467-CCF9-4774-8B90-96889D9A8EC4}C:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2686EFF6-4E0D-4F0C-BD2B-646588F67404}C:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\finn\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{41B69F4F-114C-DB6C-DD68-B76F383A616A}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A60C40A-C7F1-8B68-5398-ED2902AAF764}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B638F22B-3806-64D0-B2CB-BC79E1868E85}" = ATI Catalyst Install Manager
"{C65615CE-A665-EA4A-DF8A-4D913D6F21E1}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"Matlab R2011b" = MATLAB R2011b
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A452E40-B3AB-EED6-F8AC-314B4E98129B}" = Catalyst Control Center InstallProxy
"{0C2B0177-E031-A6B3-D1AA-A84F18ED7E49}" = CCC Help Thai
"{0F942643-9509-98E2-16F9-2DF430597DFB}" = CCC Help Greek
"{1CC7FE62-DD51-8929-ECC8-78A138D3F7EE}" = CCC Help Norwegian
"{2135824C-1A00-713B-4B00-1A75B11A8191}" = CCC Help Czech
"{263803DB-A03F-000A-B2E3-BE5066904722}" = AMD VISION Engine Control Center
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3311717E-8D0A-9AD4-DAC3-FA9BB1F36389}" = CCC Help Chinese Standard
"{3C833093-A7C7-E32A-1682-134505B00679}" = CCC Help Italian
"{49110D95-75FB-673F-B00A-BEAF51A27F27}" = CCC Help Spanish
"{4BE9DEFE-F6DB-CFEE-03B0-4BEC619984FE}" = Catalyst Control Center Localization All
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{53AD1924-E579-4823-103A-5AD909D417C1}" = CCC Help German
"{57DFD6BB-49A4-A37C-8A21-7B51FF09FD0F}" = CCC Help Turkish
"{62CA0925-076F-9D4C-91A4-C3766E6C9B5F}" = CCC Help Russian
"{66136098-3F1E-02E1-E598-937F0D252005}" = CCC Help Swedish
"{6C460DDD-6126-D2BE-B142-06F84F37EC41}" = CCC Help Hungarian
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{784E0B26-9B0B-7A5D-86FC-1EC7C8B172B1}" = CCC Help Finnish
"{80AFBA14-9DF8-A2D1-81F8-4F0512EA9307}" = CCC Help Danish
"{88A41A42-ADE1-4EB4-969A-D42CA36C7FEF}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9171A89A-8136-9321-8992-788F089FC6BB}" = CCC Help Dutch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9DF97E9C-B7A5-8A58-192F-414CD0EF92E3}" = CCC Help English
"{A1709909-3305-E438-7F8F-B78B33EA600E}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C17C84C4-65DC-C081-52A3-8A7647997AEF}" = CCC Help Polish
"{D26080BE-3672-D7C2-E23A-A858083D9B79}" = Catalyst Control Center Profiles Mobile
"{D37C7029-67F3-7DBF-B4C5-662358BFD8D2}" = CCC Help Korean
"{D8A54777-6114-4F9C-7358-9751014DF11C}" = CCC Help French
"{D91619B1-9FA1-7D8D-11DE-55FFCEAF74AF}" = CCC Help Portuguese
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBCB1BDA-0627-EC02-89D4-C7625E0ED008}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Dynare 4.3.1" = Dynare 4.3.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"LyX2051" = LyX 2.0.5.1
"MiKTeX 2.9" = MiKTeX 2.9
"VLC media player" = VLC media player 2.0.1
"Zotero Standalone 3.0.14 (x86 en-US)" = Zotero Standalone 3.0.14 (x86 en-US)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.03.2013 09:37:03 | Computer Name = F5nn-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004FC03)
für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error - 20.03.2013 23:41:35 | Computer Name = F5nn-PC | Source = ESENT | ID = 215
Description = WinMail (2024) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 20.03.2013 23:41:46 | Computer Name = F5nn-PC | Source = ESENT | ID = 215
Description = WinMail (2612) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 29.03.2013 03:36:44 | Computer Name = F5nn-PC | Source = System Restore | ID = 8193
Description =
Error - 31.03.2013 03:27:19 | Computer Name = F5nn-PC | Source = System Restore | ID = 8193
Description =
Error - 26.04.2013 06:51:56 | Computer Name = F5nn-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.986 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2fc Startzeit:
01ce426bbaae2c7d Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avscan.exe Berichts-ID: 226a9af1-ae5f-11e2-8d94-5404a6327e1c
Error - 02.05.2013 03:50:37 | Computer Name = F5nn-PC | Source = System Restore | ID = 8193
Description =
Error - 03.05.2013 03:19:20 | Computer Name = F5nn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.15,
Zeitstempel: 0x4e31ebcf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften
Prozesses: 0xc90 Startzeit der fehlerhaften Anwendung: 0x01ce47294ca2e3eb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c57853ec-b3c1-11e2-882e-5404a6327e1c
Error - 22.05.2013 06:17:24 | Computer Name = F5nn-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 6.3.0.105 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9f0 Startzeit:
01ce560756b8a611 Endzeit: 42 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
c8eb25cc-c2c8-11e2-a0cb-5404a6327e1c
Error - 23.05.2013 05:22:32 | Computer Name = F5nn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.15,
Zeitstempel: 0x4e31ebcf Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften
Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce5607637f48c7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 4bd77688-c38a-11e2-a0cb-5404a6327e1c
[ OSession Events ]
Error - 22.02.2013 12:23:58 | Computer Name = F5nn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8029
seconds with 2460 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.05.2013 06:13:38 | Computer Name = F5nn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 15.05.2013 06:13:38 | Computer Name = F5nn-PC | Source = DCOM | ID = 10005
Description =
Error - 16.05.2013 07:32:23 | Computer Name = F5nn-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 10.31.5.103 registriert werden. Der Computer mit IP-Adresse 10.31.41.241
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 21.05.2013 04:51:01 | Computer Name = F5nn-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?05.?2013 um 15:11:55 unerwartet heruntergefahren.
