| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner infiziert mit Win32Spy.Zbot TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
30.12.2011, 16:22
| #1 |
 |  Rechner infiziert mit Win32Spy.Zbot Trojaner Hallo liebe Gemeinde, mein ESET meldet mir mein Arbeitsspeicher wäre mit dem oben genannten Virus befallen und ESET kann diese Infektion nicht säubern. Habe anscheinend einen E-Mail Anhang geöffnet der als Bild getarnt über eine Anwendung ins System geschleust hat. Das System ist nun ultra langsam, Internet Explorer und ähnliches hängt sich auf. Bitte um eure Hilfe welche Schritte ich gehen muss um diesen Virus zu entfernen ! |
|
30.12.2011, 17:01
| #2 |
| /// Malwareteam    | Rechner infiziert mit Win32Spy.Zbot Trojaner Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
30.12.2011, 17:13
| #3 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner Super Danke !
__________________Kurzer Hinweiss noch ! Habe eine ESET Rescue Disc durchlaufen lassen ,da findet er keine Infektion. Sobald Windows wieder normal startet, meldet ESET die Datei taskhost.exe als infiziert. Das System ist dann sofort wieder sau langsam und nicht vernünftig bedienbar. |
|
30.12.2011, 17:31
| #4 |
| /// Malwareteam | Rechner infiziert mit Win32Spy.Zbot Trojaner Hallo AlexCSH, bitte folgenden Link beachten! http://www.trojaner-board.de/69886-a...-beachten.html Gruß
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.12.2011, 19:50
| #5 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner so habe die drei anwendungen durch laufen lassen, der pc ist im moment wieder steuerbar.. die olt.txt war zu groß deshalb hänge ich sie an..OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.12.2011 18:51:49 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Media\Desktop\Trojaner Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,44% Memory free 6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 38,98 Gb Free Space | 39,95% Space Free | Partition Type: NTFS Drive D: | 833,86 Gb Total Space | 344,30 Gb Free Space | 41,29% Space Free | Partition Type: NTFS Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\Trojaner\OTL.exe PRC - [2011.08.01 13:02:18 | 000,351,952 | ---- | M] (Binnerup Consult) -- C:\Programme\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe PRC - [2011.01.12 15:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\TFEngine\TFService.exe PRC - [2010.01.18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsTray.exe PRC - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsSvc.exe PRC - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsAuxs.exe PRC - [2009.12.06 22:13:16 | 000,397,312 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2009.08.01 02:06:25 | 000,155,648 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2009.06.20 00:31:39 | 000,651,264 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2009.04.09 02:49:30 | 000,344,064 | ---- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.02.21 09:26:20 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2008.02.21 09:26:20 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2011.12.30 17:14:08 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll MOD - [2011.12.30 11:05:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ea98cad4cea9ac78db91e6c66a6cbf3\System.Web.Services.ni.dll MOD - [2011.12.30 11:05:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 20:49:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 20:48:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll MOD - [2011.10.14 20:48:55 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll MOD - [2011.10.14 20:48:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll MOD - [2011.10.14 20:48:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 20:48:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 20:48:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 20:48:30 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 20:48:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.14 20:21:10 | 001,941,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.08.01 02:06:25 | 000,155,648 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.13 12:33:06 | 000,126,464 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe -- (Installer Service) SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.12 15:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire) SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.12.06 22:13:16 | 000,397,312 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.09 02:49:30 | 000,344,064 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.02.21 09:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.05.06 21:59:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.05.05 17:27:44 | 000,838,912 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S) DRV - [2010.12.21 14:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010.12.21 14:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.12.21 12:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2010.12.21 12:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2010.12.21 12:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg) DRV - [2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2010.02.02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2010.02.02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010.02.02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.09.15 13:27:24 | 000,641,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAVF2.sys -- (AVerAVF2) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.14 09:26:24 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2008.07.14 09:02:00 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.08.03 04:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 23 96 C3 16 0B CC 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 20:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 20:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.05 20:39:30 | 000,000,000 | ---D | M] [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.12.30 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions [2011.12.26 14:39:54 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.12.30 12:18:43 | 000,000,933 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\11-suche.xml [2011.12.30 12:18:44 | 000,002,419 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\englische-ergebnisse.xml [2011.12.30 12:18:43 | 000,010,525 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\gmx-suche.xml [2011.12.30 12:18:44 | 000,002,457 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\lastminute.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\startsear.xml [2011.12.30 12:18:43 | 000,005,508 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\webde-suche.xml [2011.06.08 22:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.10.04 18:42:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [{07855E74-58D4-C82E-731B-555E718499FC}] C:\Users\Media\AppData\Roaming\Fywab\ataxp.exe () O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E365FBB-8B8F-44A2-9710-01B6CAAE05F0}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE1D2C4-5339-42DF-BA1D-5E58F61C0C7C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d6398da0-92be-11e0-86f3-001dba192b71}\Shell - "" = AutoRun O33 - MountPoints2\{d6398da0-92be-11e0-86f3-001dba192b71}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.30 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Trojaner [2011.12.30 12:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.30 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.30 11:51:44 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys [2011.12.30 11:51:44 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys [2011.12.30 11:51:44 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys [2011.12.30 11:50:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.12.30 11:50:13 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.12.30 11:50:08 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.12.30 11:50:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.12.30 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor [2011.12.30 11:50:02 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\PC Tools [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.12.30 11:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 11:47:43 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Downloads [2011.12.30 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\GetRightToGo [2011.12.30 11:13:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.30 11:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.12.30 10:59:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.30 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.30 10:51:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.30 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Maax [2011.12.30 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Fywab [2011.12.30 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\vlc [2011.12.30 09:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.29 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\UseNeXT [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.22 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.22 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.22 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.21 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\maxdome - Online Videothek [2011.12.21 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\BILD [2011.12.04 21:18:37 | 000,000,000 | R--D | C] -- C:\Users\Media\Dropbox [2011.12.04 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.12.04 21:17:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Dropbox [2011.06.02 20:34:35 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Media\AppData\Roaming\SetupGFD.exe [2011.06.02 20:33:20 | 005,243,208 | ---- | C] ( ) -- C:\Users\Media\AppData\Roaming\AvsP.exe [2011.06.02 20:33:04 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Media\AppData\Roaming\ffdshow.exe [2011.06.02 20:33:00 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Media\AppData\Roaming\xvid.exe [2011.06.02 20:32:22 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Media\AppData\Roaming\Imgburn.exe [2011.06.02 20:32:00 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Media\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2011.12.30 18:50:41 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 18:50:41 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 18:45:41 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2011.12.30 18:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.30 18:45:21 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 17:57:12 | 000,000,156 | ---- | M] () -- C:\Users\Media\defogger_reenable [2011.12.30 12:29:46 | 000,038,986 | ---- | M] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 12:28:30 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.30 11:50:04 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.12.30 11:07:06 | 000,001,226 | ---- | M] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:57:16 | 000,700,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 10:57:16 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 10:57:16 | 000,147,322 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.30 10:57:16 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 10:51:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 10:03:22 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2011.12.30 09:15:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:07 | 000,962,160 | ---- | M] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.22 15:34:18 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.22 09:49:30 | 000,001,813 | ---- | M] () -- C:\Users\Media\Desktop\UseNeXT.lnk [2011.12.15 07:28:38 | 000,507,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.07 20:53:01 | 000,001,008 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.07 20:53:00 | 000,001,028 | ---- | M] () -- C:\Users\Media\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2011.12.30 17:57:10 | 000,000,156 | ---- | C] () -- C:\Users\Media\defogger_reenable [2011.12.30 12:29:40 | 000,038,986 | ---- | C] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 12:28:30 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.30 11:50:13 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2011.12.30 11:50:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2011.12.30 11:50:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2011.12.30 11:50:04 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.12.30 11:50:02 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2011.12.30 11:07:06 | 000,001,226 | ---- | C] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:51:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 09:15:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:06 | 000,962,160 | ---- | C] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.22 15:34:18 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.04 21:18:37 | 000,001,028 | ---- | C] () -- C:\Users\Media\Desktop\Dropbox.lnk [2011.12.04 21:18:01 | 000,001,008 | ---- | C] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.11.06 10:28:06 | 000,003,584 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.02 20:40:27 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2011.05.06 22:41:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.06 22:38:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.05 22:26:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.05.05 13:42:41 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2011.05.05 13:30:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2011.05.05 13:30:59 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2011.05.05 13:30:58 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2011.05.05 13:30:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2011.05.05 13:30:58 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2011.05.05 13:30:58 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2011.05.05 13:30:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2011.05.05 13:03:49 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2009.07.14 09:47:43 | 000,700,636 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,322 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,507,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,662,518 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,123,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2003.02.27 09:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll ========== LOP Check ========== [2011.12.28 11:19:09 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH [2011.06.17 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\becker [2011.12.30 12:29:08 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DAEMON Tools Lite [2011.07.17 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DeepBurner [2011.12.30 18:46:00 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Dropbox [2011.05.05 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ESET [2011.12.30 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Fywab [2011.12.30 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GetRightToGo [2011.05.05 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GHISLER [2011.12.30 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Maax [2011.07.17 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MAGIX [2011.12.30 10:47:25 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\UseNeXT [2011.10.28 18:40:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.30 11:13:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.12.30 12:04:55 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.05 12:44:57 | 000,000,000 | ---D | M] -- C:\Install [2011.05.05 12:50:56 | 000,000,000 | ---D | M] -- C:\Intel [2011.06.07 13:49:05 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.30 12:28:29 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.30 11:49:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.30 18:55:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.11 21:28:47 | 000,000,000 | R--D | M] -- C:\Users [2011.12.30 17:50:02 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys [2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys [2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys [2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys [2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-30 10:04:47 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
30.12.2011, 20:35
| #6 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner Wie geht es jetzt weiter? |
|
30.12.2011, 22:59
| #7 |
| /// Malwareteam | Rechner infiziert mit Win32Spy.Zbot Trojaner Hallo und Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.12.2011, 23:38
| #8 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner Bitte schön Combofix Logfile: Code:
ATTFilter ComboFix 11-12-30.02 - Media 30.12.2011 23:23:48.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3070.1794 [GMT 1:00]
ausgeführt von:: c:\users\Media\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mazuki.dll
c:\users\Media\AppData\Roaming\Fywab\ataxp.exe
c:\users\Media\AppData\Roaming\ImgBurn.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-30 ))))))))))))))))))))))))))))))
.
.
2011-12-30 22:28 . 2011-12-30 22:29 -------- d-----w- c:\users\Media\AppData\Local\temp
2011-12-30 22:28 . 2011-12-30 22:28 -------- d-----w- c:\users\Mcx1-MEDIACENTER.Mediacenter\AppData\Local\temp
2011-12-30 22:28 . 2011-12-30 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 22:18 . 2011-12-30 22:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E803C3E-3EE1-484E-AB0B-5B432FDD92E9}\offreg.dll
2011-12-30 11:28 . 2011-12-30 11:28 -------- d-----w- c:\program files\CCleaner
2011-12-30 10:49 . 2011-12-30 21:19 -------- d-----w- c:\program files\Spyware Doctor
2011-12-30 10:49 . 2011-12-30 18:15 -------- d-----w- c:\programdata\PC Tools
2011-12-30 10:47 . 2011-12-30 10:49 -------- d-----w- c:\users\Media\AppData\Roaming\GetRightToGo
2011-12-30 10:07 . 2011-12-30 11:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-30 10:07 . 2011-12-30 10:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-30 09:51 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 09:45 . 2011-12-30 22:17 -------- d-----w- c:\users\Media\AppData\Roaming\Fywab
2011-12-30 09:45 . 2011-12-30 21:30 -------- d-----w- c:\users\Media\AppData\Roaming\Maax
2011-12-30 08:15 . 2011-12-30 08:16 -------- d-----w- c:\users\Media\AppData\Roaming\vlc
2011-12-30 06:52 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E803C3E-3EE1-484E-AB0B-5B432FDD92E9}\mpengine.dll
2011-12-28 10:19 . 2011-12-28 10:19 -------- d-----w- c:\program files\1und1Softwareaktualisierung
2011-12-28 10:19 . 2011-12-28 10:19 -------- d-----w- c:\programdata\UUdb
2011-12-28 10:19 . 2011-12-28 10:19 -------- d-----w- c:\program files\WEB.DE Toolbar
2011-12-28 10:19 . 2011-12-28 10:19 -------- d-----w- c:\users\Media\AppData\Roaming\1&1 Mail & Media GmbH
2011-12-22 14:33 . 2011-12-22 14:33 -------- d-----w- c:\program files\iPod
2011-12-22 14:33 . 2011-12-22 14:34 -------- d-----w- c:\program files\iTunes
2011-12-21 12:22 . 2011-12-21 12:22 -------- d-----w- c:\program files\maxdome - Online Videothek
2011-12-21 12:21 . 2011-12-21 12:21 -------- d-----w- c:\program files\BILD
2011-12-14 19:03 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 19:03 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:03 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:03 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 19:03 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-04 20:18 . 2011-12-30 22:18 -------- d-----r- c:\users\Media\Dropbox
2011-12-04 20:17 . 2011-12-30 22:18 -------- d-----w- c:\users\Media\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 17:49 . 2011-08-24 14:28 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-28 17:49 . 2011-08-24 14:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-28 17:49 . 2011-05-05 18:55 1248080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 17:56 . 2011-05-21 23:46 1248080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-07 20:36 . 2011-05-05 18:55 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-07 20:36 . 2011-05-05 18:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-14 19:36 . 2011-05-13 13:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-04 17:42 . 2011-06-08 21:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12 1600616 ----a-w- c:\program files\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-07-14 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-14 88608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-5 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-5-5 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-02-21 08:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2009-09-15 641152]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe [2011-11-13 126464]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-09 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-06 397312]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2011-05-05 838912]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-07-14 818688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/tb/ie_startpage
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll
FF - ProfilePath - c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
HKCU-Run-{07855E74-58D4-C82E-731B-555E718499FC} - c:\users\Media\AppData\Roaming\Fywab\ataxp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-30 23:30:47
ComboFix-quarantined-files.txt 2011-12-30 22:30
.
