| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet automatisch WerbetabsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2010, 10:17
| #1 |
| |  Firefox öffnet automatisch Werbetabs Hallo, ich habe seit ein paar Tagen auch das Problem, dass Firefox (3.6.3) entweder bei Klick auf Google Suchergebnisse oder gelegentlich automatisch neue Tabs mit Werbung öffnet. Um zu schauen, ob es nur an Firefox oder meinem System liegt habe ich versucht Google Chrome zu installieren, was zwar auch geklappt hat, aber der Browser kann keinerlei Website öffnen (trotz Verbindung in Firefox). Antivir hat nun heute Malware gefunden: In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVRWNT5A\l[1].php' wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern Ich habe gesehen, dass schon einige andere Leute das Problem hatten und durch Navilog behoben werden konnte. Bei mir scheint das nicht zu klappen. Wäre super, wenn mir jemand helfen könnte. Gruß Tom Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4137 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.05.2010 09:50:15 mbam-log-2010-05-26 (09-50-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 247925 Laufzeit: 51 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:52:28, on 26.05.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DesktopEarth\DesktopEarth.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s O4 - HKLM\..\Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- End of file - 10324 bytes Fix Navipromo version 4.0.8 begonnen am 26.05.2010 10:53:34,14 !!! Achtung, dieser Abschnitt kann legitime Dateien und Programme auflisten!!! !!! Posten sie diesen Bericht im Forum, um ihn auswerten zu lassen !!! Programm ausgefuehrt in: C:\navilog1 Zuletzt von IL-MAFIOSO aktualisiert am 09.03.2010 um 18h00 Microsoft Windows 7 Professional ( v6.1.7600 ) X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz ) BIOS : Ver 1.00PARTTBL( USER : ***( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:79 Go (Free:7 Go) D:\ (Local Disk) - NTFS - Total:146 Go (Free:43 Go) E:\ (CD or DVD) Suche Im normalen Modus ausgefuehrt Kein Befall durch Navipromo/Egdaccess gefunden *** Scan beendet 26.05.2010 10:53:59,31 *** |
|
28.05.2010, 10:07
| #3 |
| | Firefox öffnet automatisch Werbetabs Hallo Arne,
__________________vielen Dank für die Rückmeldung. Ich habe in der Zwischenzeit (vielleicht?) den Grund für meine Probleme identifizieren können: das MS Tool zur Entfernung von Malware hat mir einen "win32/alureon.h" ausgegeben und entfernt(?). Seither funktioniert Firefox wieder anständig und auch Chrome lässt sich anwenden. Ich frage mich nur, warum weder Antivir noch irgendein anderes Programm diesen Virus (?) gefunden hat... Gruß und Dank Tom Hier mein OTL Log Code:
ATTFilter OTL logfile created on: 28.05.2010 09:24:31 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 79,90 Gb Total Space | 7,75 Gb Free Space | 9,70% Space Free | Partition Type: NTFS Drive D: | 146,72 Gb Total Space | 43,57 Gb Free Space | 29,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Windows\System32\DTS.exe () PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Windows\System32\TpShocks.exe (Lenovo.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (dtsvc) -- C:\Windows\System32\DTS.exe () SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe () SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo.) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (vdrvroot) -- C:\Windows\SYSTEM32\DRIVERS\VDRVROOT.SYS (Microsoft Corporation) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.19 12:22:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.19 12:22:48 | 000,000,000 | ---D | M] [2010.05.19 12:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.28 15:19:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.28 15:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.28 15:32:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.27 18:20:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.27 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2010.05.27 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2010.05.27 20:52:53 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2010.05.27 20:52:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2010.05.27 20:52:38 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2010.05.27 20:52:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2010.05.27 20:52:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2010.05.27 20:52:27 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010.05.27 20:52:27 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2010.05.27 20:52:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2010.05.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2010.05.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010.05.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2010.05.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010.05.27 16:34:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.05.27 16:29:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.05.27 16:27:27 | 000,000,000 | ---D | C] -- C:\Device [2010.05.27 16:18:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.05.27 16:18:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.05.27 16:18:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.05.27 16:18:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.05.27 16:18:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.27 16:17:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.05.27 15:04:13 | 000,248,448 | ---- | C] (Intel Corporation) -- C:\Windows\System32\PROUnstl.exe [2010.05.27 15:00:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.27 14:52:07 | 000,032,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS [2010.05.27 14:46:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore [2010.05.26 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Convoy 2009 [2010.05.26 15:39:39 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.05.24 13:19:08 | 000,000,000 | ---D | C] -- C:\Navilog1 [2010.05.24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\navilog1 [2010.05.24 13:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2010.05.24 13:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.05.24 13:03:48 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.24 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.05.20 23:23:19 | 000,000,000 | ---D | C] -- C:\archive_db [2010.05.20 20:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon [2010.05.20 19:04:36 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys [2010.05.20 19:04:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.05.20 19:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2010.05.19 20:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2010.05.19 20:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared [2010.05.19 20:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion [2010.05.19 20:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion [2010.05.14 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spiele [2010.05.13 22:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.13 18:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.05.13 18:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.05.13 18:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010.05.13 18:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.05.13 18:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.05.07 00:05:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.05.06 22:14:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.05.05 10:29:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.05.05 09:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\GanttProject [2010.05.04 18:53:36 | 001,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm50.dll [2010.05.04 18:53:36 | 000,504,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSXML.DLL [2010.05.04 18:53:36 | 000,356,352 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex6.ocx [2010.05.04 18:53:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTKPRP.DLL [2010.05.04 18:53:36 | 000,045,056 | ---- | C] (microTOOL GmbH) -- C:\Windows\System32\native_w32.dll [2010.05.04 18:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\microTOOL [2010.05.04 18:50:39 | 003,541,464 | ---- | C] (Two Pilots) -- C:\Windows\System32\PDFCreatorPilot.dll [2010.05.04 18:50:39 | 000,338,104 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v10.2.ocx [2010.05.02 18:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.05.02 18:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.05.02 13:24:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.05.02 10:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.05.02 01:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2010.05.02 01:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2010.05.02 01:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark [2010.05.02 01:07:31 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcSmartCardProv.dll [2010.05.02 01:07:31 | 000,345,384 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcCredProv.dll [2010.05.02 01:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks [2010.05.02 00:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\DesktopEarth [2010.05.02 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010.05.02 00:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.05.02 00:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.01 23:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010.05.01 23:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010.05.01 23:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010.05.01 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.05.01 23:47:16 | 000,000,000 | R--D | C] -- C:\MSOCache [2010.05.01 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinISO [2010.04.30 22:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2010.04.30 22:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Valve [2010.04.30 16:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010.04.29 17:44:36 | 000,029,272 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll [2010.04.29 12:32:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll [2010.04.29 12:32:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010.04.29 12:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeXnicCenter [2010.04.29 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2010.04.29 12:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.8 [2010.04.29 00:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010.04.28 23:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.04.28 23:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.04.28 18:56:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.28 18:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.04.28 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010.04.28 18:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.04.28 18:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.04.28 18:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.04.28 17:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedProject [2010.04.28 17:06:41 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.04.28 17:06:40 | 000,301,568 | ---- | C] (Sonix) -- C:\Windows\System32\vsnp2uvc.dll [2010.04.28 17:06:40 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.04.28 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SNP2UVC [2010.04.28 17:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage [2010.04.28 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo [2010.04.28 17:05:15 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010.04.28 17:02:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.04.28 17:02:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.04.28 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010.04.28 17:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2010.04.28 17:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010.04.28 16:47:23 | 000,013,480 | ---- | C] (Lenovo Group Limited) -- C:\Windows\System32\drivers\smiif32.sys [2010.04.28 16:46:14 | 000,394,600 | ---- | C] (Lenovo Group Limited) -- C:\Windows\PWMBTHLV.EXE [2010.04.28 16:46:12 | 000,677,224 | ---- | C] (Lenovo Group Limited) -- C:\Windows\System32\PWMCP32V.cpl [2010.04.28 16:46:12 | 000,024,304 | ---- | C] (Lenovo.) -- C:\Windows\System32\drivers\DOZEHDD.SYS [2010.04.28 16:46:12 | 000,011,552 | ---- | C] (Lenovo Group Limited) -- C:\Windows\System32\drivers\TPPWR32V.SYS [2010.04.28 16:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010.04.28 16:45:20 | 000,038,248 | ---- | C] (Lenovo.) -- C:\Windows\System32\ibmpmsvc.exe [2010.04.28 16:45:20 | 000,035,176 | ---- | C] (Lenovo.) -- C:\Windows\System32\tpinspm.dll [2010.04.28 16:45:20 | 