Trojaner Win32/Bumat!rts |
||
|---|---|---|
| #0
| ||
|
11.02.2011, 23:03
...neu hier
Beiträge: 8 |
||
 
|
|
|
|
12.02.2011, 13:06
Moderator
Beiträge: 5694 |
#2
Hallo und herzlich Willkommen auf Protecus.de
Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte: • Halte Dich an die Anweisungen des jeweiligen Helfers. • Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an. • Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden. • Bitte arbeite jeden Schritt der Reihe nach ab. • Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben. • Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt. • Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist. • Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden. • Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden. • Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird. • Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert. • Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät. • In letzter Instanz ist dann immer der User welcher entscheidet. Vista und Win7 User: Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen. Schritt 1 Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf) Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter: Malwarebytes * Anwendbar auf Windows 2000, XP, Vista und Windows 7. * Installiere das Programm in den vorgegebenen Pfad. * Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten. * Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand. * Aktiviere "Komplett Scan durchführen" => Scan. * Wähle alle verfügbaren Laufwerke aus und starte den Scan. * Wenn der Scan beendet ist, klicke auf "Zeige Resultate". * Bei Funden in C:\System Volume Information den Haken entfernen. Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren. Er könnte jedoch trotz Malware noch gebraucht werden. * Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen". * Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread. * Nachträglich kannst du den Bericht unter "Scan-Berichte" finden. * Berichte, wie der Rechner nun läuft. Schritt 2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop • Starte bitte die OTL.exe. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die  Textbox.Code netsvcs• Schliesse bitte nun alle Programme. (Wichtig) • Klicke nun bitte auf den Quick Scan Button. • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread |
|
|
|
|
|
|
12.02.2011, 16:54
...neu hier
Themenstarter Beiträge: 8 |
#3
Hallo,
vielen Dank schon mal! Habe hier die Textdateien von Malwarebytes und OTL. Rechner läuft soweit ganz gut, außer das FileZila heute abgeschmiert ist, was sonst nicht passiert ist. Hier Malwarebytes Bericht: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5742 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.02.2011 16:33:23 mbam-log-2011-02-12 (16-33-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 236309 Laufzeit: 22 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier OTL.txt Bericht: OTL logfile created on: 12.02.2011 16:41:18 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ela\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 906,34 Gb Total Space | 873,12 Gb Free Space | 96,33% Space Free | Partition Type: NTFS Drive D: | 548,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ELA-PC | User Name: Ela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011.02.11 21:44:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Downloads\OTL.exe PRC - [2011.02.10 12:55:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.11.30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.03.06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.16 08:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Programme\jmesoft\hotkey.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.06.26 11:16:42 | 007,596,576 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.06.03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\Lenovo\Power2Go\CLMLSvc.exe PRC - [2009.01.14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011.02.11 21:44:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Downloads\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.01.14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011.02.12 16:09:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1388292C-BB85-40A0-8D3E-A8E0895E2CBB}\MpKsl4fd7b8ac.sys -- (MpKsl4fd7b8ac) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2010.01.19 10:12:00 | 000,163,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.07.21 20:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.26 09:43:22 | 002,385,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.22 15:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.03.02 10:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2008.08.06 11:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.30 19:22:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.10 19:26:25 | 000,000,000 | ---D | M] [2011.01.31 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\Mozilla\Extensions [2011.01.31 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\Mozilla\Firefox\Profiles\569jndvw.default\extensions [2011.01.30 19:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.11 17:03:26 | 000,002,256 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O1 - Hosts: 127.0.0.1 activate.adobe.de O1 - Hosts: 24 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo) O4 - HKLM..\Run: [jmekey] C:\Programme\jmesoft\hotkey.exe (JME) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] File not found O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Spyware Doctor] C:\Users\Ela\Desktop\sdsetup.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.10.31 04:25:51 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2006.10.31 04:25:51 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\Shell\configure\command - "" = D:\setup.exe -- [2006.10.31 04:25:51 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\Shell\install\command - "" = D:\setup.exe -- [2006.10.31 04:25:51 | 000,463,152 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation) NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation) NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation) NetSvcs: lanmanserver - C:\Windows\System32\srvsvc.dll (Microsoft Corporation) NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation) NetSvcs: IKEEXT - C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation) NetSvcs: AudioSrv - C:\Windows\System32\audiosrv.dll (Microsoft Corporation) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Irmon - C:\windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation) NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation) NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation) NetSvcs: SENS - C:\Windows\System32\Sens.dll (Microsoft Corporation) NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation) NetSvcs: SRService - File not found NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation) NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation) NetSvcs: wuauserv - C:\Windows\System32\wuaueng.dll (Microsoft Corporation) NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation) NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation) NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation) NetSvcs: seclogon - C:\Windows\System32\seclogon.dll (Microsoft Corporation) NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation) NetSvcs: msiscsi - C:\Windows\System32\iscsiexe.dll (Microsoft Corporation) NetSvcs: MMCSS - C:\Windows\System32\mmcss.dll (Microsoft Corporation) NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation) NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation) NetSvcs: ProfSvc - C:\Windows\System32\profsvc.dll (Microsoft Corporation) NetSvcs: schedule - C:\Windows\System32\schedsvc.dll (Microsoft Corporation) NetSvcs: hkmsvc - C:\Windows\System32\KMSVC.DLL (Microsoft Corporation) NetSvcs: SessionEnv - C:\Windows\System32\SessEnv.dll (Microsoft Corporation) NetSvcs: winmgmt - C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation) NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation) NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.02.11 21:47:30 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Malwarebytes [2011.02.11 21:46:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011.02.11 21:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.11 21:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.11 21:46:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011.02.11 21:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.11 21:04:09 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Wireshark [2011.02.10 13:01:13 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Google [2011.02.10 12:55:04 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.02.10 12:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.02.10 12:50:30 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software [2011.02.10 12:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2011.02.07 18:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.02.07 18:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.02.07 18:27:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2011.02.07 18:27:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.02.07 18:25:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8 [2011.02.07 18:23:30 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.02.02 00:45:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Apple Computer [2011.02.02 00:45:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apple Computer [2011.02.01 19:00:33 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\NCH Software [2011.01.31 10:51:17 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Mozilla [2011.01.30 23:22:53 | 000,000,000 | ---D | C] -- C:\Users\Ela\jquery [2011.01.30 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.30 19:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.01.30 19:22:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.01.30 19:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2011.01.30 19:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.01.30 19:20:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.01.30 19:20:41 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apple [2011.01.30 19:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.01.30 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.01.30 17:27:36 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.01.30 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Google [2011.01.30 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Deployment [2011.01.30 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apps [2011.01.30 13:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.01.30 13:42:57 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Microsoft Help [2011.01.30 13:38:04 | 000,000,000 | ---D | C] -- C:\Users\Ela\Photoshop [2011.01.30 13:36:53 | 000,000,000 | ---D | C] -- C:\windows\SQL9_KB970892_ENU [2011.01.29 23:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\Adobe Scripts [2011.01.29 23:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.01.29 23:45:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player [2011.01.29 23:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2011.01.29 23:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2011.01.29 23:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.01.29 23:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.01.29 23:41:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.01.29 23:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Adobe [2011.01.29 23:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ela\Desktop\Adobe CS5 [2011.01.29 21:39:36 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\gtk-2.0 [2011.01.29 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Ela\.thumbnails [2011.01.29 21:10:23 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Weaverslave [2011.01.29 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weaverslave [2011.01.29 21:10:16 | 000,000,000 | ---D | C] -- C:\Programme\Weaverslave [2011.01.29 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Mozilla [2011.01.29 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\KompoZer [2011.01.29 19:58:01 | 000,000,000 | ---D | C] -- C:\Users\Ela\webseiten [2011.01.29 19:15:13 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2011.01.29 13:43:32 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.28 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\gegl-0.0 [2011.01.28 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Ela\.gimp-2.6 [2011.01.28 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\FileZilla [2011.01.28 22:27:33 | 000,000,000 | ---D | C] -- C:\Programme\ExtractNow [2011.01.28 22:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtractNow [2011.01.28 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Ela\Diktate [2011.01.28 22:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs [2011.01.28 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\NCH Swift Sound [2011.01.28 22:15:57 | 000,000,000 | ---D | C] -- C:\Programme\NCH Swift Sound [2011.01.28 22:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound [2011.01.28 22:15:35 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\Downloads [2011.01.28 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\GetRightToGo [2011.01.28 22:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.01.28 22:11:22 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2011.01.28 21:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.01.28 21:36:37 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Macromedia [2011.01.28 21:35:43 | 000,000,000 | -H-D | C] -- C:\Lenovo [2011.01.28 21:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Adobe [2011.01.28 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Lenovo [2011.01.28 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Power2Go [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\Searches [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.01.28 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Identities [2011.01.28 21:03:03 | 000,000,000 | R--D | C] -- C:\Users\Ela\Contacts [2011.01.28 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\VirtualStore [2011.01.28 21:02:58 | 000,000,000 | --SD | C] -- C:\Users\Ela\AppData\Roaming\Microsoft [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Videos [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Saved Games [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Pictures [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Music [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Links [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Favorites [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Downloads [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Documents [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Desktop [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Vorlagen [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Verlauf [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Temporary Internet Files [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Startmenü [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\SendTo [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Recent [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Netzwerkumgebung [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Lokale Einstellungen [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Videos [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Musik [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Eigene Dateien [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Bilder [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Druckumgebung [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Cookies [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Anwendungsdaten [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Anwendungsdaten [2011.01.28 21:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Ela\AppData [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Temp [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Microsoft [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Media Center Programs [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Programme [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2010.06.20 13:29:54 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.02.12 16:28:01 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004UA.job [2011.02.12 16:17:04 | 000,013,424 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.12 16:17:04 | 000,013,424 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.12 16:15:49 | 000,702,698 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011.02.12 16:15:49 | 000,655,800 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011.02.12 16:15:49 | 000,150,714 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011.02.12 16:15:49 | 000,121,892 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011.02.12 16:09:27 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.12 16:09:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011.02.12 16:09:00 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys [2011.02.11 23:00:00 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.11 22:08:26 | 000,054,402 | ---- | M] () -- C:\Users\Ela\Desktop\MSE.PNG [2011.02.11 21:46:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.11 21:14:19 | 000,002,284 | ---- | M] () -- C:\Users\Ela\Desktop\Lenovo Rescue System.lnk [2011.02.11 17:28:00 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004Core.job [2011.02.11 15:34:13 | 000,002,385 | ---- | M] () -- C:\Users\Ela\Desktop\Google Chrome.lnk [2011.02.10 22:13:22 | 000,000,132 | ---- | M] () -- C:\Users\Ela\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.10 20:22:12 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.02.10 19:25:35 | 003,777,744 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011.02.10 13:00:11 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.10 12:51:34 | 000,047,716 | ---- | M] () -- C:\Users\Ela\Documents\tk_kochbuch_aok_rp_dez10.docx [2011.02.10 12:46:08 | 004,545,527 | ---- | M] () -- C:\Users\Ela\Desktop\tk_kochbuch_aok_rp_dez10.pdf [2011.01.30 19:22:39 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.30 17:22:31 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.01.30 13:42:13 | 000,000,946 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2011.01.29 22:11:22 | 000,002,158 | ---- | M] () -- C:\Users\Ela\.recently-used.xbel [2011.01.29 14:00:28 | 000,013,237 | ---- | M] () -- C:\Users\Ela\Desktop\Windows Defender - Verknüpfung.lnk [2011.01.29 13:44:25 | 000,002,154 | ---- | M] () -- C:\windows\epplauncher.mif [2011.01.29 03:01:45 | 000,052,953 | ---- | M] () -- C:\windows\System32\license.rtf [2011.01.28 22:27:35 | 000,000,989 | ---- | M] () -- C:\Users\Ela\Desktop\ExtractNow.lnk [2011.01.28 22:17:41 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Express Dictate.lnk [2011.01.28 22:17:16 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Express Scribe.lnk [2011.01.28 22:11:31 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.01.28 21:38:30 | 000,512,992 | ---- | M] () -- C:\Users\Ela\Desktop\sdsetup.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.02.11 22:08:26 | 000,054,402 | ---- | C] () -- C:\Users\Ela\Desktop\MSE.PNG [2011.02.11 21:46:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 13:00:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.02.10 13:00:11 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.10 12:55:39 | 000,001,090 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.10 12:55:38 | 000,001,086 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.10 12:51:34 | 000,047,716 | ---- | C] () -- C:\Users\Ela\Documents\tk_kochbuch_aok_rp_dez10.docx [2011.02.10 12:46:07 | 004,545,527 | ---- | C] () -- C:\Users\Ela\Desktop\tk_kochbuch_aok_rp_dez10.pdf [2011.02.01 22:20:56 | 000,000,132 | ---- | C] () -- C:\Users\Ela\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.30 23:40:48 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk [2011.01.30 19:22:39 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.30 19:21:24 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011.01.30 19:21:24 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.01.30 19:20:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.01.30 17:27:37 | 000,002,385 | ---- | C] () -- C:\Users\Ela\Desktop\Google