Vor Suchlauf: 7 Verzeichnis(se), 41.818.238.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 41.376.641.024 Bytes frei
.
- - End Of File - - B01E9132EE86BD2658C934EABFADB966
Geändert von Larusso (31.12.2011 um 00:14 Uhr) |
|
02.01.2012, 23:21
| #9 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner Nachdem das mit dem Doppel Post jetzt geklärt ist , wie machen wir weiter ? |
|
03.01.2012, 13:03
| #10 |
| /// Malwareteam | Rechner infiziert mit Win32Spy.Zbot Trojaner F-Secure Onlinescanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten. Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.01.2012, 10:09
| #11 |
| | Rechner infiziert mit Win32Spy.Zbot TrojanerCode:
ATTFilter Scanbericht
Mittwoch, Januar 4, 2012 08:40:59 - 10:01:37
Name des Computers: MEDIACENTER
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ D:\
--------------------------------------------------------------------------------
Keine Malware gefunden
--------------------------------------------------------------------------------
Statistik
Gescannt:
Dateien: 382340
System: 15357
Nicht gescannt: 443
Aktionen:
Desinfiziert: 0
Umbenannt: 0
Gelöscht: 0
Nicht bereinigt: 0
Übermittelt: 0
Nicht gescannte Dateien:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
C:\Windows\Installer\44accf8.msi\stream 13\recipes_new.zip1371\recipes_new.xml
C:\Windows\Downloaded Installations\{D020F65E-6889-4144-BBD6-FFB0A68087DC}\FlexPoints 2.01.msi\stream 13\recipes_new.zip1371\recipes_new.xml
C:\USERS\MEDIA\NTUSER.DAT
C:\USERS\MEDIA\NTUSER.DAT.LOG1
C:\USERS\MEDIA\NTUSER.DAT.LOG2
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FML7D94.TMP
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FMLD743.TMP
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FMLD81C.TMP
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{740E5BF8-3560-11E1-9842-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{594FEF25-35DE-11E1-BB5A-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{43327CB2-36A4-11E1-8936-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCK
C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023502C5B6F684E3C128BC7EF31DF70_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\007EFE5FB8C1CC0039A47737F6BA0F5C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00C16FE388F6BE4D4A1ABE4C4478CA6D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01834EC499003177DCECD36DF7AAD04E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\024D428060FF3FA407A4F559EC72FDBF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031ED13248068FE7061DB89B9AA5F345_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04D811BA7CA79DF6522297FDA77E6009_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05E4C9984357E8644F814EE21FA9F513_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0685AF167AA5DBBA3469028C71C377BC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06806F6B225C0F8001B08B7751F137F1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07BC7647CF4EA5E9CCD29FA428A2089B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B164E7FCE1DF6967E27B611185688A6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0891AF6420AF6CB24AE92B9541BA6468_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08D2F70DED5B3703F4CBBF8BC20506F3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0938EED99A5D9051F90E89ADCB48B8B7_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B664E15D0D7A5D1D6ECD8E03D23AFDA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C9AA3BA9F42F4B2C15D5328E02F56C6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B7377853D06F3A9607F148BCA2A3FAA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BC66D4DBFD25895BFAADD6D5AF11786_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EC80DF94A3C313A4F867E0DC119ADE2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\114BAB30CA5546D8FF986D43CA7BAF38_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\121D2119E2067C962ABCBAF530F6A8CE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14EF11DF38F4E0341BEE47A3C3878752_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1172908FAE399F339D6B3B95BBFCACE6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16E081CAC8281D7BDBD6ABA05E64F869_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16B6B7189F527A26036B980E01D714B9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1545223539B343836782DF77AA327EB8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1705F23A8EF0559534C850701D0633F2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17D7262638AEBC47AF300BA6FEA49A6E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1848FB353BCAE6556E26DBE71EBF7C71_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19379208CCD404C8382E556096FB2A54_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A51D88D46D7113241080BA38D921E41_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A28308EC91A15CF07DA0DAB6D89AE3A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BA1EE4E90CE10810D21E03A581C1DAF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18F2066FED09B102C58C57B8B6626B1E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD9163A1156B574FA899EC61DBE80B3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E5C951347DE833AE502C08587D1EA7C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F5D496AED6857F209A9480457F18FBD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C2E1F1E050932DFCA98D930251596CE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E6D6C8D31A2BC8C63372AF2C096AAB4_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\203F9393F6C76EEA1D2D1BC0651F7790_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20EEC83C8F52FB1F29717A6029B918EC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F66722BDB0DA6F04262D9817B08408F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EC0827E9F453534946216D4FEB1B05F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21158D41A7B34F2C2161ABC3C5A4C97D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FEF99C83658D41559EA1C4FC86697AA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24996AE2E50F8C01AE65B23B8558AB8E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24A2E8B41D8DF4BE1E5FC7429F9389C9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24261E8F48A0F3C559C41C442CAB356C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22994F3F905C75EAF25D6CBFEE0B6CA0_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\257A3B3FB762DB4E1BD6E6D69C9E1854_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B411345021645239F96C98FB40DD0E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24CC51D59545BA20C69373C35BF6B296_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26435A015937CF954226104F54771770_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21F81C3C4FB02C51060E40495D9E6868_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\261E5D8386C1926E6FA5EE618838266D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2629EC8DE221EB527728E6F547400850_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\268CC978552AE25E0DB1B4748583DDEA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29AD3963905635AFE1CF73EAB56DC629_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29BAA64441EF89D59382E0D72F99694B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AEB42C3DFA7C01F7CC4C69286F6583D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DA2132729A48B04FC325AAA404003AD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CCDCCD7F493B78A17DEC2E4E44F07B8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B925C79868AC97B14CA949D79E51BBB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F8C85942C15310AE648153503F2B71D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E9DA5CF1B7EDBCA1A0988803014664D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\288DDB25AF09407EF9A15D2FC619C384_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3005306BC8E67850E71F01963E88AECD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\319914C19752C6B9CFE461F37B269800_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\316E1AF448E954B609E2386AFF9F1B3F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F59A438915BC5379D5BE9CF33326BCA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3374A0A9CB07906B3A21F86C22FE9BC6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3216CBCD2E14DE0F958E73F66CE71953_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31914FAE47A8D5B15B141AEB9AF303E5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\378D1C5104AE848281AF6D896CB464B9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3649FC8BE2092DB33BA2DC1312F3B8AD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37BE7992666E46E6B39E0AECEC02FC1E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\377EFD4E559670DE2CC92D2681D4104E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35ED0919114E3D80044286D21A650553_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38174C985A75EDBFB8B0962F692F3832_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C4A0F4EC5DC9B2DE81C403FD1ECAF46_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38ACABB28BF2703DDA9BC3F1457FEC79_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CF336C6EFF62DADD0F444C5443AD3B1