000,026,608 | ---- | C] (Lenovo.) -- C:\Windows\System32\drivers\ibmpmdrv.sys [2010.04.28 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2010.04.28 16:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent [2010.04.28 16:44:19 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mesoludlg.exe [2010.04.28 16:44:03 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys [2010.04.28 16:42:38 | 000,262,144 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32A42.dll [2010.04.28 16:42:37 | 001,729,024 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\CX32TP17.dll [2010.04.28 16:42:37 | 000,460,800 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys [2010.04.28 16:42:25 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2010.04.28 16:42:05 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.04.28 16:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect [2010.04.28 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting [2010.04.28 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2010.04.28 16:40:08 | 000,410,624 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\XAudio32.dll [2010.04.28 16:40:08 | 000,258,048 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32M41.dll [2010.04.28 16:40:08 | 000,008,704 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio32.sys [2010.04.28 16:40:07 | 000,981,504 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys [2010.04.28 16:40:07 | 000,661,504 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys [2010.04.28 16:40:07 | 000,207,360 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys [2010.04.28 16:40:07 | 000,094,208 | ---- | C] (Conexant) -- C:\Windows\System32\mdmxsdk.dll [2010.04.28 16:39:46 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll [2010.04.28 16:39:46 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll [2010.04.28 16:39:46 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys [2010.04.28 16:39:46 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys [2010.04.28 16:39:46 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys [2010.04.28 16:39:45 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010.04.28 16:39:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2010.04.28 16:39:25 | 000,989,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\heciudlg.exe [2010.04.28 16:39:24 | 000,000,000 | ---D | C] -- C:\Intel [2010.04.28 16:39:23 | 000,040,832 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\HECI.sys [2010.04.28 16:39:07 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2010.04.28 16:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad [2010.04.28 16:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2010.04.28 16:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2010.04.28 16:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2010.04.28 16:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2010.04.28 16:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo [2010.04.28 16:15:25 | 000,000,000 | ---D | C] -- C:\AuthLog [2010.04.28 16:14:57 | 000,031,680 | ---- | C] (Lenovo (United States) Inc.) -- C:\Windows\System32\drivers\psadd.sys [2010.04.28 16:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.04.28 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo Fingerprint Software [2010.04.28 15:47:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.04.28 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010.04.28 15:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010.04.28 15:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010.04.28 15:40:53 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.04.28 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\VoipStunt [2010.04.28 15:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010.04.28 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.28 15:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.04.28 15:32:27 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.04.28 15:32:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.28 15:32:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.28 15:32:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.28 15:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010.04.28 15:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite [2010.04.28 15:22:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\wocaffe [2010.04.28 15:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSuite [2010.04.28 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2010.04.28 15:20:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.04.28 15:20:00 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.04.28 15:19:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.04.28 15:19:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.04.28 15:19:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.04.28 15:19:55 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.04.28 15:19:54 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.04.28 15:19:52 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.04.28 15:19:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.04.28 15:19:51 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.04.28 15:19:51 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.04.28 15:19:49 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.28 15:19:46 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.04.28 15:19:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.04.28 15:19:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.04.28 15:19:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.04.28 15:19:45 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.04.28 15:19:45 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.04.28 15:19:45 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.04.28 15:19:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.04.28 15:19:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.04.28 15:19:45 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.04.28 15:19:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.04.28 15:19:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.04.28 15:19:44 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.28 15:19:44 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.04.28 15:19:44 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.04.28 15:19:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.04.28 15:19:43 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.28 15:19:42 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.04.28 15:19:42 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.04.28 15:19:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.04.