Error - 21.05.2013 05:09:45 | Computer Name = F5nn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2667402)
Error - 21.05.2013 05:35:51 | Computer Name = F5nn-PC | Source = DCOM | ID = 10010
Description =
Error - 22.05.2013 08:40:56 | Computer Name = F5nn-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.05.2013 08:40:57 | Computer Name = F5nn-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.05.2013 08:40:57 | Computer Name = F5nn-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.05.2013 05:22:14 | Computer Name = F5nn-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
< End of report >
|
|
27.05.2013, 15:27
| #2 |
| /// TB-Ausbilder   | Facebook.vbs auf USB Stick Hallo finn529 und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg. Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind. Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.  Hinweise zum Ablauf
Los geht's: Schliesse den befallenen USB-Stick an den Rechner an und mach dann Folgendes. (Teile mir bitte auch mit, welchen Laufwerskbuchstaben der Stick hat.) Schritt 1 Scan mit Combofix
Bitte poste in deiner nächsten Antwort:
__________________ |
|
27.05.2013, 16:56
| #3 |
| | Facebook.vbs auf USB Stick Cool, danke schonmal für die schnelle Antwort. Hier ist der LOG von Combofix:
__________________Code:
ATTFilter ComboFix 13-05-27.01 - Finn 27.05.2013 17:33:31.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3692.2346 [GMT 2:00]
ausgeführt von:: c:\users\Finn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Finn\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-27 bis 2013-05-27 ))))))))))))))))))))))))))))))
.
.
2013-05-27 15:44 . 2013-05-27 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-27 12:16 . 2013-02-23 02:21 6796 ---ha-w- c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
2013-05-16 11:44 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 11:44 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 11:44 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 11:44 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 11:44 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 11:44 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 11:44 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 11:44 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 11:44 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 11:44 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-07 14:52 . 2013-05-07 14:52 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 07:57 . 2013-05-02 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 09:04 . 2012-02-19 10:37 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 11:48 . 2012-09-02 11:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 11:48 . 2012-09-02 11:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 14:45 . 2013-04-24 09:11 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-31 07:39 . 2013-03-31 07:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-31 07:39 . 2013-03-31 07:39 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-31 07:39 . 2013-03-31 07:39 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-21 02:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-21 02:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 06:04 . 2013-04-10 11:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:48 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:48 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"HotkeyMon"="AsusSender.exe" [2011-03-03 34728]
"HotkeyService"="AsusSender.exe" [2011-03-03 34728]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Finn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Finn\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 341032]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 39464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-01 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-16 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-12 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-12 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 AsusService;Asus Launcher Service;c:\windows\SysWOW64\AsusService.exe [2011-03-03 224680]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 11:48]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001Core.job
- c:\users\Finn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 14:31]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001UA.job
- c:\users\Finn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.55.96.84 193.55.99.70 193.55.97.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Wow6432Node-HKCU-Run-Hbioiv - c:\users\Finn\AppData\Roaming\Hbioiv.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-27 17:52:12
ComboFix-quarantined-files.txt 2013-05-27 15:52
.
Vor Suchlauf: 13 Verzeichnis(se), 358.371.008.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 357.914.587.136 Bytes frei
.
- - End Of File - - EEC64A3165023CDFF9FCE6B9AA803669
|
|
27.05.2013, 19:19
| #4 |
| /// TB-Ausbilder | Facebook.vbs auf USB Stick Das hat noch nicht ganz geklappt. Steck bitte den infizierten USB-Stick an den Rechner an und teile mir mit, welchen Laufwerksbuchstaben (z.B. F:\) er besitzt.
__________________ cheers, Leo |
|
27.05.2013, 19:55
| #5 |
| | Facebook.vbs auf USB Stick Ups, umso besser die beschreibung umso dümmer die Fehler wohl. Naja der Stick war angeschlossen und das Laufwerk ist D. Hab den Scan jetzt aber zur Sicherheit nochmal gemacht. Hier der Log: Code:
ATTFilter ComboFix 13-05-27.01 - Finn 27.05.2013 17:33:31.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3692.2346 [GMT 2:00]
ausgeführt von:: c:\users\Finn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Finn\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-27 bis 2013-05-27 ))))))))))))))))))))))))))))))
.
.
2013-05-27 15:44 . 2013-05-27 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-27 12:16 . 2013-02-23 02:21 6796 ---ha-w- c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
2013-05-16 11:44 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 11:44 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 11:44 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 11:44 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 11:44 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 11:44 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 11:44 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 11:44 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 11:44 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 11:44 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-07 14:52 . 2013-05-07 14:52 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 07:57 . 2013-05-02 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 09:04 . 2012-02-19 10:37 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 11:48 . 2012-09-02 11:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 11:48 . 2012-09-02 11:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 14:45 . 2013-04-24 09:11 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-31 07:39 . 2013-03-31 07:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-31 07:39 . 2013-03-31 07:39 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-31 07:39 . 2013-03-31 07:39 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-21 02:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-21 02:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 06:04 . 2013-04-10 11:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:48 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:48 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"HotkeyMon"="AsusSender.exe" [2011-03-03 34728]
"HotkeyService"="AsusSender.exe" [2011-03-03 34728]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Finn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Finn\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 341032]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 39464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-01 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-04 38016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-16 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-12 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-12 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 AsusService;Asus Launcher Service;c:\windows\SysWOW64\AsusService.exe [2011-03-03 224680]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 11:48]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001Core.job
- c:\users\Finn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 14:31]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001UA.job
- c:\users\Finn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.55.96.84 193.55.99.70 193.55.97.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Finn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Wow6432Node-HKCU-Run-Hbioiv - c:\users\Finn\AppData\Roaming\Hbioiv.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-27 17:52:12
ComboFix-quarantined-files.txt 2013-05-27 15:52
.
Vor Suchlauf: 13 Verzeichnis(se), 358.371.008.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 357.914.587.136 Bytes frei
.