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AFFC14E6AC3C2F354AA9CBEF62F548_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\433623684B0FA746C9E83F541FA975BF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E4EC224803DDB37C0D8F3BF70BAFE06_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CD0BCD6C6FAF06DB8F6F0A4A83C5C43_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C511D5F564076DC0A839D811FB73271_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43C5AC24D07401CECA894FFA3AB5F6BE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F00198B711C4F1CA04DC3D0E5D85873_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44A05B078920A71ED2CAC4FAE974FA52_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4497A9855808E78B33D02C8BC1E66C06_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\454DBEA226D43F915D9FA5E32FA0A352_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\464D1B013F0B82A44F9B2F37EB2C8A97_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\472427CD667E1CCCCCF299FF924EA818_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47417C496EB1FF654E512610911DCE45_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47F435A26EB948B42972439CFBAAB99D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49ECD5F5A1EC0898F8D4058F043FA647_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\491C66F232BFFA668C3000881D75ECCD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4704BC3808A56A6C8708F1C7A73CDD65_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BB5701A8E4E65999EED6299AAE02ED2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C47F44D7813DE4C80E6E69FB8ABD112_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EB5ABD45605C49DCD0162B7C3D50A8C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5009195D2E14F68354A7CCFF7D585E53_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D7303E0AA9FFD4206486B95ABF73648_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\507BF0205F595AC03AE93781500CF772_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C6B619836537488285A9BFC0FC17A2E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49C06548B9AFC3FAA5C8A637CFFD6BCD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\510EF9BB1089690DA0869A8C4CB0CA86_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51A394384463C949166FA9E8E5DFAD27_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51D966866CA4D086A9F14E229B2FF278_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\503ABBE960DBF090E6D3482D829C54A4_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52D97F323F5ED08EA9D1AFA36D11A653_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\520235DA6F272631E8C5EF87B93B9146_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\527FDEC73AE26DF09807CA0CC33F0226_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\536F702F4B91BC5B7F1CCFB45CB9C869_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50C2380480504CFD9954AD8EFA419E65_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5304604DF9AC14EA2E0ECCBF3D7BFCFB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54C110AD5F6C97D5E7FAD8C2065DE6A8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\541F1CDF171B84583212A4396862C509_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54910495680AA88416AC620C369FE061_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FDAC08BF62EBAC00F9DBD0360BA747_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\553669DA192E46A6D2573259AE460BB4_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\557295817BE59744F3E7756CDC30D91E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F4BB6431E4954B9D48E357D3CBF77B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55CFB8EB961E39F9F3BE6BE414D367CE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58DAD3A9A759804AF38B0122641A4D1C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\563789EAA41C4A08226F1708EAF37F99_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\589441C0CFDE183C7B41BAA359B653DE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5900726225D8361029A1C95E3A4EC0A1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5873F83468C4B642851CF056BDAE58EE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\591040C9DFAEAF00EE5D15ABBD1CB4BE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59EB6A8A330A5A7DFD5F33B644E35915_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B22372FBB9AEA88FD75EDE9374A4C9C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A15B10DC627F0226F723DA93D54EF58_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A6B7A0B165E2757342AF3AF6FA3E9FF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A432BC4BB133F9D4843E67F8175BAFB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DECA0E5722F592FA0AD7CFC502D7A14_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D04D07ACE2A421DDB14D2638D1780B5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EA98C49CA34FD6912251356755B739C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C97662B3E1DFCDF9815CEFC37CBBFA8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C0BAC658D5971573EFFD485B6B7981E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E6D203684476EFB38117F1BC2E665A5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F256A7889D38DE6A3B4FE7C4AD5E145_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F92AEBCD7DA829B3F9C42CD456F5B60_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\608DE29CE8C165BFAA4B5CC643DA8102_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F2B82F17EB6A1A786E4C284E1324006_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F9C6C676D494F632D184CFFF49872D8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6092B1A1DB98CC142863AE076CCEAE69_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60E2FC61507A9F5C7169B70E2B44B324_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\614E3E3E5E14B04E6C829421BADD6D5B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\634DB15406F82C0C4E5C0E4A1D8B59AB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63222E36E626331C4510FB50C5D19E60_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\622C98742BF31911B6CC952421748A9F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63006E029EDED468555A4681D8E7E0CD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6428EAE7987A1F84A55BDFFD6430163C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64A6C78B6772BB47FACDFFE5C7B2CC67_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\651D37026E35EB4DE7FBAABD5607AF69_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6653A9292330359EDBAEE2447F9C4504_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\666D7A1F3903EA288C9402C43E37109F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67DC7A525F3E594C529C6E0B85356773_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69B208D12CB7C1712A845E77AF2E2730_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6823F70F80A7BDA85AC17B48ECFA832F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\687A96DAE88B6C872931BBA6ED01B4FE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D2A5B9747AC2D0B26D9F479374035D3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C5519F1106593AA9BAF0EBD37183102_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EB711B8AA6A9218808F0065A2E5E41B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68831FA9FE2676BD00ADE25C257A3C66_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CED64014CCAE4E10294682CD65AD81A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70F6686B4449528F89478D396DCAABCF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FCAD62C28C5A3628CA621166A69EA1D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\700270F1E4066FF2CC70E6612BC94727_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70728053AE360686382674B705B98312_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72C01D2F1DE5678EEFD897AD1A9287ED_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71CB488A0D6454C32136A662885EAA59_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71FABC7E374E7F07A88B380CF7BE8B6B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7317E34376B12C4C6674B9790D536BCD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7513B4F8DCBF198BB2BF6CD428CC71BC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76656C80AAEAFE0E6DBE70AFF4A5F50F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75797778734731DF627B22505DE62B60_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71C8A78D632C9892F1DEED74F13BF73C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7881C86D06D52D7D4FDE22FBFDFB4033_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79D2A46E9A4906B5A1FDE2DA6192423A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\787C02DBCDAF080AEB8322C03ED0E673_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\792BE3B386145BF77B184078C664FB1D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CE32DBD8AFA8FF844651BF8E3CC1D21_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6D0C4141BD6C0586E04B16EBAD189E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BEFDAF8D90CCF6BBCDFD4C74EBA9CBF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E560EE816F4678AA9250D9EFC66EB48_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8008C0BC90A109F3738A8E