Jump to content

juicy_o

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi D-FRED BROWN! Thx for your help. In the meantime I got somehow help otherwise (actually this is what I hope...). I don't know wheter all is fixed now. But I ran this roguekiller, combofix and again roguekiller.
  2. Hello everybody! I am new to this whole pc-support stuff, but because of an infection with this security shield thing I really need help. I read a lot of posts regarding this topic but somehow I still dont know what exactly I should do (the reason could be that I am not a pro on this things). So, here what I have done already: My netbook (Windows 7) is protected with Avira free. I got infected with security shield several hours ago. I run a quick scan with Malwarebytes with no success (I started it as administrator, with the right mouse button). Then I ran a full scan (again as administrator) and again with no success. Here is the log (it is german, next time it will be english): Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.23.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Juicy :: JUICY-PC [Administrator] 23.05.2012 12:51:53 mbam-log-2012-05-23 (12-51-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312929 Laufzeit: 2 Stunde(n), 43 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) So what should I do now? Thx for help! I figured out that an OTL-Report would be good. So here it comes: OTL logfile created on: 23.05.2012 16:18:31 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Juicy\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: österreich | Language: DEA | Date Format: dd.MM.yyyy 1013,42 Mb Total Physical Memory | 99,83 Mb Available Physical Memory | 9,85% Memory free 1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,58% Paging File free Paging file location(s): c:\pagefile.sys 1024 1519 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 131,99 Gb Free Space | 70,33% Space Free | Partition Type: NTFS Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,81% Space Free | Partition Type: NTFS Computer Name: JUICY-PC | User Name: Juicy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Juicy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM, Inc.) PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Program Files\3DataManager\WTGService.exe () PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0c447058de2f65f3171b8319f8fc82da\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\38c9cbb7952c95b61bbb71da4ae34132\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d37b6a5c0576b73e54e2027ea1eaf940\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\83e458608b378f731aa9012699f617b7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b0d74eb668abfab0a0b82bbc568774e0\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c15cee9d52b4b9a8eaa2f6ae331a8b41\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f489585d6cb29313a05dceac6ee1cde1\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f37a9277a565b368c4358befdce25080\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\6b97ba148f663f114bcbbfae7a2752e9\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7edca5be5fb91df4d5eb66097437f546\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\MediaMonkey\DeskPlayer.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM, Inc.) SRV - (WTGService) -- C:\Program Files\3DataManager\WTGService.exe () SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows ® Codename Longhorn DDK provider) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\..\SearchScopes\{3E68E58E-C028-4A1E-8E17-6B6D4A8A5BE8}: "URL" = http://www.google.de...q={searchTerms} IE - HKU\S-1-5-21-1759269652-438656625-1604406436-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.at" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=0726d691-f86f-4d45-be62-bd8669bee9c3&apn_ptnrs=%5EABV&apn_sauid=C42E46BB-EB87-4F27-B9E6-F985C2988826&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2011.10.14 22:18:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 22:15:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.09 10:43:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.18 19:56:45 | 000,000,000 | ---D | M] [2011.07.29 10:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juicy\AppData\Roaming\mozilla\Extensions [2012.05.04 21:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juicy\AppData\Roaming\mozilla\Firefox\Profiles\rpvrr15r.default\extensions [2011.12.29 00:51:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Juicy\AppData\Roaming\mozilla\Firefox\Profiles\rpvrr15r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.12.29 00:51:43 | 000,003,915 | ---- | M] () -- C:\Users\Juicy\AppData\Roaming\Mozilla\Firefox\Profiles\rpvrr15r.default\searchplugins\sweetim.xml [2012.02.02 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.01 15:36:14 | 000,023,197 | ---- | M] () (No name found) -- C:\USERS\JUICY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RPVRR15R.DEFAULT\EXTENSIONS\{9FB8C270-7124-11DD-AD8B-0800200C9A66}.XPI [2012.05.09 10:43:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.18 21:51:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 21:51:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.18 21:51:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 21:51:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 21:51:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 21:51:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.130.1.11 131.130.1.