Chrome.lnk [2011.01.30 17:23:49 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004UA.job [2011.01.30 17:23:47 | 000,001,058 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004Core.job [2011.01.30 17:22:31 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.01.29 23:47:07 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk [2011.01.29 23:46:35 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2011.01.29 23:46:19 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2011.01.29 23:44:44 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2011.01.29 23:44:38 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011.01.29 23:44:00 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011.01.29 22:11:22 | 000,002,158 | ---- | C] () -- C:\Users\Ela\.recently-used.xbel [2011.01.29 14:00:28 | 000,013,237 | ---- | C] () -- C:\Users\Ela\Desktop\Windows Defender - Verknüpfung.lnk [2011.01.29 13:43:34 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.01.29 13:39:53 | 000,002,154 | ---- | C] () -- C:\windows\epplauncher.mif [2011.01.28 22:27:35 | 000,000,989 | ---- | C] () -- C:\Users\Ela\Desktop\ExtractNow.lnk [2011.01.28 22:17:41 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk [2011.01.28 22:17:41 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Express Dictate.lnk [2011.01.28 22:17:16 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk [2011.01.28 22:17:16 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Express Scribe.lnk [2011.01.28 22:11:31 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.01.28 21:39:01 | 000,512,992 | ---- | C] () -- C:\Users\Ela\Desktop\sdsetup.exe [2011.01.28 21:03:15 | 000,001,409 | ---- | C] () -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.01.28 21:02:58 | 000,002,284 | ---- | C] () -- C:\Users\Ela\Desktop\Lenovo Rescue System.lnk [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll [2010.06.20 13:26:09 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll [2010.06.20 13:17:09 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [color=#E56717]========== LOP Check ==========[/color] [2011.01.30 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.02.11 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\FileZilla [2011.01.28 22:25:38 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\GetRightToGo [2011.01.29 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\gtk-2.0 [2011.01.29 20:03:52 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\KompoZer [2011.01.28 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\NCH Swift Sound [2011.01.29 21:10:23 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\Weaverslave [2011.02.11 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\Wireshark [2009.07.14 05:53:46 | 000,009,186 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp  FC5A2B2< End of report > Hier OTL.txt Extra Bericht: OTL Extras logfile created on: 12.02.2011 16:41:18 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ela\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 906,34 Gb Total Space | 873,12 Gb Free Space | 96,33% Space Free | Partition Type: NTFS Drive D: | 548,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ELA-PC | User Name: Ela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A79C1D34-2831-4A5D-91C7-279EF892B5CF}" = Lenovo Software Instruction "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9E1716E-C8C2-4F75-A17A-9B0CF239E177}" = Genesys USB Mass Storage Device "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ENTERPRISER" = Microsoft Office Enterprise 2007 "Express" = Express Dictate "ExtractNow_is1" = ExtractNow "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Scribe" = Express Scribe "TVWiz" = Intel(R) TV Wizard "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 28.01.2011 16:30:24 | Computer Name = Ela-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 29.01.2011 06:58:58 | Computer Name = Ela-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 29.01.2011 08:39:53 | Computer Name = Ela-PC | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error - 30.01.2011 08:42:41 | Computer Name = Ela-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 30.01.2011 08:42:41 | Computer Name = Ela-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 30.01.2011 08:42:41 | Computer Name = Ela-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 30.01.2011 08:42:41 | Computer Name = Ela-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ System Events ] Error - 28.01.2011 16:34:31 | Computer Name = Ela-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "Windows Update" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 30.01.2011 12:21:56 | Computer Name = Ela-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?01.?2011 um 13:53:28 unerwartet heruntergefahren. Error - 30.01.2011 12:22:28 | Computer Name = Ela-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%16405 Error - 30.01.2011 12:22:37 | Computer Name = Ela-PC | Source = DCOM | ID = 10010 Description = Error - 30.01.2011 12:22:37 | Computer Name = Ela-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error - 30.01.2011 12:22:37 | Computer Name = Ela-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error - 01.02.2011 13:48:39 | Computer Name = Ela-PC | Source = Microsoft Antimalware | ID = 3002 Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842 Error - 02.02.2011 07:56:01 | Computer Name = Ela-PC | Source = Microsoft Antimalware | ID = 2001 Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.97.840.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe: %%854 Quellpfad: http://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.6502.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation. Error - 02.02.2011 07:56:24 | Computer Name = Ela-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.97.875.0) < End of report > |
|
|
|
|
|
|
13.02.2011, 00:55
Moderator
Beiträge: 5694 |
||
|
|
|
|
|
13.02.2011, 10:00
...neu hier
Themenstarter Beiträge: 8 |
#5
Guten morgen,
das kann ich nicht gar nicht sagen denn ich habe die Programme nicht selbst installiert, das war ein Bekannter von mir..., ich kann mir aber eigentlich nicht vorstellen, dass er sowas macht?!? Ist mein PC denn jetzt verseucht oder nicht??? Was soll ich jetzt machen??? LG Dani |
|
|
|
|
|
|
13.02.2011, 22:04
Moderator
Beiträge: 5694 |
#6
Wir reinigen keine Systeme auf welchem illegal erworbene Programme laufen. Und da einiges auf das hindeuten will ich zuerst wissen woher das Programm ist. Falls es nicht legal ist dann deinstalliere es bitte.
|
|
|
|
|
|
|
14.02.2011, 13:27
...neu hier
Themenstarter Beiträge: 8 |
#7
Ok, das werde ich tun! Ich möchte ja selbst keine illegalen Programme auf meinem PC haben. Der Bekannte arbeitet als Mediengestalter, ich bin davon ausgegangen, dass dieser nur Programme hat, die ok sind.