- - End Of File - - EEC64A3165023CDFF9FCE6B9AA803669
|
|
27.05.2013, 21:11
| #6 |
| /// TB-Ausbilder | Facebook.vbs auf USB Stick Ok, dann mach bitte Folgendes:
Code:
ATTFilter dir /a:-h /s /b "D:\" /c
__________________ --> Facebook.vbs auf USB Stick |
|
27.05.2013, 21:47
| #7 |
| | Facebook.vbs auf USB Stick Hier ist der Log file. (Übrigens heißt der Button auf deutsch "nichts" und nicht "none"  )Code:
ATTFilter OTL logfile created on: 27.05.2013 22:45:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,61 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 60,58% Memory free
7,21 Gb Paging File | 5,59 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 333,43 Gb Free Space | 71,60% Space Free | Partition Type: NTFS
Drive D: | 3,81 Gb Total Space | 3,66 Gb Free Space | 96,10% Space Free | Partition Type: FAT32
Computer Name: F5NN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< dir /a:-h /s /b "D:\" /c >
D:\lettre.odt.lnk
D:\resume.odt.lnk
D:\CV 3 SENO no foto.pdf.lnk
D:\Inequaloity_and_the_Environment_for_real.pdf.lnk
D:\.Trashes.lnk
D:\.fseventsd.lnk
D:\.Spotlight-V100.lnk
D:\Memoire 12-05.lnk
D:\RECYCLER.lnk
D:\.TemporaryItems.lnk
D:\Memoire 16-05.lnk
D:\._.Trashes.lnk
D:\Stata11_x64.rar.lnk
D:\LaTeXimpaziente.pdf.lnk
D:\._LaTeXimpaziente.pdf.lnk
D:\Letter of recommendation_Medici.pdf.lnk
D:\._Letter of recommendation_Medici.pdf.lnk
D:\._.TemporaryItems.lnk
D:\EDDE.pdf.lnk
D:\memoire.pdf.lnk
D:\passport.jpeg.lnk
D:\20130527131230.pdf.lnk
D:\20130527131305.pdf.lnk
D:\20130527131327.pdf.lnk
D:\20130527131351.pdf.lnk
D:\20130527131409.pdf.lnk
D:\.fseventsd\fseventsd-uuid
D:\.fseventsd\0000000000b65a57
D:\.fseventsd\0000000000b65a58
D:\.Spotlight-V100\Store-V2
D:\.Spotlight-V100\Store-V1
D:\.Spotlight-V100\VolumeConfiguration.plist
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\psid.db
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\tmp.SnowLeopard
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\tmp.Lion
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\Lion.created
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\indexState
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexPostings
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexPositions
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.indexUpdates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.directoryStoreFile
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexPostings
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexPositions
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.indexUpdates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.directoryStoreFile
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\store.db
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\reverseDirectoryStore
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\tmp.spotlight.state
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\Lion.modified
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\store_generation
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.live
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journalExclusion
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.scan
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\reverseDirectoryStore.shadow
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.shadowIndexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\shutdown_time
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\permStore
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.repair
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journalAttr.7
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.directoryStoreFile.shadow
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\0.shadowIndexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.shadowIndexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.directoryStoreFile.shadow
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.0.shadowIndexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\store.updates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\reverseStore.updates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexPostings
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\tmp.spotlight.loc
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexPositions
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.indexUpdates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.directoryStoreFile
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.directoryStoreFile.shadow
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.1.shadowIndexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexPostings
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexPositions
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.indexUpdates
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.directoryStoreFile
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexHead
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexTermIds
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexPositionTable
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexArrays
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexCompactDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexDirectory
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.directoryStoreFile.shadow
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\live.2.shadowIndexGroups
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.live\journal.13
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.live\retire.12
D:\.Spotlight-V100\Store-V2\88A12A64-1EA3-4001-9873-D224684ABFCC\journals.scan\retire.207
D:\.Spotlight-V100\Store-V1\VolumeConfig.plist
D:\Memoire 12-05\Biblio.odt
D:\Memoire 12-05\Formulas.pptx
D:\Memoire 12-05\index.odt
D:\Memoire 12-05\lavoro fatto-da fare.odt
D:\Memoire 12-05\VSL isaac.odt
D:\Memoire 12-05\x la tesi.odt
D:\Memoire 12-05\CBA
D:\Memoire 12-05\Drafts
D:\Memoire 12-05\lavoro2per
D:\Memoire 12-05\Papers
D:\Memoire 12-05\ponthiere model
D:\Memoire 12-05\Pres. 29 marzo
D:\Memoire 12-05\provavsl
D:\Memoire 12-05\Tex
D:\Memoire 12-05\CBA\CBA book und.pdf
D:\Memoire 12-05\CBA\CBA book.pdf
D:\Memoire 12-05\CBA\CBA environment.pdf
D:\Memoire 12-05\CBA\CBA introduction.pdf
D:\Memoire 12-05\Drafts\Abstract.odt
D:\Memoire 12-05\Drafts\Empirical evidences.odt
D:\Memoire 12-05\Drafts\Health and VSL.odt
D:\Memoire 12-05\Drafts\Introduction.odt
D:\Memoire 12-05\Drafts\p(h).odt
D:\Memoire 12-05\Drafts\prime bozze di testo.odt
D:\Memoire 12-05\Drafts\The health variable.odt
D:\Memoire 12-05\Drafts\The value of health.odt
D:\Memoire 12-05\Drafts\The VSL.odt
D:\Memoire 12-05\lavoro2per\ponmod2p.log
D:\Memoire 12-05\lavoro2per\ponmod2p.m
D:\Memoire 12-05\lavoro2per\ponmod2p.mod
D:\Memoire 12-05\lavoro2per\ponmod2pP.log
D:\Memoire 12-05\lavoro2per\ponmod2pP.m
D:\Memoire 12-05\lavoro2per\ponmod2pP.mod
D:\Memoire 12-05\lavoro2per\ponmod2pP_dynamic.m
D:\Memoire 12-05\lavoro2per\ponmod2pP_results.mat
D:\Memoire 12-05\lavoro2per\ponmod2pP_set_auxiliary_variables.m
D:\Memoire 12-05\lavoro2per\ponmod2pP_static.m
D:\Memoire 12-05\lavoro2per\ponmod2p_dynamic.m
D:\Memoire 12-05\lavoro2per\ponmod2p_results.mat
D:\Memoire 12-05\lavoro2per\ponmod2p_set_auxiliary_variables.m
D:\Memoire 12-05\lavoro2per\ponmod2p_static.m
D:\Memoire 12-05\lavoro2per\ponmod2p
D:\Memoire 12-05\lavoro2per\ponmod2pP
D:\Memoire 12-05\lavoro2per\ponmod2p\Output
D:\Memoire 12-05\lavoro2per\ponmod2pP\Output
D:\Memoire 12-05\Papers\Ackerman Heinzerling 2004 - life is priceless.PDF
D:\Memoire 12-05\Papers\Adler 2006 - QALY.pdf
D:\Memoire 12-05\Papers\Adler Hammitt Treich - VSL vs Welfare function.pdf
D:\Memoire 12-05\Papers\Age effect (stated pref).pdf
D:\Memoire 12-05\Papers\alberini 2006 UND.pdf
D:\Memoire 12-05\Papers\alberini 2006.pdf
D:\Memoire 12-05\Papers\Aldy Viscusi 2007 - labor estimates.pdf
D:\Memoire 12-05\Papers\Andersson Treich 2008 - The VSL.pdf
D:\Memoire 12-05\Papers\Bommier 2006 WP - Mortality time preferences and life cycle models.pdf
D:\Memoire 12-05\Papers\Bommier Villeneuve 2012 - Risk aversion and VSL.pdf
D:\Memoire 12-05\Papers\Chakraborty 2003 - Endogenous lifetime and economic growth.pdf
D:\Memoire 12-05\Papers\Chakraborty 2003 - und - Endogenous lifetime and economic growth.pdf
D:\Memoire 12-05\Papers\Cropper 2000 - Mortality valuation.pdf
D:\Memoire 12-05\Papers\david_pearce_paper.pdf
D:\Memoire 12-05\Papers\Eeckhoudt Hammitt 2000 - Background risks.pdf
D:\Memoire 12-05\Papers\Eeckhoudt Hammitt 2000 - und - Background risks.pdf
D:\Memoire 12-05\Papers\EU - Value of preventing fatalities.pdf
D:\Memoire 12-05\Papers\Garber Phelps 1997 - Econ foundations of cost bene.pdf
D:\Memoire 12-05\Papers\Hammit 2007 - und - VSL vs VSLY.pdf
D:\Memoire 12-05\Papers\Hammit 2007 - VSL vs VSLY.pdf
D:\Memoire 12-05\Papers\Hammitt 2002 - QALY vs WTP.pdf
D:\Memoire 12-05\Papers\Hammitt 2002 - und - QALY vs WTP.pdf
D:\Memoire 12-05\Papers\Hammitt Graham 1999 - WTP - sensitivity (misperception).pdf
D:\Memoire 12-05\Papers\Hammitt Graham 1999 - und - WTP - sensitivity (misperception).pdf
D:\Memoire 12-05\Papers\JG health questionnaire.pdf
D:\Memoire 12-05\Papers\Jouvet Pestieau Ponthiere - 2007 - Longevity and environmental quality.pdf
D:\Memoire 12-05\Papers\Jouvet Pestieau Ponthiere 2007 - und - Longevity and environmental quality.pdf
D:\Memoire 12-05\Papers\Leung Wang 2002 - endogenized health care.pdf
D:\Memoire 12-05\Papers\Leung Wang 2002 - und - endogenized health care.pdf
D:\Memoire 12-05\Papers\Pestieu Ponthiere 2012 - und - public economics of increasing longevity.pdf
D:\Memoire 12-05\Papers\Ponthiere 2009 - und -Rectangularization and OLG.pdf
D:\Memoire 12-05\Papers\Pratt Zeckhauser 1996 - Dead anyway effect.pdf
D:\Memoire 12-05\Papers\Schmidt 2004 - Risk perception.pdf
D:\Memoire 12-05\Papers\smith et al UND.pdf
D:\Memoire 12-05\Papers\smith et al.pdf
D:\Memoire 12-05\Papers\Treich 2007 - VSL and ambiguity aversion.pdf
D:\Memoire 12-05\Papers\VSH UND.pdf
D:\Memoire 12-05\Papers\VSH.pdf
D:\Memoire 12-05\Papers\VSL and health ONTARIO + USA.pdf
D:\Memoire 12-05\Papers\VSL and health ONTARIO und.pdf
D:\Memoire 12-05\Papers\VSL and health ONTARIO.pdf
D:\Memoire 12-05\ponthiere model\ponmodlump.log
D:\Memoire 12-05\ponthiere model\ponmodlump.m
D:\Memoire 12-05\ponthiere model\ponmodlump.mod
D:\Memoire 12-05\ponthiere model\ponmodlump_dynamic.m
D:\Memoire 12-05\ponthiere model\ponmodlump_results.mat