82AA299711_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8066FCB5B50AD5E09BC07469CEE72ED8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80EC192F7B61F5435EB88A5B450B8847_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F55EB63524304AA184DD466CC18C77D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7DE1237803F3E1FD3F9C8514921C262C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\831866EDA2A79605B9A76B7E957E6F97_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81F118B1F92F264B17378F0BDF6BA959_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85CF6C25AF28973CB08B91BA2208CABA_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\847CDE12E4A23B1B7251BAE016B39F73_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8657822C0FFFC5A8A628BA7E253FFAD2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86D968DF922F7684D53773EBB02D2146_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D64C1E8026301F3C131B70D1D27FCD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\877BB7259BAAD22F4E34C1F092FBD3E2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\884388CBE3BA80BB0CE60ACD7E2833A4_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8857229FBB3AD896B652CD0378057006_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89591AB259015B92D42349203CF173FE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89D6065C9F478F878F01D12293F2D20D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81FED3864DE0988142C4A75FB4435C04_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88EBB7CDE17104D6BE0BA74E6617A4DE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B4B8405C6FB3E932EF23AC1BB9DEE4E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88B072B061E2AD8E396565565E39CD25_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D1A0BE8DFD0C3294F00AC01FBCE8CB6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F7DB73EC05DE9D0693505964CA592B9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F042090BC6C516170A7B538DD07A9B1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DF04589549115DC992BF2230F2E14F2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9186613F88A2343F03874073612868AB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92BAEFCE146C143A81F9702394FED214_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9190444EE273D56F572A6467290A7E87_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C7BF51E95FFE1DF83E87455DEE10B5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\929D379D21A04E621921EEEE3445852D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92D6A96D4B528D1FBA96F4A40D7901B9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\917DB4D922476F237CD502B5EC448612_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95236C6F722C2346EDB27206D53238B7_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92F2C7D6F6BB4189C974E7F7EA83C3EC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94BED5FBEBFC45A2F42C9A8DB9EB2D26_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94626E70B041512B4BBEE1835F67ABFC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\954C10D30E77F1DB907E50301741D081_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9936E46846C36E2E6AFAC6D71F29988C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96518874E8FFBCFEE2EDF02ADFBC9C5D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B4B9328523D6DDFABA997CAC6792081_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97FBAA23684C6848D9653F3272676077_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C2A8EAF6AF29FA68C41696CEEDA9617_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EB5C6E6A22FF15AAA518FE190F9E09_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ADEAE8C69C9DC408EEF17019AB66FEC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B97C30D7B8EC8CCD24D5E854298F608_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EB126DC2245599EA03E7EF918E0229E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E17FA1751A2753B4AC05568F36074B8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CC29F8B9F34F4EC28A8079FE85C84ED_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EE0BC84016AFD63086D17ED7635EAC8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C91428CB43FE4B16892BF9EF9110910_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A13F197433BD8587DD7622912C311D65_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2271C9D77CC9D47089532E6508EE970_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A00B84686F1C755DF8B8E6840D446E65_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4264C44192C660F7EC47B07BDD1B08F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A54CB07C9CA051F8B8C75F82324A4BD9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5405558F33499608E1D9851BCD05200_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5889316152028506E801D33A5E7ADBC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A22E54E65ADC107B48673607C2E2AAD9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A68EBBE0D59B887F0101C0C251E01D48_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A653CD20BB53A92862958C1D0CA017DB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7BA1F2C00AFFB5A14A3F4EB6A22D444_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB6D306E2A29DDE3CA3C499CA9DF96DD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA40FE9E748261BFCB667674F3AB5C9B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8C90BC69D1E3249E4B891173BF4B32A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC477D119AD5A542FAECE56AA0204867_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD9E75DDDB51C90B6E5867BF21DDA228_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC6DA7DE96CDA920178BA1D922671AD0_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABC6FCD3505D22D53729CCA19BFF749C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACBA577652955E613422EB2AD7A6AC05_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE142526BAE7FADD2D78C84B20E78A1F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE76AEB0FEBE2FB09CF3E59A4B28C8AC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B099A7BF655819C9601D8971ADBD4F79_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0DB7281E18A5350B1AEAA38A9956639_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1B5906AED62F2FBE8F556012C1DE743_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEBD1E33BE2C3EE57007CEC82C5ABE71_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B003E8E21846C4ACAD14C0F5A6EC09D3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B24502CC9CFD2DCEBCCDD04FC588AE80_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B290090A9B21C534128201900BF2C667_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B285415502E3299E961658F08C8A5B15_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B35F8362870B783CB5A07ABBBB36DB0E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3AB7BA071D925C29DB2778158318F5D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B57328956C9C060B3232AB3ADEDD49F3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5045E530CB26F3F65CC5A9C7ED45FA0_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5237E164A0C0FD3F8C95186B3F1FC8E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B58168A99A3D1F284F1DE7D4E915A472_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B662F1867215C79A099FFC0AAFEA36E6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B66A4674847BE13045FA15140F2BFCBE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7509834C15F2F86D7E088491DE1BEDD_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6D7EFF6F36D1D6BBEDF262A3D2363EF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8418C6BC956D8838FF25C2A90D46C74_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7AAB6DD5EE91DE0A0AB45510CBCC0F3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9422EEFF654D64F88B7F9F3C9084259_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8AFA0ADCB06885F9B9A34976799DC1E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94EE4CD0261C90693CE6A198168442B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA97E5F8B0AEB4CA367CF6DA00C8296A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB2E89A682132D92D1C9A72C1C5FBFC3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8FDEC5E1EB41CB5E1F12F89A997BA51_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAE585F1CBCA33D8A0C9A8B1449A68E5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBED17B6EC0F6E052941B3F638DF014A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAD64EFCB83092BEDDB366D48A3C7759_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBFCC008137C35986D821781A3BEC765_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC654BA66FD1F87F17BBE061EF7F6827_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCD2498FF01989BE40F178FDCBF841BE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCCE4E768259F4776DAD21781E01FA9F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBB70FC4350F53EA4EE8145D028CBBFE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF06FFE6500CCC069C99BDF8E98A9F16_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD12F87F61C7F566F42D024AA8A4A3E7_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC71FB956B0FA20EE51BCFC629E132D7_