Also, ich werde Photoshop deinstallieren, aber wie geht es dann weiter??? Kann mir dann hier geholfen werden? LG Dani |
|
|
|
|
|
|
14.02.2011, 18:33
Moderator
Beiträge: 5694 |
#8
Schritt 1
Fixen mit OTL • Starte bitte die OTL.exe. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die Textbox.Code :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt) Kopiere nun den Inhalt hier in Deinen Thread Schritt 2 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten. Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten. • Dein Anti-Virus-Programm während des Scans deaktivieren. • Button  drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.• IE-User: müssen das Installieren eines ActiveX Elements erlauben. • Setze den einen Hacken bei Yes, i accept the Terms of Use. • Drücke den  Button.• Warte bis die Komponenten herunter geladen wurden. • Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch. Wenn der Scan beendet wurde • Klicke Finish.• Browser schließen. • Explorer öffnen. • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen. • Logfile hier posten. |
|
|
|
|
|
|
14.02.2011, 21:38
...neu hier
Themenstarter Beiträge: 8 |
#9
Hallo,
und vielen Dank für die Hilfe. Photoshop habe ich deinstalliert und die Programmen durchlaufen lassen.... Hier die Dateien: OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} deleted successfully. File D:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. File D:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. File D:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef9d47fb-7c64-11df-bba7-806e6f6e6963}\ not found. File D:\setup.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Dani Privat ->Temp folder emptied: 51539 bytes ->Temporary Internet Files folder emptied: 5963121 bytes ->Flash cache emptied: 56502 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ela ->Temp folder emptied: 2671694 bytes ->Temporary Internet Files folder emptied: 53029120 bytes ->FireFox cache emptied: 67549176 bytes ->Google Chrome cache emptied: 13899636 bytes ->Apple Safari cache emptied: 11194368 bytes ->Flash cache emptied: 59062 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2361231 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 150,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02142011_203755 Eset Online Scanner: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=9638b156e68ced468de3c83ccbed9318 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-14 08:33:24 # local_time=2011-02-14 09:33:24 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 100 94 1411857 49344364 0 0 # compatibility_mode=8192 67108863 100 0 3860 3860 0 0 # scanned=85659 # found=0 # cleaned=0 # scan_time=2431 LG Dani |
|
|
|
|
|
|
14.02.2011, 21:39
Moderator
Beiträge: 5694 |
#10
CustomScan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop • Starte bitte die OTL.exe. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die Textbox.Code netsvcs • Schliesse bitte nun alle Programme. (Wichtig) • Klicke nun bitte auf den Quick Scan Button. • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread |
|
|
|
|
|
|
14.02.2011, 23:06
...neu hier
Themenstarter Beiträge: 8 |
#11
Hallo,
hier die Datei von OTL: OTL logfile created on: 14.02.2011 22:39:46 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ela\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 906,34 Gb Total Space | 874,17 Gb Free Space | 96,45% Space Free | Partition Type: NTFS Drive I: | 3,88 Gb Total Space | 0,78 Gb Free Space | 20,07% Space Free | Partition Type: FAT32 Computer Name: ELA-PC | User Name: Ela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011.02.11 21:44:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Downloads\OTL.exe PRC - [2011.02.10 12:55:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.11.30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.09.28 10:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\HealthCare\HealthCare.exe PRC - [2009.07.16 08:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Programme\jmesoft\hotkey.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.06.26 11:16:42 | 007,596,576 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.06.03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\Lenovo\Power2Go\CLMLSvc.exe PRC - [2009.01.14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011.02.11 21:44:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ela\Downloads\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.01.14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | System | Running] -- -- (MpKslc31591db) DRV - [2011.02.14 21:39:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85682B0A-EF69-4111-A065-0EC0C6A6E772}\MpKsled5c7aff.sys -- (MpKsled5c7aff) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.08.25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2010.01.19 10:12:00 | 000,163,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.07.21 20:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.26 09:43:22 | 002,385,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.22 15:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.03.02 10:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV - [2008.08.06 11:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.30 19:22:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.10 19:26:25 | 000,000,000 | ---D | M] [2011.01.31 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\Mozilla\Extensions [2011.01.31 10:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ela\AppData\Roaming\Mozilla\Firefox\Profiles\569jndvw.default\extensions [2011.01.30 19:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.11 17:03:26 | 000,002,256 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O1 - Hosts: 127.0.0.1 activate.adobe.de O1 - Hosts: 24 more lines... O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo) O4 - HKLM..\Run: [jmekey] C:\Programme\jmesoft\hotkey.exe (JME) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Spyware Doctor] C:\Users\Ela\Desktop\sdsetup.