D:\Memoire 12-05\ponthiere model\ponmodlump_set_auxiliary_variables.m
D:\Memoire 12-05\ponthiere model\ponmodlump_static.m
D:\Memoire 12-05\ponthiere model\ponmodlump
D:\Memoire 12-05\ponthiere model\ponmodlump\Output
D:\Memoire 12-05\Pres. 29 marzo\pres2.pptx
D:\Memoire 12-05\Pres. 29 marzo\VSL & VH.odt
D:\Memoire 12-05\provavsl\provautil.log
D:\Memoire 12-05\provavsl\provautil.m
D:\Memoire 12-05\provavsl\provautil.mod
D:\Memoire 12-05\provavsl\provautilit….m
D:\Memoire 12-05\provavsl\provautilit…_dynamic.m
D:\Memoire 12-05\provavsl\provautilit…_set_auxiliary_variables.m
D:\Memoire 12-05\provavsl\provautilit…_static.m
D:\Memoire 12-05\provavsl\provautil_dynamic.m
D:\Memoire 12-05\provavsl\provautil_results.mat
D:\Memoire 12-05\provavsl\provautil_set_auxiliary_variables.m
D:\Memoire 12-05\provavsl\provautil_static.m
D:\Memoire 12-05\provavsl\provavsl.log
D:\Memoire 12-05\provavsl\provavsl.m
D:\Memoire 12-05\provavsl\provavsl.mod
D:\Memoire 12-05\provavsl\provavsl_dynamic.m
D:\Memoire 12-05\provavsl\provavsl_results.mat
D:\Memoire 12-05\provavsl\provavsl_set_auxiliary_variables.m
D:\Memoire 12-05\provavsl\provavsl_static.m
D:\Memoire 12-05\provavsl\provautil
D:\Memoire 12-05\provavsl\provautilit…
D:\Memoire 12-05\provavsl\provavsl
D:\Memoire 12-05\provavsl\provautil\Output
D:\Memoire 12-05\provavsl\provavsl\Output
D:\Memoire 12-05\Tex\memoire.aux
D:\Memoire 12-05\Tex\memoire.idx
D:\Memoire 12-05\Tex\memoire.log
D:\Memoire 12-05\Tex\memoire.pdf
D:\Memoire 12-05\Tex\memoire.synctex.gz
D:\Memoire 12-05\Tex\memoire.tex
D:\Memoire 12-05\Tex\memoire.toc
D:\RECYCLER\Desktop.ini
D:\.TemporaryItems\folders.501
D:\.TemporaryItems\folders.501\TemporaryItems
D:\Memoire 16-05\Biblio.odt
D:\Memoire 16-05\Formulas.pptx
D:\Memoire 16-05\index.odt
D:\Memoire 16-05\lavoro fatto-da fare.odt
D:\Memoire 16-05\VSL isaac.odt
D:\Memoire 16-05\x la tesi.odt
D:\Memoire 16-05\CBA
D:\Memoire 16-05\Drafts
D:\Memoire 16-05\lavoro2per
D:\Memoire 16-05\Papers
D:\Memoire 16-05\ponthiere model
D:\Memoire 16-05\Pres. 29 marzo
D:\Memoire 16-05\provavsl
D:\Memoire 16-05\Tex
D:\Memoire 16-05\CBA\CBA book und.pdf
D:\Memoire 16-05\CBA\CBA book.pdf
D:\Memoire 16-05\CBA\CBA environment.pdf
D:\Memoire 16-05\CBA\CBA introduction.pdf
D:\Memoire 16-05\Drafts\0 Abstract.odt
D:\Memoire 16-05\Drafts\0 Introduction.odt
D:\Memoire 16-05\Drafts\1.1 The VSL.odt
D:\Memoire 16-05\Drafts\1.2 Health and VSL.odt
D:\Memoire 16-05\Drafts\2.1 A new expected utility, The health variable.odt
D:\Memoire 16-05\Drafts\2.2 VSHL.odt
D:\Memoire 16-05\Drafts\2.3 p(h).odt
D:\Memoire 16-05\Drafts\3 Empirical findings.odt
D:\Memoire 16-05\Drafts\4 Conclusions.odt
D:\Memoire 16-05\lavoro2per\ponmod2p.log
D:\Memoire 16-05\lavoro2per\ponmod2p.m
D:\Memoire 16-05\lavoro2per\ponmod2p.mod
D:\Memoire 16-05\lavoro2per\ponmod2pP.log
D:\Memoire 16-05\lavoro2per\ponmod2pP.m
D:\Memoire 16-05\lavoro2per\ponmod2pP.mod
D:\Memoire 16-05\lavoro2per\ponmod2pP_dynamic.m
D:\Memoire 16-05\lavoro2per\ponmod2pP_results.mat
D:\Memoire 16-05\lavoro2per\ponmod2pP_set_auxiliary_variables.m
D:\Memoire 16-05\lavoro2per\ponmod2pP_static.m
D:\Memoire 16-05\lavoro2per\ponmod2p_dynamic.m
D:\Memoire 16-05\lavoro2per\ponmod2p_results.mat
D:\Memoire 16-05\lavoro2per\ponmod2p_set_auxiliary_variables.m
D:\Memoire 16-05\lavoro2per\ponmod2p_static.m
D:\Memoire 16-05\lavoro2per\ponmod2p
D:\Memoire 16-05\lavoro2per\ponmod2pP
D:\Memoire 16-05\lavoro2per\ponmod2p\Output
D:\Memoire 16-05\lavoro2per\ponmod2pP\Output
D:\Memoire 16-05\Papers\Ackerman Heinzerling 2004 - life is priceless.PDF
D:\Memoire 16-05\Papers\Adler 2006 - QALY UND.pdf
D:\Memoire 16-05\Papers\Adler 2006 - QALY.pdf
D:\Memoire 16-05\Papers\Adler Hammitt Treich - VSL vs Welfare function.pdf
D:\Memoire 16-05\Papers\Age effect (stated pref).pdf
D:\Memoire 16-05\Papers\alberini 2006 UND.pdf
D:\Memoire 16-05\Papers\alberini 2006.pdf
D:\Memoire 16-05\Papers\Aldy Viscusi 2007 - labor estimates.pdf
D:\Memoire 16-05\Papers\Andersson Treich 2008 - The VSL.pdf
D:\Memoire 16-05\Papers\Bommier 2006 WP - Mortality time preferences and life cycle models.pdf
D:\Memoire 16-05\Papers\Bommier Villeneuve 2012 - Risk aversion and VSL.pdf
D:\Memoire 16-05\Papers\Chakraborty 2003 - Endogenous lifetime and economic growth.pdf
D:\Memoire 16-05\Papers\Chakraborty 2003 - und - Endogenous lifetime and economic growth.pdf
D:\Memoire 16-05\Papers\Cropper 2000 - Mortality valuation.pdf
D:\Memoire 16-05\Papers\david_pearce_paper.pdf
D:\Memoire 16-05\Papers\Eeckhoudt Hammitt 2000 - Background risks.pdf
D:\Memoire 16-05\Papers\Eeckhoudt Hammitt 2000 - und - Background risks.pdf
D:\Memoire 16-05\Papers\EU - Value of preventing fatalities.pdf
D:\Memoire 16-05\Papers\Finkelstein et al. - 2008 - What good is wealth without health The effect of .pdf
D:\Memoire 16-05\Papers\Garber Phelps 1997 - Econ foundations of cost bene.pdf
D:\Memoire 16-05\Papers\Hammit 2007 - und - VSL vs VSLY.pdf
D:\Memoire 16-05\Papers\Hammit 2007 - VSL vs VSLY.pdf
D:\Memoire 16-05\Papers\Hammitt 2002 - QALY vs WTP.pdf
D:\Memoire 16-05\Papers\Hammitt 2002 - und - QALY vs WTP.pdf
D:\Memoire 16-05\Papers\Hammitt Graham 1999 - WTP - sensitivity (misperception).pdf