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.04.28 15:19:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.04.28 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.04.28 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010.04.28 15:09:09 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.28 15:08:50 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.04.28 15:08:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.04.28 15:08:50 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.04.28 15:08:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.04.28 15:08:50 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.04.28 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.28 15:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.04.28 15:06:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.04.28 15:05:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Programme [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.04.28 14:58:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.04.28 14:58:34 | 000,000,000 | ---D | C] -- C:\Recovery [2010.04.28 14:51:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.04.28 14:48:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.04.28 14:48:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.04.28 11:48:24 | 000,159,744 | ---- | C] (Lexmark International) -- C:\Windows\System32\lexlog.dlL [2010.04.28 11:48:21 | 000,110,592 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LEXDRVX.DLL [2010.04.28 11:48:21 | 000,098,304 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LEXCFI.DLL [2010.04.28 11:48:17 | 000,041,984 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\DRVNPANT.DLL [2010.02.20 15:35:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2010.05.28 09:24:04 | 000,786,432 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.28 09:19:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.28 09:19:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.28 09:17:48 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.28 09:17:48 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.28 09:17:48 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.28 09:17:48 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.28 09:17:48 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.28 09:11:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.28 09:11:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.28 09:11:28 | 1528,844,288 | -HS- | M] () -- C:\hiberfil.sys [2010.05.27 20:55:42 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.05.27 20:55:42 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.05.27 20:55:42 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.05.27 20:55:38 | 000,780,440 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.27 20:53:31 | 000,002,593 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk [2010.05.27 20:53:05 | 000,109,680 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.27 20:52:28 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2010.05.27 18:20:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.27 16:29:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.05.27 14:52:07 | 000,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VDRVROOT.SYS [2010.05.19 21:21:59 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin [2010.05.04 12:31:55 | 000,008,487 | ---- | M] () -- C:\WirelessDiagLog.csv [2010.05.02 21:20:30 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100503-151816.backup [2010.05.02 01:27:19 | 000,000,067 | ---- | M] () -- C:\Windows\System32\Monitor.inf [2010.05.02 01:27:17 | 000,008,521 | ---- | M] () -- C:\Windows\lmpcl2a.ini [2010.05.01 23:59:33 | 000,410,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.01 23:48:52 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010.05.01 20:41:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.05.01 20:41:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.05.01 13:56:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.28 16:45:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.04.28 16:41:35 | 000,001,867 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2010.04.28 15:32:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.04.28 15:32:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.28 15:32:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.28 15:32:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.28 15:22:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf [2010.04.28 15:20:13 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.04.28 14:52:02 | 000,057,035 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2010.05.27 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.05.27 20:52:28 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.05.27 20:52:28 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010.05.27 20:52:28 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.05.27 20:52:28 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010.05.27 20:52:28 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010.05.27 20:52:27 | 000,786,432 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010.05.27 16:18:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.05.27 16:18:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.05.27 16:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.05.27 16:18:46 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.05.27 16:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.05.26 15:44:44 | 000,002,593 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk [2010.05.26 15:44:44 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2010.05.19 20:53:35 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2010.05.02 01:27:19 | 000,000,067 | ---- | C] () -- C:\Windows\System32\Monitor.inf [2010.05.02 01:27:17 | 000,008,521 | ---- | C] () -- C:\Windows\lmpcl2a.ini [2010.05.01 20:41:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010.05.01 20:41:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010.05.01 13:56:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.28 17:24:59 | 000,008,487 | ---- | C] () -- C:\WirelessDiagLog.csv [2010.04.28 17:06:40 