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.02.14 20:48:33 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.02.14 20:37:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.13 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\Active scan [2011.02.13 19:07:36 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys [2011.02.13 19:07:32 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2011.02.13 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\Ela\Desktop\Unbenannt-Dateien [2011.02.11 21:47:30 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Malwarebytes [2011.02.11 21:46:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011.02.11 21:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.11 21:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.11 21:46:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011.02.11 21:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.11 21:04:09 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Wireshark [2011.02.10 13:01:13 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Google [2011.02.10 12:55:04 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.02.10 12:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.02.10 12:50:30 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software [2011.02.10 12:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2011.02.07 18:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.02.07 18:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.02.07 18:27:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2011.02.07 18:27:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.02.07 18:25:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8 [2011.02.07 18:23:30 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.02.02 00:45:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Apple Computer [2011.02.02 00:45:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apple Computer [2011.02.01 19:00:33 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\NCH Software [2011.01.31 10:51:17 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Mozilla [2011.01.30 23:22:53 | 000,000,000 | ---D | C] -- C:\Users\Ela\jquery [2011.01.30 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.30 19:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.01.30 19:22:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.01.30 19:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.01.30 19:20:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.01.30 19:20:41 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apple [2011.01.30 19:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.01.30 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.01.30 17:27:36 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.01.30 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Google [2011.01.30 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Deployment [2011.01.30 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Apps [2011.01.30 13:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.01.30 13:42:57 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Microsoft Help [2011.01.30 13:38:04 | 000,000,000 | ---D | C] -- C:\Users\Ela\Photoshop [2011.01.30 13:36:53 | 000,000,000 | ---D | C] -- C:\windows\SQL9_KB970892_ENU [2011.01.29 23:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\Adobe Scripts [2011.01.29 23:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.01.29 23:45:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player [2011.01.29 23:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2011.01.29 23:43:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2011.01.29 23:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.01.29 23:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.01.29 23:41:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.01.29 23:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Adobe [2011.01.29 23:30:22 | 000,000,000 | ---D | C] -- C:\Users\Ela\Desktop\Adobe CS5 [2011.01.29 21:39:36 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\gtk-2.0 [2011.01.29 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Ela\.thumbnails [2011.01.29 21:10:23 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Weaverslave [2011.01.29 21:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weaverslave [2011.01.29 21:10:16 | 000,000,000 | ---D | C] -- C:\Programme\Weaverslave [2011.01.29 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Mozilla [2011.01.29 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\KompoZer [2011.01.29 19:58:01 | 000,000,000 | ---D | C] -- C:\Users\Ela\webseiten [2011.01.29 19:15:13 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2011.01.29 13:43:32 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.28 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\gegl-0.0 [2011.01.28 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Ela\.gimp-2.6 [2011.01.28 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\FileZilla [2011.01.28 22:27:33 | 000,000,000 | ---D | C] -- C:\Programme\ExtractNow [2011.01.28 22:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtractNow [2011.01.28 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Ela\Diktate [2011.01.28 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\NCH Swift Sound [2011.01.28 22:15:57 | 000,000,000 | ---D | C] -- C:\Programme\NCH Swift Sound [2011.01.28 22:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound [2011.01.28 22:15:35 | 000,000,000 | ---D | C] -- C:\Users\Ela\Documents\Downloads [2011.01.28 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\GetRightToGo [2011.01.28 22:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.01.28 22:11:22 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2011.01.28 21:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.01.28 21:36:37 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Macromedia [2011.01.28 21:35:43 | 000,000,000 | -H-D | C] -- C:\Lenovo [2011.01.28 21:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Adobe [2011.01.28 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Lenovo [2011.01.28 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Power2Go [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\Searches [2011.01.28 21:03:14 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.01.28 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Identities [2011.01.28 21:03:03 | 000,000,000 | R--D | C] -- C:\Users\Ela\Contacts [2011.01.28 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\VirtualStore [2011.01.28 21:02:58 | 000,000,000 | --SD | C] -- C:\Users\Ela\AppData\Roaming\Microsoft [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Videos [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Saved Games [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Pictures [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Music [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Links [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Favorites [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Downloads [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Documents [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\Desktop [2011.01.28 21:02:58 | 000,000,000 | R--D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Vorlagen [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Verlauf [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Temporary Internet Files [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Startmenü [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\SendTo [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Recent [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Netzwerkumgebung [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Lokale Einstellungen [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Videos [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Musik [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Eigene Dateien [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Documents\Eigene Bilder [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Druckumgebung [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Cookies [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\AppData\Local\Anwendungsdaten [2011.01.28 21:02:58 | 000,000,000 | -HSD | C] -- C:\Users\Ela\Anwendungsdaten [2011.01.28 21:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Ela\AppData [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Temp [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Local\Microsoft [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Media Center Programs [2011.01.28 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Programme [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2011.01.28 21:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2010.06.20 13:29:54 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.02.14 22:28:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004UA.job [2011.02.14 22:00:00 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.14 20:46:00 | 000,013,424 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 20:46:00 | 000,013,424 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 20:43:12 | 000,702,698 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011.02.14 20:43:12 | 000,655,800 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011.02.14 20:43:12 | 000,150,714 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011.02.14 20:43:12 | 000,121,892 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011.02.14 20:39:28 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.14 20:38:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011.02.14 20:38:48 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys [2011.02.14 17:28:00 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004Core.job [2011.02.14 00:03:27 | 000,000,132 | ---- | M] () -- C:\Users\Ela\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.13 14:22:19 | 000,028,971 | ---- | M] () -- C:\Users\Ela\Desktop\Unbenannt.htm [2011.02.13 14:20:00 | 000,030,208 | ---- | M] () -- C:\Users\Ela\Documents\Serial und Hosts.doc [2011.02.13 14:20:00 | 000,030,208 | ---- | M] () -- C:\Users\Ela\Desktop\Serial und Hosts.doc [2011.02.11 21:46:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.11 21:14:19 | 000,002,284 | ---- | M] () -- C:\Users\Ela\Desktop\Lenovo Rescue System.lnk [2011.02.11 15:34:13 | 000,002,385 | ---- | M] () -- C:\Users\Ela\Desktop\Google Chrome.lnk [2011.02.10 19:25:35 | 003,777,744 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011.02.10 13:00:11 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.10 12:51:34 | 000,047,716 | ---- | M] () -- C:\Users\Ela\Documents\tk_kochbuch_aok_rp_dez10.docx [2011.01.30 19:22:39 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.30 17:22:31 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.01.30 13:42:13 | 000,000,946 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2011.01.29 22:11:22 | 000,002,158 | ---- | M] () -- C:\Users\Ela\.recently-used.xbel [2011.01.29 14:00:28 | 000,013,237 | ---- | M] () -- C:\Users\Ela\Desktop\Windows Defender - Verknüpfung.lnk [2011.01.29 13:44:25 | 000,002,154 | ---- | M] () -- C:\windows\epplauncher.mif [2011.01.29 03:01:45 | 000,052,953 | ---- | M] () -- C:\windows\System32\license.rtf [2011.01.28 22:27:35 | 000,000,989 | ---- | M] () -- C:\Users\Ela\Desktop\ExtractNow.lnk [2011.01.28 22:17:16 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Express Scribe.lnk [2011.01.28 22:11:31 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.01.28 21:38:30 | 000,512,992 | ---- | M] () -- C:\Users\Ela\Desktop\sdsetup.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.02.13 14:22:18 | 000,028,971 | ---- | C] () -- C:\Users\Ela\Desktop\Unbenannt.htm [2011.02.13 14:20:00 | 000,030,208 | ---- | C] () -- C:\Users\Ela\Documents\Serial und Hosts.doc [2011.02.13 14:20:00 | 000,030,208 | ---- | C] () -- C:\Users\Ela\Desktop\Serial und Hosts.doc [2011.02.11 21:46:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.10 13:00:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.02.10 13:00:11 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.02.10 12:55:39 | 000,001,090 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.10 12:55:38 | 000,001,086 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.10 12:51:34 | 000,047,716 | ---- | C] () -- C:\Users\Ela\Documents\tk_kochbuch_aok_rp_dez10.docx [2011.02.01 22:20:56 | 000,000,132 | ---- | C] () -- C:\Users\Ela\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.30 23:40:48 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk [2011.01.30 19:22:39 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.30 19:20:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.01.30 17:27:37 | 000,002,385 | ---- | C] () -- C:\Users\Ela\Desktop\Google Chrome.lnk [2011.01.30 17:23:49 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004UA.job [2011.01.30 17:23:47 | 000,001,058 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280375408-633574853-2996590693-1004Core.job [2011.01.30 17:22:31 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.01.29 23:46:19 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2011.01.29 23:44:44 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2011.01.29 23:44:38 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011.01.29 23:44:00 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011.01.29 22:11:22 | 000,002,158 | ---- | C] () -- C:\Users\Ela\.recently-used.xbel [2011.01.29 14:00:28 | 000,013,237 | ---- | C] () -- C:\Users\Ela\Desktop\Windows Defender - Verknüpfung.lnk [2011.01.29 13:43:34 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.01.29 13:39:53 | 000,002,154 | ---- | C] () -- C:\windows\epplauncher.mif [2011.01.28 22:27:35 | 000,000,989 | ---- | C] () -- C:\Users\Ela\Desktop\ExtractNow.lnk [2011.01.28 22:17:16 