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFAD86F2DDA024B7424985A9543C46C7_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE675317771D40650D49A2B4CDDD2282_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C07072D166C03AFF177C4587A137B8B0_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C109AE8B70B67FFD35BD88C554738707_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1FFA529FB3CF83E123E7530C33C1DB9_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C34DFD0840D1E943EBB30D26DF2E1030_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C143FA97079FAE896C557129CDC0273F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFFF8B73C2349AB611C21CB21DE35C49_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4526C1D90BCAEF04955B708F55B993C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C401915A9F282C66864B9F74B205D1FE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7426CEACDFE3AF005E182A8939C0AA6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C47A72AABC27831E171ECA0BFBE157B6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C59E48198676826EA3ED13429A9F4872_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C67F3A1A47C6118DF1D9BBD7C35FA794_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8EB5E91D38169C0C4B5DDD98D8134A3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7575784CAC38B83B56ABBFCFC1AB2B2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91D21E948FB8FFDFB65C5BD8A926704_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C97991B2B265127D8BEA3B0FFFF5A93B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA39BCFA47FFB60E039FFBAA5424DCBE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA44C69DB542F6CB24AF4B805685B9BE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC060FA46493C6EDE1DA521A72BD4281_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03DD8AE86157F48C81EEACAE1ADE88E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFD2A8ABD04A8405F65D75539D020362_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF0A0501AC6B81C4E587DD4780D6450E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D056C678F18D9DF08BF5A86085733017_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1765405B3537ADB61862455075CFBDB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4A3E71CA9A0DDA54E3930765C5ED0D8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE60F30C8DEB132B13F6C8ECE85CCBC6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5423F34ED36A5CA18650E0AC2D883E8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D167DBBC2D7BF12C657A5FC423B7AB26_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D67F97869733128665A6EDEB62B6F8AF_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7A83039619EC31B80DAC536F1C584EC_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9BA3C5E3A4317EEDCE3BBDBEA7A277E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7F89F19E6662D663A56A62AEABDD72D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC781CF53C23F929436DE176B127A7B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC6D1DA9AB21BA4C1C06E9DB2F75F8C3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA7FF52CD91E866C37BB7CF106CBDB44_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5E9502729C2CDAADFD1ADE72E5DB783_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEF973E3A11DFB05CE2677DE6613052E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBF6FAB7F29AE7660EF8368020648DC3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0DA4A5EF3E0A28470DA21B80960E8F2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E200B98548B84003D233B0C3726D89B1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E093FA468DC5BBFEDE6F6AA1E66ACCE1_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E038E6938E9D71E2696CE6529ECFBA79_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E11618FFEE3D753BFB058EBF89B32014_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFEB5F5F6B6E51C77C79DFADF0C0B1E5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3240E6BDFAE3130680FA2BC2E4258E8_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E43609A5E5E2C91B075721BBBBE03F8E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E433195133F0D3D15D1F100006D9083A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6A418D86BDBC0CD06C0884ABC459AB5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3156BB0A8E07EEBCB88598AF026D4BE_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E72D6FD2EC83E0CC43F3201D0EB25F9D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E48DEB4D8D32660B0C8BF0C8B810C85A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5411292664D2170D8A9835CAD8BE424_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8572B7C523EAF8A4AF73AEB131D7D1B_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8894CBBEFFFFFA3A2FB2C6CBBA91B46_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8376B25A5B2EEBE29AE9338C06C6F32_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8B95DB4575296BDFA261F1D3C2031C6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E933E3C08BBA913818C9EFD9230313CB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9B49EC15162FDECCACF0DED95353064_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8D8F566228FE9D7A2DF8CDFAB8A480D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E88E336B99A28E932C1925E2FDD893AB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA858826194D1FC978FE2E004947071A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED024663DC972D17A4E2EEB8871A888D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBE32FBFF72D52C8B4EB17796BA6DAAB_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9ED5B2EF93C611F8C7D9C648008AD02_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E941B1180622F4E50882628E4122D2C0_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE302D9112B7D3B829C414F6E4A08D27_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEB078952FFA41156DC15CC8B1941ED5_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F050441ECAA4222F3093CCD22D6BFBE2_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF806530158D86DD7D018463F765110E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEE3014DF6B78B9D0149075B6B9E2FA3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1735532808CDCEB81F98B1685D7165F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFA5BD745E8AF25B05FEF9F3A6768BD6_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F13C3DA16248F37933E6A5477F464716_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2AA80F799137A0B57FB196CE552A54E_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F64233C9737070ACF21BABB26FF8BC33_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C98575D4136389CA3CC1C982C54F14_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6E4F82697F2C755DDF439372405D6C4_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2748C947482181C15851887FF060576_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB2EE9AD6EE6F475092243AC2F74B97F_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FAF003AD0AA5F5BA2E043B260525E1D3_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FABD09C8A61BA8621195A7483E426678_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7526A5321291728891E74ADB09E5F2A_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCBF4E5D0532B1030521F98B1AE21493_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF7A69C5ECD5AE9A93337F47FE49F95D_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFC6645D2C0F201354AD0998AD61D815_B88DA34D-0407-4649-89A0-54D874F107AF
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF1B282CDE0FADF6B53824B8901FD42C_B88DA34D-0407-4649-89A0-54D874F107AF
C:\Program Files\Weight Watchers\FlexPoints 2.01\dbmat\recipes_new.zip\recipes_new.xml
--------------------------------------------------------------------------------
Optionen
Scan-Engines:
Scanoptionen:
Alle Dateien scannen
Innerhalb von Archiven suchen
Erweiterte Heuristik verwenden
--------------------------------------------------------------------------------
Copyright © 1998-2009 Produktsupport | Virusbeispiel an F-Secure senden
F-Secure übernimmt keine Verantwortung für Material, das von Drittparteien erstellt oder veröffentlicht wurde, die mit den WWW-Seiten von F-Secure verlinkt sind. Falls von Ihnen nicht ausdrücklich anders angegeben, stimmen Sie durch das Übermitteln von Material auf einen unserer Server, zum Beispiel per E-Mail oder über F-Secure CGI E-Mail, zu, dass das von Ihnen zur Verfügung gestellte Material auf den WWW-Seiten von F-Secure oder in gedruckten P
ublikationen von F-Secure veröffentlicht werden darf. Sie gelangen auf die öffentliche Website von F-Secure, indem Sie auf unterstrichene Links klicken. Dabei wird Ihr Zugriff in unserer privaten Zugriffsstatistik mit Ihrem Domänennamen protokolliert. Diese Informationen werden nicht an Dritte weitergeleitet. Sie erklären sich damit einverstanden, in Zusammenhang mit von Ihnen übermitteltem Material keine rechtlichen Schritte gegen uns einzuleiten. Falls von Ihnen nicht ausdrücklich anders angegeben, berechtigen Sie F-Secure durch die Übermittlung von Material, alle darin beschriebenen Konzepte in Produkten oder Publikationen von F-Secure zu veröffentlichen, ohne dass F-Secure dafür verantwortlich zeichnet.