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943903A4-F2F5-45BA-8BA8-AF23D6AC1D82}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C475DFE7-1129-4350-914A-49A78694A7B2}: DhcpNameServer = 131.130.1.11 131.130.1.12 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2e18bb2e-b9eb-11e0-b340-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{2e18bb2e-b9eb-11e0-b340-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2e18bb47-b9eb-11e0-b340-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{2e18bb47-b9eb-11e0-b340-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{62b06759-e067-11e0-89b3-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{62b06759-e067-11e0-89b3-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8f671212-babe-11e0-8b10-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{8f671212-babe-11e0-8b10-90004eac7adf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d4b93950-b9da-11e0-af2d-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{d4b93950-b9da-11e0-af2d-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d4b93960-b9da-11e0-af2d-90004eac7adf}\Shell - "" = AutoRun O33 - MountPoints2\{d4b93960-b9da-11e0-af2d-90004eac7adf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 16:15:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Juicy\Desktop\OTL.exe [2012.05.23 12:22:26 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\Malwarebytes [2012.05.23 12:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.23 12:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.23 12:21:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.05.23 12:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.23 12:15:22 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Juicy\Desktop\mbam-setup.exe [2012.05.23 10:26:38 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{761D8A4D-174C-48FD-A636-95D1A6B1E10B} [2012.05.23 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{645D56EE-C9AD-4861-BB15-2A76B46F5BF8} [2012.05.22 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{D463B601-8B79-4BBA-9462-A516772BE417} [2012.05.22 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5BCF0B84-DDA8-45EE-8618-04B8A81F73F7} [2012.05.21 19:47:43 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{40DC2E45-2027-4432-9919-EFEC96BEB59D} [2012.05.21 19:47:31 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2C3C09C2-D58A-4AE9-A6D3-380F3A1C3654} [2012.05.21 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BA42D824-1DC9-46C6-8834-2AE42FC499EF} [2012.05.21 17:52:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5E0304DD-CEB1-41F7-AF5C-099DF88B1FED} [2012.05.20 18:56:39 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5CEA6D87-2FB9-4856-A153-FDBDE0D72D94} [2012.05.20 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{478824B3-BDC0-4DBF-B6C6-06A3EEDF9B12} [2012.05.20 10:58:54 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{065DFD12-B810-445F-9839-51246DE4C0AF} [2012.05.20 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{3D3E54A1-A3E2-4641-907C-4E3AF4F594C1} [2012.05.19 23:57:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AE15629-B652-4166-B39D-7EE8B3F9D19C} [2012.05.19 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{94FFD712-9F98-4A7C-B125-60E089717460} [2012.05.19 09:42:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{F1C7EB19-1A85-470E-B0AD-081C13E59DFD} [2012.05.19 09:42:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{66680BD6-0E0F-41EA-B203-446CBBFE20FC} [2012.05.18 11:34:28 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7C23ED49-D94C-4672-92B8-64264325A24A} [2012.05.18 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E0DA6B36-CF83-423B-A048-66056E38A556} [2012.05.17 13:04:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A8FCF420-7DB1-49A4-B2D2-E6D9FAAD849E} [2012.05.17 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{B4EC4A7D-649E-4CFC-B5F1-CAF6C530DBCD} [2012.05.16 20:04:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{AB3B9F11-B20B-4772-9BC0-5CDDCE1ACE8C} [2012.05.16 20:04:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7D833CC9-1169-48D0-89A8-96804CAF3030} [2012.05.16 09:54:49 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{1D401F21-CC78-4EBC-8ADD-37178613D744} [2012.05.16 09:54:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{73C8A819-D6B5-4832-B274-A929B2DE41FF} [2012.05.15 20:52:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C87AF449-F75A-40B5-A183-3CA0FDFA6D53} [2012.05.15 20:52:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A4C71B83-6457-4031-BF3C-F83C582B759D} [2012.05.15 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{73AF1CE3-DECD-4B4D-94E3-C4EFCF2CE2C3} [2012.05.15 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AFE5BD9-6715-4C78-A001-7203D952C5F5} [2012.05.15 09:57:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{90F16210-02A3-4FFF-AA63-439B1F4F14BB} [2012.05.15 09:57:33 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{CF304B2D-BBDE-4D6D-96AA-A8AEA74B4964} [2012.05.14 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EA487E4B-B249-4A25-84D8-FC666FB0F657} [2012.05.14 16:34:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C6D30CD2-DA36-454C-9B2E-6D9FF8DC1341} [2012.05.14 12:16:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\PDF24 [2012.05.14 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.05.14 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2012.05.14 09:57:57 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{9EBD3C77-DEF3-487C-930D-D7DAA1203547} [2012.05.14 09:57:41 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{036151DE-167C-4219-82C8-82C7C8365D8D} [2012.05.14 09:33:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\Avira [2012.05.14 09:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.14 09:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.05.14 09:25:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012.05.14 09:25:08 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012.05.14 09:25:08 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012.05.14 09:25:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012.05.14 09:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.14 09:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.05.14 08:40:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BCDEE16A-3342-42A8-BDFA-33A8A1F41BE0} [2012.05.14 08:40:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BD0F79EB-208D-498E-8463-9C827FD63A96} [2012.05.13 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Roaming\OpenOffice.org [2012.05.13 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\Juicy\Desktop\DA [2012.05.13 22:46:21 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.05.13 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.05.13 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Juicy\Desktop\OpenOffice.org 3.4 (de) Installation Files [2012.05.13 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7538AB63-3F70-473E-9370-FD3ED7EFFCC8} [2012.05.13 22:02:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6D5C176D-A458-4CA7-AD84-59332D568504} [2012.05.12 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{0BA23DBE-1E54-425E-B783-712AFE5530E9} [2012.05.12 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{511CC2D9-C3CF-44C1-90EE-C9100285B397} [2012.05.12 21:31:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2012.05.12 21:31:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2012.05.12 21:31:18 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.05.12 21:28:37 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2012.05.12 18:04:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{BB233904-A98D-4ECB-A848-370FB278DFC9} [2012.05.12 18:04:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{779EE5A7-EA7D-4A04-B061-B412BB8F8010} [2012.05.12 08:25:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{FCAD2301-8FAE-4456-ABB5-C4A2D2363D07} [2012.05.12 08:25:31 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{27636C95-2F4C-491F-86BE-59D1260D99D3} [2012.05.10 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2FB005A9-39CD-4C8E-9DC2-B78AE3505E90} [2012.05.10 10:26:58 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7875E59D-06BF-4249-8548-31423F6C3263} [2012.05.09 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7DFDAB60-6A16-4941-A122-729CB4AFFE57} [2012.05.09 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{3740C04E-5F3F-4488-9953-72CA9F0DDAA5} [2012.05.09 14:53:04 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E1630A6C-3BB8-498B-A1EB-02A339E92205} [2012.05.09 10:47:09 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{B39567BC-EEB8-47EE-803C-D790D500C8DA} [2012.05.09 10:46:57 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6A6F5925-6626-4B70-99A3-DDC7B6CD5A05} [2012.05.09 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.09 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.08 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{1B4ADE25-577B-4E46-9F5E-F2E7A12E40DB} [2012.05.08 12:23:14 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6D5AAB65-A397-44AC-B548-B5562DC071B9} [2012.05.07 19:11:07 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EC841E14-241F-4D8E-9C23-C4B99E1A41B0} [2012.05.07 19:11:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{5E01F8A2-FAB4-48BF-8262-2B57CECC2809} [2012.05.06 11:38:55 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{607B453D-3AA9-4704-A40D-D9F5DFF749EC} [2012.05.06 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{EE9A4693-D22C-4FF8-A68F-92ADB049173A} [2012.05.05 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{6A981DAC-46C6-4BFD-A1CE-4CB329AF18A4} [2012.05.05 19:24:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7CAFE791-1EFE-4F8F-8877-DD2DC99BF5CC} [2012.05.04 23:54:42 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7945C470-0D83-4E55-B1C0-7FC1A5AA0052} [2012.05.04 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{895EE7CE-B592-4F77-A7F8-7C23833687A5} [2012.05.01 21:48:18 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{87584406-CAFE-4AD0-A874-A9FE3ECD83E6} [2012.05.01 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{38CF1645-3C3F-4BCB-866A-E262E8168D33} [2012.05.01 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{9F46CDEC-BFC3-4357-97CB-71DE6B91216A} [2012.05.01 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{706F7244-1100-4D56-A37D-769DA77E6F65} [2012.05.01 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{F4480541-9663-4EB0-AAA5-85042CAECFD1} [2012.05.01 15:29:33 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{197C2AC1-4ADC-4584-98A2-3DCD791D6936} [2012.05.01 09:46:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{8E982E04-F587-4B12-B955-A736793D7AC2} [2012.05.01 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{8166861F-3579-4478-B832-B897750E78D1} [2012.04.30 19:42:44 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{E155EC7F-7E30-42F3-AA74-7F7B1E47810D} [2012.04.30 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{47C314F8-9CAD-41BA-95D0-BB0BA1109A84} [2012.04.30 14:24:50 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2AFAE94C-23C3-4B6F-BBFD-C31D4E211854} [2012.04.30 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{586BE1ED-1D4F-46B5-991E-ABAFBF2D8155} [2012.04.30 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{D1E7B34B-03DD-43BE-BE46-0E88E6BCA5FC} [2012.04.30 10:08:46 