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.04.28 17:06:40 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.04.28 17:06:40 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.04.28 17:06:40 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src [2010.04.28 16:45:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.04.28 16:40:07 | 000,146,036 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty [2010.04.28 15:22:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf [2010.04.28 15:20:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.28 14:48:15 | 1528,844,288 | -HS- | C] () -- C:\hiberfil.sys [2010.04.28 11:48:22 | 000,175,534 | ---- | C] () -- C:\Windows\System32\LMPCLHOW.HLP [2010.04.28 11:48:21 | 000,076,086 | ---- | C] () -- C:\Windows\System32\LEXMV95.HLP [2010.02.20 15:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.02.20 15:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.12.02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > |
|
28.05.2010, 10:08
| #4 |
| | Firefox öffnet automatisch Werbetabs und das Extra: Code:
ATTFilter OTL Extras logfile created on: 28.05.2010 09:24:31 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79,90 Gb Total Space | 7,75 Gb Free Space | 9,70% Space Free | Partition Type: NTFS
Drive D: | 146,72 Gb Total Space | 43,57 Gb Free Space | 29,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.2 Free Edition
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi-Software
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13)
"0D531DBBCCFED6ED4D4C297EE922CEF5D0A99DEE" = Windows-Treiberpaket - Intel (NETw5v32) net (01/13/2010 13.1.1.1)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GanttProject" = GanttProject
"HECI" = Intel(R) Management Engine Interface
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren
"MESOL" = Intel® Active-Management-Technologie
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.0.5
"VoipStunt_is1" = VoipStunt
"Winamp" = Winamp
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2010 10:54:12 | Computer Name = *** | Source = VSS | ID = 8193
Description =
Error - 26.05.2010 10:59:42 | Computer Name = *** | Source = VSS | ID = 8193
Description =
Error - 26.05.2010 11:03:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tvsu.exe, Version: 4.0.0.1, Zeitstempel:
0x4adc2eb3 Name des fehlerhaften Moduls: tvsutil.dll, Version: 0.0.0.0, Zeitstempel:
0x4adc2eb7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002683 ID des fehlerhaften Prozesses:
0xf84 Startzeit der fehlerhaften Anwendung: 0x01cafce4986715d5 Pfad der fehlerhaften
Anwendung: C:\Program Files\Lenovo\System Update\tvsu.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Lenovo\System Update\tvsutil.dll Berichtskennung: dcf9ddc1-68d7-11df-9f65-00247e6a20a7
Error - 27.05.2010 08:43:04 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tvsu.exe, Version: 4.0.0.1, Zeitstempel:
0x4adc2eb3 Name des fehlerhaften Moduls: tvsutil.dll, Version: 0.0.0.0, Zeitstempel:
0x4adc2eb7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002683 ID des fehlerhaften Prozesses:
0x13dc Startzeit der fehlerhaften Anwendung: 0x01cafd9a2543ebfe Pfad der fehlerhaften
Anwendung: C:\Program Files\Lenovo\System Update\tvsu.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Lenovo\System Update\tvsutil.dll Berichtskennung: 63f18b7c-698d-11df-9618-00247e6a20a7
Error - 27.05.2010 10:20:24 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PEV.cfxxe, Version: 0.0.0.0, Zeitstempel:
0x4bd0e994 Name des fehlerhaften Moduls: PEV.cfxxe, Version: 0.0.0.0, Zeitstempel:
0x4bd0e994 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00082899 ID des fehlerhaften Prozesses:
0x55c Startzeit der fehlerhaften Anwendung: 0x01cafda7bd84ac73 Pfad der fehlerhaften
Anwendung: C:\ComboFix\PEV.cfxxe Pfad des fehlerhaften Moduls: C:\ComboFix\PEV.cfxxe
Berichtskennung:
fccaa402-699a-11df-9f04-00247e6a20a7
Error - 27.05.2010 14:46:04 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
SASDIFSV. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 27.05.2010 14:46:04 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
SASKUTIL. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 27.05.2010 14:48:59 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AtService.exe, Version: 3.3.2.27,
Zeitstempel: 0x4b6c027f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x39c Startzeit der fehlerhaften Anwendung: 0x01cafda8d7e29545 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AtService.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 822bef54-69c0-11df-89dd-00247e6a20a7
Error - 27.05.2010 14:52:40 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0000046b Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0xe00 Startzeit der fehlerhaften Anwendung: 0x01cafdcdb48a36b5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 061c938e-69c1-11df-9982-00247e6a20a7
Error - 27.05.2010 15:17:51 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax.
[ System Events ]
Error - 27.05.2010 10:19:52 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 27.05.2010 10:26:52 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 27.05.2010 10:26:59 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 27.05.2010 10:28:15 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2010 um 16:27:18 unerwartet heruntergefahren.
Error - 27.05.2010 11:02:15 | Computer Name = *** | Source = BROWSER | ID = 8032
Description =
Error - 27.05.2010 14:49:02 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "AuthenTec Fingerprint Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 27.05.2010 14:49:04 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 27.05.2010 14:52:48 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 27.05.2010 17:58:47 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 28.05.2010 03:11:49 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14
< End of report >
|
|
| Themen zu Firefox öffnet automatisch Werbetabs |
| antivir guard, auswerten, avira, bho, bildschirm, browser, desktop, excel, firefox, google, google chrome, google suchergebnisse, hijack, hijackthis, internet, lenovo, local disk, malware, malware gefunden, navipromo, neue tabs, neue tabs mit werbung, notification, object, plug-in, problem, programm, registry, safer networking, security, software, super, system, tabs mit werbung, trotz verbindung, virus, werbetab, werbung, windows, öffnet automatisch |
Linear-Darstellung