D:\Memoire 16-05\Papers\Hammitt Graham 1999 - und - WTP - sensitivity (misperception).pdf
D:\Memoire 16-05\Papers\JG health questionnaire.pdf
D:\Memoire 16-05\Papers\Jouvet Pestieau Ponthiere - 2007 - Longevity and environmental quality.pdf
D:\Memoire 16-05\Papers\Jouvet Pestieau Ponthiere 2007 - und - Longevity and environmental quality.pdf
D:\Memoire 16-05\Papers\Leung Wang 2002 - endogenized health care.pdf
D:\Memoire 16-05\Papers\Leung Wang 2002 - und - endogenized health care.pdf
D:\Memoire 16-05\Papers\Pestieu Ponthiere 2012 - und - public economics of increasing longevity.pdf
D:\Memoire 16-05\Papers\Ponthiere 2009 - und -Rectangularization and OLG.pdf
D:\Memoire 16-05\Papers\Pratt Zeckhauser 1996 - Dead anyway effect.pdf
D:\Memoire 16-05\Papers\Schmidt 2004 - Risk perception.pdf
D:\Memoire 16-05\Papers\smith et al UND.pdf
D:\Memoire 16-05\Papers\smith et al.pdf
D:\Memoire 16-05\Papers\Treich 2007 - VSL and ambiguity aversion.pdf
D:\Memoire 16-05\Papers\VSH UND.pdf
D:\Memoire 16-05\Papers\VSH.pdf
D:\Memoire 16-05\Papers\VSL and health ONTARIO + USA.pdf
D:\Memoire 16-05\Papers\VSL and health ONTARIO und.pdf
D:\Memoire 16-05\Papers\VSL and health ONTARIO.pdf
D:\Memoire 16-05\ponthiere model\ponmodlump.log
D:\Memoire 16-05\ponthiere model\ponmodlump.m
D:\Memoire 16-05\ponthiere model\ponmodlump.mod
D:\Memoire 16-05\ponthiere model\ponmodlump_dynamic.m
D:\Memoire 16-05\ponthiere model\ponmodlump_results.mat
D:\Memoire 16-05\ponthiere model\ponmodlump_set_auxiliary_variables.m
D:\Memoire 16-05\ponthiere model\ponmodlump_static.m
D:\Memoire 16-05\ponthiere model\ponmodlump
D:\Memoire 16-05\ponthiere model\ponmodlump\Output
D:\Memoire 16-05\Pres. 29 marzo\pres2.pptx
D:\Memoire 16-05\Pres. 29 marzo\VSL & VH.odt
D:\Memoire 16-05\provavsl\provautil.log
D:\Memoire 16-05\provavsl\provautil.m
D:\Memoire 16-05\provavsl\provautil.mod
D:\Memoire 16-05\provavsl\provautilit….m
D:\Memoire 16-05\provavsl\provautilit…_dynamic.m
D:\Memoire 16-05\provavsl\provautilit…_set_auxiliary_variables.m
D:\Memoire 16-05\provavsl\provautilit…_static.m
D:\Memoire 16-05\provavsl\provautil_dynamic.m
D:\Memoire 16-05\provavsl\provautil_results.mat
D:\Memoire 16-05\provavsl\provautil_set_auxiliary_variables.m
D:\Memoire 16-05\provavsl\provautil_static.m
D:\Memoire 16-05\provavsl\provavsl.log
D:\Memoire 16-05\provavsl\provavsl.m
D:\Memoire 16-05\provavsl\provavsl.mod
D:\Memoire 16-05\provavsl\provavsl_dynamic.m
D:\Memoire 16-05\provavsl\provavsl_results.mat
D:\Memoire 16-05\provavsl\provavsl_set_auxiliary_variables.m
D:\Memoire 16-05\provavsl\provavsl_static.m
D:\Memoire 16-05\provavsl\provautil
D:\Memoire 16-05\provavsl\provautilit…
D:\Memoire 16-05\provavsl\provavsl
D:\Memoire 16-05\provavsl\provautil\Output
D:\Memoire 16-05\provavsl\provavsl\Output
D:\Memoire 16-05\Tex\memoire.aux
D:\Memoire 16-05\Tex\memoire.idx
D:\Memoire 16-05\Tex\memoire.log
D:\Memoire 16-05\Tex\memoire.pdf
D:\Memoire 16-05\Tex\memoire.synctex.gz
D:\Memoire 16-05\Tex\memoire.tex
D:\Memoire 16-05\Tex\memoire.toc
< End of report >
|
|
27.05.2013, 22:07
| #8 |
| /// TB-Ausbilder | Facebook.vbs auf USB Stick Ja zwei Mal none macht keinen Sinn. Danke für den Hinweis.Mach bitte auf dem USB-Stick einen Rechtsklick (aber nicht öffnen!) auf die Datei lettre.odt.lnk und teile mir mit, mit welcher Anwendung sie verknüpft ist (also was unter "Ziel" angegeben ist).
__________________ cheers, Leo |
|
27.05.2013, 22:21
| #9 |
| | Facebook.vbs auf USB Stick Also die Verknüpfungen haben alle dasselbe Ziel. "C:\Windows\system32\cmd.exe /c start Facebook.vbs&start lettre.odt & exit" Übrigens ich hatte bevor ich hier gepostet habe schon eine der Verknüpfungen schon geöffnet. |
|
27.05.2013, 22:30
| #10 |
| /// TB-Ausbilder | Facebook.vbs auf USB Stick Ok. Wie ist die Lage nach folgendem Fix? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001..\Run: [Facebook.vbs] C:\Users\Finn\AppData\Local\Temp\Facebook.vbs ()
O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
:files
D:\lettre.odt.lnk
D:\resume.odt.lnk
D:\CV 3 SENO no foto.pdf.lnk
D:\Inequaloity_and_the_Environment_for_real.pdf.lnk
D:\.Trashes.lnk
D:\.fseventsd.lnk
D:\.Spotlight-V100.lnk
D:\Memoire 12-05.lnk
D:\RECYCLER.lnk
D:\.TemporaryItems.lnk
D:\Memoire 16-05.lnk
D:\._.Trashes.lnk
D:\Stata11_x64.rar.lnk
D:\LaTeXimpaziente.pdf.lnk
D:\._LaTeXimpaziente.pdf.lnk
D:\Facebook.vbs
D:\Letter of recommendation_Medici.pdf.lnk
D:\._Letter of recommendation_Medici.pdf.lnk
D:\._.TemporaryItems.lnk
D:\EDDE.pdf.lnk
D:\memoire.pdf.lnk
D:\autorun.inf
D:\passport.jpeg.lnk
D:\20130527131230.pdf.lnk
D:\20130527131305.pdf.lnk
D:\20130527131327.pdf.lnk
D:\20130527131351.pdf.lnk
D:\20130527131409.pdf.lnk
attrib -h -s "D:\*" /s /d /c
:commands
[emptytemp]
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
28.05.2013, 08:45
| #11 |
| | Facebook.vbs auf USB Stick Et Voila le LOG  Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3466088446-2291663529-1802688619-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs not found.
File C:\Users\Finn\AppData\Local\Temp\Facebook.vbs not found.
C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs moved successfully.
========== FILES ==========
D:\lettre.odt.lnk moved successfully.