|
|
04.01.2012, 14:02
| #12 |
| /// Malwareteam | Rechner infiziert mit Win32Spy.Zbot Trojaner Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Macht der Rechner noch Probleme?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.01.2012, 12:58
| #13 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner so hier die logs einmal die otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.01.2012 12:46:47 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Media\Desktop\Trojaner Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,14% Memory free 6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 34,62 Gb Free Space | 35,48% Space Free | Partition Type: NTFS Drive D: | 833,86 Gb Total Space | 333,86 Gb Free Space | 40,04% Space Free | Partition Type: NTFS Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Media\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ea98cad4cea9ac78db91e6c66a6cbf3\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Win32 Services (SafeList) ========== SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (AVerM115S) -- C:\Windows\System32\drivers\AVerM115S.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET) DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET) DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AVerAVF2) -- C:\Windows\System32\drivers\AVerAVF2.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 23 96 C3 16 0B CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 20:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.04 08:30:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.05 20:39:30 | 000,000,000 | ---D | M] [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions [2011.12.26 14:39:54 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\staged [2011.12.30 12:18:43 | 000,000,933 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\11-suche.xml [2011.12.30 12:18:44 | 000,002,419 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\englische-ergebnisse.xml [2011.12.30 12:18:43 | 000,010,525 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\gmx-suche.xml [2011.12.30 12:18:44 | 000,002,457 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\lastminute.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\startsear.xml [2011.12.30 12:18:43 | 000,005,508 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\webde-suche.xml [2012.01.04 08:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.04 08:30:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.10.04 18:42:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.04 08:30:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.12.30 23:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E365FBB-8B8F-44A2-9710-01B6CAAE05F0}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE1D2C4-5339-42DF-BA1D-5E58F61C0C7C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.04 08:40:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\f-secure [2012.01.04 08:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.04 08:30:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.01.04 08:30:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.04 08:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.02 19:00:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.01.02 18:02:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.01 11:09:09 | 000,000,000 | R--D | C] -- C:\Users\Media\Desktop\2012-01-01 [2011.12.30 23:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.30 23:28:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\temp [2011.12.30 23:22:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.30 23:22:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.30 23:22:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.30 23:22:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.30 23:22:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.30 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Trojaner [2011.12.30 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 11:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\GetRightToGo [2011.12.30 11:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.12.30 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.30 10:51:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.30 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\vlc [2011.12.30 09:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.29 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\UseNeXT [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.22 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.22 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.22 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.21 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\maxdome - Online Videothek [2011.12.21 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\BILD [2011.12.15 07:09:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.15 07:09:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.15 07:09:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.15 07:09:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.15 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.15 07:09:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.14 20:03:22 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.14 20:03:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.14 20:03:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.14 20:03:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.14 20:03:06 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.14 20:03:05 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.06.02 20:34:35 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Media\AppData\Roaming\SetupGFD.exe [2011.06.02 20:33:20 | 005,243,208 | ---- | C] ( ) -- C:\Users\Media\AppData\Roaming\AvsP.exe [2011.06.02 20:33:04 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Media\AppData\Roaming\ffdshow.exe [2011.06.02 20:33:00 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Media\AppData\Roaming\xvid.exe [2011.06.02 20:32:00 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Media\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.01.06 12:48:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 12:48:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 12:43:33 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2012.01.06 12:43:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.06 12:43:15 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012.01.05 21:16:33 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2012.01.04 08:30:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.01.04 08:30:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.02 20:09:59 | 000,700,716 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.02 20:09:59 | 000,662,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.02 20:09:59 | 000,147,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.02 20:09:59 | 000,123,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.01 12:18:54 | 4195,057,663 | R--- | M] () -- C:\Users\Media\Desktop\20111231213721.MTS [2011.12.30 23:29:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.30 12:29:46 | 000,038,986 | ---- | M] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 11:07:06 | 000,001,226 | ---- | M] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:51:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 09:15:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:07 | 000,962,160 | ---- | M] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.29 12:02:56 | 125,290,681 | ---- | M] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi [2011.12.22 15:34:18 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.22 09:49:30 | 000,001,813 | ---- | M] () -- C:\Users\Media\Desktop\UseNeXT.lnk [2011.12.15 07:28:38 | 000,507,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.07 20:53:01 | 000,001,008 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.07 20:53:00 | 000,001,028 | ---- | M] () -- C:\Users\Media\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.01.01 11:28:54 | 4195,057,663 | R--- | C] () -- C:\Users\Media\Desktop\20111231213721.MTS [2011.12.31 12:25:15 | 125,290,681 | ---- | C] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi [2011.12.30 23:22:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.30 23:22:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.30 23:22:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.30 23:22:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.30 23:22:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.30 12:29:40 | 000,038,986 | ---- | C] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 11:07:06 | 000,001,226 | ---- | C] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:51:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 09:15:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:06 | 000,962,160 | ---- | C] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.22 15:34:18 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 10:28:06 | 000,003,584 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.06 22:41:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.06 22:38:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.05 22:26:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.05.05 13:42:41 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2011.05.05 13:30:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2011.05.05 13:30:59 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2011.05.05 13:30:58 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2011.05.05 13:30:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2011.05.05 13:30:58 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2011.05.05 13:30:58 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2011.05.05 13:30:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2011.05.05 13:03:49 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2009.07.14 09:47:43 | 000,700,716 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,402 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,507,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,662,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,123,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2003.02.27 09:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > und die extras.txt [codeOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.01.2012 12:46:47 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Media\Desktop\Trojaner
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,14% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 34,62 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 333,86 Gb Free Space | 40,04% Space Free | Partition Type: NTFS
Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}" = Microsoft Office Outlook-Minianwendungen für Windows SideShow
"{41DA03AC-71BF-4725-AD26-FC4070B0F0A9}" = My Movies for Windows Media Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A24C18C8-E26C-488B-8373-A45F5D3C6A35}" = BILD.de für Windows Media Center
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC07DE4F-4E89-4546-916E-ABE00FEE264A}" = ESET Smart Security
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVerMedia A177 PCIe Dual Hybrid DVB-T" = AVerMedia A177 PCIe Dual Hybrid DVB-T 1.3.0.76
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"vmcMoteServer" = vmcMoteServer
"WinAce Archiver" = WinAce Archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2012 14:31:12 | Computer Name = MEDIACENTER | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 04.01.2012 16:41:52 | Computer Name = Mediacenter | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15c8 Startzeit:
01cccb212c579691 Endzeit: 0 Anwendungspfad: C:\Users\Media\Desktop\Trojaner\OTL.exe
Berichts-ID:
855770e5-3714-11e1-8997-001dba192b71
Error - 05.01.2012 06:37:35 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
Zeitstempel: 0x45b868bc Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b725 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d5d ID des fehlerhaften
Prozesses: 0x89c Startzeit der fehlerhaften Anwendung: 0x01cccb9602ade8ef Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL Berichtskennung: 472a33c9-3789-11e1-8169-001dba192b71
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 09:46:33 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
Zeitstempel: 0x45b868bc Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b725 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d5d ID des fehlerhaften
Prozesses: 0x80c Startzeit der fehlerhaften Anwendung: 0x01cccbb069dcad55 Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL Berichtskennung: ad40fb9f-37a3-11e1-83b2-001dba192b71
[ Media Center Events ]
Error - 26.12.2011 18:49:12 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:12 - Fehler beim Herstellen der Internetverbindung. 23:49:12
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2011 18:49:46 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:41 - Fehler beim Herstellen der Internetverbindung. 23:49:41
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 05:09:48 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:09:48 - Fehler beim Herstellen der Internetverbindung. 10:09:48
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 05:10:28 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:10:18 - Fehler beim Herstellen der Internetverbindung. 10:10:18
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 06:11:09 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:09 - Fehler beim Herstellen der Internetverbindung. 11:11:09
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 06:11:43 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:38 - Fehler beim Herstellen der Internetverbindung. 11:11:38
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 07:12:25 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:25 - Fehler beim Herstellen der Internetverbindung. 12:12:25
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 07:13:00 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:54 - Fehler beim Herstellen der Internetverbindung. 12:12:54
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 08:13:41 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:13:41 - Fehler beim Herstellen der Internetverbindung. 13:13:41
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 08:14:15 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:14:10 - Fehler beim Herstellen der Internetverbindung. 13:14:10
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 27.06.2011 07:45:19 | Computer Name = Mediacenter | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1713
seconds with 960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.11.2011 20:08:52 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 02:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 05:19:34 | Computer Name = Mediacenter | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?11.?2011 um 10:15:29 unerwartet heruntergefahren.