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{C75A87A3-B8E8-4E60-A359-2CB6529EE6CF} [2012.04.30 10:08:34 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{2F9B6FAB-D5C0-44F7-97A7-6CF7E14EDE7F} [2012.04.29 15:57:54 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{A639543D-2B27-420A-8C2C-59BE064FD4DD} [2012.04.29 12:23:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.04.29 12:23:20 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.04.29 12:23:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.04.29 12:23:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.04.29 12:23:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.04.29 12:23:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.04.29 12:00:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll [2012.04.29 12:00:40 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2012.04.29 12:00:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe [2012.04.29 12:00:39 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2012.04.29 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\Juicy\AppData\Local\{7780A144-ACFC-49FC-8A8C-63DA7A632054} [5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\Juicy\Desktop\*.tmp files -> C:\Users\Juicy\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.23 16:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Juicy\Desktop\OTL.exe [2012.05.23 16:02:08 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.05.23 12:28:17 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 12:28:17 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 12:25:36 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.05.23 12:25:36 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.05.23 12:25:36 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.05.23 12:25:36 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.05.23 12:21:54 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.05.23 12:19:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.05.23 12:19:10 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys [2012.05.23 12:15:46 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Juicy\Desktop\mbam-setup.exe [2012.05.23 11:20:17 | 000,376,320 | ---- | M] () -- C:\Users\Juicy\AppData\Local\rskddtc.exe [2012.05.14 12:15:39 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.05.14 12:15:38 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.05.14 09:26:09 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.14 08:36:21 | 000,298,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.05.13 23:11:28 | 000,007,605 | ---- | M] () -- C:\Users\Juicy\AppData\Local\resmon.resmoncfg [2012.05.13 22:46:25 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\Juicy\Desktop\*.tmp files -> C:\Users\Juicy\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.23 12:21:54 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.05.23 11:20:17 | 000,376,320 | ---- | C] () -- C:\Users\Juicy\AppData\Local\rskddtc.exe [2012.05.14 12:15:39 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.05.14 12:15:38 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.05.14 09:26:09 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.13 23:10:23 | 000,007,605 | ---- | C] () -- C:\Users\Juicy\AppData\Local\resmon.resmoncfg [2012.05.13 22:46:25 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2011.10.20 23:49:22 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2011.07.30 00:31:38 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml [2011.07.29 10:52:59 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll [2011.07.29 10:52:59 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe [2011.03.24 10:34:41 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat [2011.03.24 10:34:41 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2011.03.24 10:34:41 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat [2011.03.24 10:34:41 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2011.03.24 04:23:32 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll [2011.03.24 04:02:24 | 001,410,400 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll [2011.03.24 04:02:24 | 000,660,832 | ---- | C] () -- C:\windows\System32\EncIcons.dll [2011.03.24 04:02:24 | 000,513,376 | ---- | C] () -- C:\windows\System32\SimpleExt.dll [2011.03.24 04:02:23 | 002,110,816 | ---- | C] () -- C:\windows\System32\Apblend.dll [2011.03.24 04:02:23 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll [2011.03.24 04:02:04 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll [2011.03.24 03:52:39 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini [2011.03.24 03:51:13 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2011.03.24 03:48:12 | 000,001,448 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat ========== LOP Check ========== [2011.12.01 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\3DataManager [2011.07.29 11:40:06 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\ArcSyncConfig [2011.08.18 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Audacity [2011.10.25 09:38:59 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\FileZilla [2012.05.13 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\OpenOffice.org [2011.10.14 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Program Files [2012.05.23 11:52:26 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\SoftGrid Client [2011.07.28 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\TP [2011.07.30 13:59:58 | 000,000,000 | ---D | M] -- C:\Users\Juicy\AppData\Roaming\Windows Live Writer [2012.05.19 09:37:21 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Thx for any help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.