D:\resume.odt.lnk moved successfully.
D:\CV 3 SENO no foto.pdf.lnk moved successfully.
D:\Inequaloity_and_the_Environment_for_real.pdf.lnk moved successfully.
D:\.Trashes.lnk moved successfully.
D:\.fseventsd.lnk moved successfully.
D:\.Spotlight-V100.lnk moved successfully.
D:\Memoire 12-05.lnk moved successfully.
D:\RECYCLER.lnk moved successfully.
D:\.TemporaryItems.lnk moved successfully.
D:\Memoire 16-05.lnk moved successfully.
D:\._.Trashes.lnk moved successfully.
D:\Stata11_x64.rar.lnk moved successfully.
D:\LaTeXimpaziente.pdf.lnk moved successfully.
D:\._LaTeXimpaziente.pdf.lnk moved successfully.
D:\Facebook.vbs moved successfully.
D:\Letter of recommendation_Medici.pdf.lnk moved successfully.
D:\._Letter of recommendation_Medici.pdf.lnk moved successfully.
D:\._.TemporaryItems.lnk moved successfully.
D:\EDDE.pdf.lnk moved successfully.
D:\memoire.pdf.lnk moved successfully.
File\Folder D:\autorun.inf not found.
D:\passport.jpeg.lnk moved successfully.
D:\20130527131230.pdf.lnk moved successfully.
D:\20130527131305.pdf.lnk moved successfully.
D:\20130527131327.pdf.lnk moved successfully.
D:\20130527131351.pdf.lnk moved successfully.
D:\20130527131409.pdf.lnk moved successfully.
< attrib -h -s "D:\*" /s /d /c >
C:\Users\Finn\Downloads\cmd.bat deleted successfully.
C:\Users\Finn\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Finn
->Temp folder emptied: 871 bytes
->Temporary Internet Files folder emptied: 30348392 bytes
->Google Chrome cache emptied: 452733392 bytes
->Flash cache emptied: 3609 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14524 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55275504 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 513,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05282013_093559
Files\Folders moved on Reboot...
C:\Users\Finn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\HS.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.05.2013, 11:11
| #12 |
| /// TB-Ausbilder | Facebook.vbs auf USB Stick Weiter hiermit: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
28.05.2013, 21:31
| #13 |
| | Facebook.vbs auf USB Stick Also gute Neuigkeiten. Ironischerweise hab ich den Stick heute verloren -keine Kommentare bitte. Hier sind auf jeden Fall die beiden logs: Code:
ATTFilter OTL logfile created on: 28.05.2013 22:08:09 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,61 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 66,19% Memory free 7,21 Gb Paging File | 5,84 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 333,43 Gb Free Space | 71,60% Space Free | Partition Type: NTFS Computer Name: F5NN-PC | User Name: Finn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 15:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Downloads\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 16:50:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.31 09:39:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.31 09:39:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Finn\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.03 17:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.03 17:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\SysWOW64\AsusService.exe PRC - [2011.03.03 17:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.05.12 23:58:27 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.12 19:13:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.15 13:48:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.31 09:39:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.31 09:39:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.03.03 17:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\AsusService.exe -- (AsusService) SRV - [2010.05.21 15:38:30 | 000,947,488 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.31 09:39:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.31 09:39:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.31 09:39:50 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 13:26:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.30 14:05:50 | 001,452,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.05.13 00:41:20 | 009,358,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.12 23:20:29 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:45 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.24 10:13:00 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.09.27 09:24:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.05.21 09:46:34 | 000,341,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.05.21 09:45:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.05.21 09:45:44 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.05.21 09:45:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.05.21 09:45:42 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 08 3A F8 7B 8A CD 01 [binary data] IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes\{EC8FF79E-718F-474D-BFF5-1E7613D25674}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Finn\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Finn\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.30 20:45:18 | 000,000,000 | ---D | M] [2013.02.25 17:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions [2012.12.25 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions [2012.12.25 15:52:44 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Finn\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Finn\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyMon] C:\Windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\Windows\SysWow64\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Finn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C894746-5BDF-436E-A9D4-0C14C27CA47E}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37C3782-0756-4F1A-97C1-85E487FFE493}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.28 09:37:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.28 09:35:59 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.28 09:34:23 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.05.27 16:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.27 16:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.27 16:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.27 16:41:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.27 16:40:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.27 16:38:58 | 005,073,202 | R--- | C] (Swearware) -- C:\Users\Finn\Desktop\ComboFix.exe [2013.05.07 16:52:29 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files - Modified Within 30 Days ========== [2013.05.28 22:13:07 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 22:13:07 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 22:11:41 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 22:11:41 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 22:11:41 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 22:11:41 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 22:11:41 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.28 22:04:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 22:04:01 | 2903,826,432 | -HS- | M] () -- C:\hiberfil.sys [2013.05.28 22:01:39 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.28 21:54:21 | 000,632,031 | ---- | M] () -- C:\Users\Finn\Desktop\adwcleaner.exe [2013.05.28 21:50:34 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001UA.job [2013.05.28 21:50:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.28 16:24:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466088446-2291663529-1802688619-1001Core.job [2013.05.27 16:39:38 | 005,073,202 | R--- | M] (Swearware) -- C:\Users\Finn\Desktop\ComboFix.exe [2013.05.27 14:18:47 | 000,001,150 | ---- | M] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.27 14:10:36 | 000,017,622 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131409.pdf [2013.05.27 14:10:22 | 000,651,612 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131351.pdf [2013.05.27 14:09:56 | 000,560,048 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131327.pdf [2013.05.27 14:09:34 | 000,453,155 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131305.pdf [2013.05.27 14:09:04 | 000,351,872 | ---- | M] () -- C:\Users\Finn\Desktop\20130527131230.pdf [2013.05.27 12:50:02 | 000,224,327 | ---- | M] () -- C:\Users\Finn\Desktop\Inequaloity_and_the_Environment_for_real.pdf [2013.05.23 18:36:15 | 000,034,375 | ---- | M] () -- C:\Users\Finn\Desktop\Inequaloity and the Environment for real.lyx [2013.05.23 12:20:42 | 000,004,191 | ---- | M] () -- C:\Users\Finn\Desktop\amstext.sty [2013.05.21 11:39:27 | 000,418,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 16:52:05 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:44:28 | 000,000,081 | ---- | M] () -- C:\Users\Finn\Untitled2.m [2013.05.06 15:02:03 | 000,000,115 | ---- | M] () -- C:\Users\Finn\Untitled.m [2013.05.02 10:00:40 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.02 10:00:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 