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk [2011.01.28 22:17:16 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Express Scribe.lnk [2011.01.28 22:11:31 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.01.28 21:39:01 | 000,512,992 | ---- | C] () -- C:\Users\Ela\Desktop\sdsetup.exe [2011.01.28 21:03:15 | 000,001,409 | ---- | C] () -- C:\Users\Ela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.01.28 21:02:58 | 000,002,284 | ---- | C] () -- C:\Users\Ela\Desktop\Lenovo Rescue System.lnk [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll [2010.06.20 13:26:09 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll [2010.06.20 13:17:09 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [color=#E56717]========== LOP Check ==========[/color] [2011.01.30 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.02.14 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\FileZilla [2011.01.28 22:25:38 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\GetRightToGo [2011.01.29 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\gtk-2.0 [2011.01.29 20:03:52 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\KompoZer [2011.02.13 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\NCH Swift Sound [2011.01.29 21:10:23 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\Weaverslave [2011.02.11 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ela\AppData\Roaming\Wireshark [2009.07.14 05:53:46 | 000,010,950 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011.02.14 20:38:48 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys [2010.06.20 13:53:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.06.20 13:53:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.02.14 20:38:50 | 2010,374,144 | -HS- | M] () -- C:\pagefile.sys [2010.06.20 13:17:50 | 000,001,879 | ---- | M] () -- C:\RHDSetup.log [color=#A23BEC]< %systemroot%\system32\*.wt >[/color] [color=#A23BEC]< %systemroot%\system32\*.ruy >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2009.07.14 02:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [2009.07.10 12:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color] [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color] [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll [color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color] [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-10 22:02:20 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp FC5A2B2< End of report > |
|
|
|
|
|
|
15.02.2011, 19:13
Moderator
Beiträge: 5694 |
#12
Hast Du noch Beschwerden?
|
|
|
|
|
|
|
15.02.2011, 20:39
...neu hier
Themenstarter Beiträge: 8 |
#13
Momentan würde ich sagen, dass alles ok ist... Kannst du/sie mir vielleicht noch einen Tipp geben, wie ich meinen PC besser schützen kann?! Habe nur Microsoft security essentials als Virenprogramm drauf... Reicht das??? Kann ich jetzt ein sauberes Abbild von meinem System machen? Brennt man sowas auf CD oder schiebt man das auf ne Festplatte???
Ich möchte mich auch nochmal bedanken!!! Also, vielen, vielen Dank!!!! |
|
|
|
|
|
|
15.02.2011, 20:43
Moderator
Beiträge: 5694 |
#14
Du kannst jetzt ein Backup machen. Ich würde Dir raten dies auf eine externe Platte zu sicher. Vorallem alle Daten.
Nachsorge Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra  .Erstelle einen neuen Systemwiederherstellungspunkt Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User). • Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung • Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter • Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen. • Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen • Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK. Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen. Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt. Massnahmen: Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra .Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren. Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen. Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten. "Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen. Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren: • System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren). • Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen. • Internet Explorer sicher konfigurieren. • Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten. • Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren. • Nicht alles anklicken, wo klickmich draufsteht! • Gesunden Menschenverstand und Vorsicht walten lassen, • insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc., • am besten auf Filesharing über P2P-Programme ganz verzichten. • Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen. • Nicht benötigte Dienste und Programme gar nicht erst starten. Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind. • Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen. • Port-Scan-Test. • WLAN absichern. • Sichere Passwörter vergeben. • Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren. • Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen. • Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen. • Datensicherung nicht vergessen! Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben. Freiwillige Spende |
|
|
|
|
|
|
01.06.2012, 17:33
...neu hier
 Beiträge: 2 |
#15
Hallo Zusammen,
Ich wollte jetzt nicht unbedigt ein neues Thema zu dem Problem aufmachen da es ja bereits vorhanden und scheinbar erfolgreich gelöst wurde aber habe besagten Trojaner ebenfalls auf meiner Festplatte gefunden und wollte mich mal professionell davon überzeugen lassen ob Ich ihn auch wirklich restlos losgeworden bin. Darf ich der selbigen Anleitung folgen und nach dem posten meiner Reports auf Antwort hoffen? Eigentlich setze Ich mich seit geraumer Zeit sehr häufig mit solchen Themen auseinander und war der festen überzeugung das mein System so gut es nur geht abgesichert ist gegen solche Schädlinge  Habe neben Kaspersky SS 11 noch Security Essentials, Ad-Aware, Process Hacker und Anti Browser Spy immer am laufen. Meine Programme sind alle auf dem neuesten Stand, mein System wird regelmäßig geupdatet, Ich benutze stets sichere Passwörter (die ich jede Woche wechsel) und meine Netzwerk Scans waren bisher immer Top. Wüsste auch nicht wie Ich mir dieses Ungetüm angelacht haben könnte. Hätte bitte jemand von Euch die Zeit und Güte sich meiner Sache anzunehmen? Ich wäre euch sehr Dankbar und bemühe mich auch eure kostbare Zeit nicht läger als nötig in Anspruch zu nehmen  Liebe Grüße Syn |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Vielen Dank im voraus.