15:21:00 | 000,000,201 | ---- | M] () -- C:\Users\Finn\Graphs.m ========== Files Created - No Company Name ========== [2013.05.28 21:59:22 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.28 21:54:19 | 000,632,031 | ---- | C] () -- C:\Users\Finn\Desktop\adwcleaner.exe [2013.05.27 16:41:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.27 16:41:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.27 16:41:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.27 16:41:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.27 16:41:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.27 14:16:01 | 000,001,150 | ---- | C] () -- C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.27 14:10:35 | 000,017,622 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131409.pdf [2013.05.27 14:10:19 | 000,651,612 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131351.pdf [2013.05.27 14:09:54 | 000,560,048 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131327.pdf [2013.05.27 14:09:32 | 000,453,155 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131305.pdf [2013.05.27 14:09:01 | 000,351,872 | ---- | C] () -- C:\Users\Finn\Desktop\20130527131230.pdf [2013.05.27 12:50:34 | 000,224,327 | ---- | C] () -- C:\Users\Finn\Desktop\Inequaloity_and_the_Environment_for_real.pdf [2013.05.23 18:36:55 | 000,034,375 | ---- | C] () -- C:\Users\Finn\Desktop\Inequaloity and the Environment for real.lyx [2013.05.23 12:20:30 | 000,004,191 | ---- | C] () -- C:\Users\Finn\Desktop\amstext.sty [2013.05.07 15:48:47 | 000,000,081 | ---- | C] () -- C:\Users\Finn\Untitled2.m [2013.05.06 14:53:33 | 000,000,115 | ---- | C] () -- C:\Users\Finn\Untitled.m [2013.05.02 10:00:40 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.02 10:00:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 15:03:11 | 000,000,201 | ---- | C] () -- C:\Users\Finn\Graphs.m [2012.02.06 12:20:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.06 12:10:36 | 000,224,680 | ---- | C] () -- C:\Windows\SysWow64\AsusService.exe [2012.02.06 12:10:34 | 000,025,616 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini [2012.02.06 11:58:18 | 000,036,353 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.02.06 11:57:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.06 11:57:46 | 000,023,099 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.06 11:57:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.02.06 11:40:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.06 11:35:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.28 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\BitTorrent [2012.02.16 13:30:37 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\DAEMON Tools Lite [2013.05.28 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Dropbox [2013.03.04 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\LyX2.0 [2012.02.10 13:30:00 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Swiss Academic Software [2013.02.25 17:33:52 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Zotero ========== Purity Check ========== < End of report > Code:
ATTFilter # AdwCleaner v2.301 - Datei am 28/05/2013 um 21:59:09 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Finn - F5NN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Finn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Ordner Gelöscht : C:\Program Files (x86)\BittorrentBar_DE
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Finn\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Ordner Gelöscht : C:\Users\Finn\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Finn\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Finn\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{051F74BA-0C89-4318-B1C0-9432084782BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4D255F7-2CD3-4A76-B62D-CE8C66923A66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855 --> hxxp://www.google.com
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3777 octets] - [28/05/2013 21:59:09]
########## EOF - C:\AdwCleaner[S1].txt - [3837 octets] ##########
|
|
28.05.2013, 23:41
| #14 | |
| /// TB-Ausbilder | Facebook.vbs auf USB StickZitat:
 Dann machen wir wenigstens noch den Rechner sauber. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2012.12.25 15:52:44 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
IE - HKU\S-1-5-21-3466088446-2291663529-1802688619-1001\..\SearchScopes\{EC8FF79E-718F-474D-BFF5-1E7613D25674}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
29.05.2013, 13:06
| #15 |
| | Facebook.vbs auf USB Stick Nagut, den Kommentar hab ich wohl verdient Hier sind jedenfalls die Logs: OTL Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\Plugins folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\modules folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\META-INF folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\lib folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\defaults\preferences folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\defaults folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\sl folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\lib folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\core folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa\404 folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\wa folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\menu folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\gf folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ui folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\sp folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\options\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\options\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\options\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\options folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\msd folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\features\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\features folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\api folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ac\res folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ac\img folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ac\css folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\ac folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al\aboutBox folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb\al folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content\tb folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855\content folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome\CT2849855 folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\chrome folder moved successfully.
C:\Users\Finn\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} folder moved successfully.
Registry key HKEY_USERS\S-1-5-21-3466088446-2291663529-1802688619-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EC8FF79E-718F-474D-BFF5-1E7613D25674}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC8FF79E-718F-474D-BFF5-1E7613D25674}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Finn
->Temp folder emptied: 36074 bytes
->Temporary Internet Files folder emptied: 34885 bytes
->Google Chrome cache emptied: 349616920 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 3149 bytes
Total Files Cleaned = 333,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05292013_094525
Files\Folders moved on Reboot...
C:\Users\Finn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\HS.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Finn :: F5NN-PC [Administrator] 29.05.2013 09:53:37 mbam-log-2013-05-29 (09-53-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215419 Laufzeit: 5 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ce2ad25e0963d1438ad3fe4e22c1d132
# engine=13941
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-29 11:52:10
# local_time=2013-05-29 01:52:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 57699 6663173 50470 0
# compatibility_mode=5893 16776574 100 94 5991699 121458180 0 0
# scanned=317443
# found=2
# cleaned=0
# scan_time=13723
sh=B47AA09DCB23CB09987B7AF11C97CC51787A7F2D ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NHP trojan" ac=I fn="C:\_OTL\MovedFiles\05282013_093559\C_Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs"
sh=B47AA09DCB23CB09987B7AF11C97CC51787A7F2D ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NHP trojan" ac=I fn="C:\_OTL\MovedFiles\05282013_093559\D_\Facebook.vbs"
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu Facebook.vbs auf USB Stick |
| antivir, avira, bho, browser, desktop, facebook.vbs, fehler, firefox, flash player, google, helper, homepage, iexplore.exe, install.exe, logfile, ntdll.dll, plug-in, problem, realtek, registry, scan, security, software, stick, super, svchost.exe, trojaner, usb, usb-stick, verknüpfungen, virus, wichtige daten, windows |
Textbox.
Linear-Darstellung