Error - 06.11.2011 05:19:53 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 14:21:20 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 07.11.2011 14:00:45 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 07.11.2011 18:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.11.2011 13:41:36 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 09.11.2011 04:12:34 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 10.11.2011 14:54:04 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
[/code] der rechner läuft wieder , trotzdem traue ich der sache noch nicht |
|
06.01.2012, 22:36
| #14 |
| /// Malwareteam | Rechner infiziert mit Win32Spy.Zbot Trojaner Schritt 1: OTL-Fix
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
[2011.12.26 14:39:54 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
:COMMANDS
[EMPTYTEMP]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
Schritt 3: Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
07.01.2012, 01:01
| #15 |
| | Rechner infiziert mit Win32Spy.Zbot Trojaner so hier die neuen log files Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mcx1-MEDIACENTER
->Temp folder emptied: 0 bytes
User: Mcx1-MEDIACENTER.Mediacenter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Media
->Temp folder emptied: 179083812 bytes
->Temporary Internet Files folder emptied: 8840202 bytes
->Java cache emptied: 29623 bytes
->FireFox cache emptied: 48417928 bytes
->Flash cache emptied: 2693 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534088 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 226,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_002300
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 07.01.2012 00:47:03 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Media\Desktop\Trojaner Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,16% Memory free 6,00 Gb Paging File | 4,89 Gb Available in Paging File | 81,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 34,67 Gb Free Space | 35,54% Space Free | Partition Type: NTFS Drive D: | 833,86 Gb Total Space | 330,56 Gb Free Space | 39,64% Space Free | Partition Type: NTFS Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Media\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ea98cad4cea9ac78db91e6c66a6cbf3\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Win32 Services (SafeList) ========== SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (AVerM115S) -- C:\Windows\System32\drivers\AVerM115S.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET) DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET) DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AVerAVF2) -- C:\Windows\System32\drivers\AVerAVF2.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 23 96 C3 16 0B CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 20:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.04 08:30:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.05 20:39:30 | 000,000,000 | ---D | M] [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions [2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions [2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\staged [2011.12.30 12:18:43 | 000,000,933 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\11-suche.xml [2011.12.30 12:18:44 | 000,002,419 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\englische-ergebnisse.xml [2011.12.30 12:18:43 | 000,010,525 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\gmx-suche.xml [2011.12.30 12:18:44 | 000,002,457 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\lastminute.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\startsear.xml [2011.12.30 12:18:43 | 000,005,508 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\webde-suche.xml [2012.01.04 08:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.04 08:30:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\{40C3CC16-7269-4B32-9531-17F2950FB06F} () (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.10.04 18:42:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.04 08:30:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.12.30 23:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E365FBB-8B8F-44A2-9710-01B6CAAE05F0}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE1D2C4-5339-42DF-BA1D-5E58F61C0C7C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.07 00:23:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.04 08:40:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\f-secure [2012.01.04 08:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.04 08:30:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.01.04 08:30:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.04 08:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.02 19:00:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.01.02 18:02:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.01 11:09:09 | 000,000,000 | R--D | C] -- C:\Users\Media\Desktop\2012-01-01 [2011.12.30 23:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.30 23:28:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\temp [2011.12.30 23:22:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.30 23:22:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.30 23:22:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.30 23:22:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.30 23:22:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.30 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Trojaner [2011.12.30 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 11:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\GetRightToGo [2011.12.30 11:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.12.30 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.30 10:51:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.30 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\vlc [2011.12.30 09:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.29 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\UseNeXT [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar [2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.22 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.22 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.22 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.21 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\maxdome - Online Videothek [2011.12.21 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\BILD [2011.12.15 07:09:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.15 07:09:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.15 07:09:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.15 07:09:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.15 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.15 07:09:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.14 20:03:22 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.14 20:03:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.14 20:03:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.14 20:03:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.14 20:03:06 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.14 20:03:05 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.06.02 20:34:35 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Media\AppData\Roaming\SetupGFD.exe [2011.06.02 20:33:20 | 005,243,208 | ---- | C] ( ) -- C:\Users\Media\AppData\Roaming\AvsP.exe [2011.06.02 20:33:04 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Media\AppData\Roaming\ffdshow.exe [2011.06.02 20:33:00 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Media\AppData\Roaming\xvid.exe [2011.06.02 20:32:00 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Media\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.01.07 00:30:43 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 00:30:43 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 00:25:56 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2012.01.07 00:25:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.07 00:25:31 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012.01.06 20:08:37 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2012.01.04 08:30:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.01.04 08:30:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.02 20:09:59 | 000,700,716 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.02 20:09:59 | 000,662,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.02 20:09:59 | 000,147,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.02 20:09:59 | 000,123,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.01 12:18:54 | 4195,057,663 | R--- | M] () -- C:\Users\Media\Desktop\20111231213721.MTS [2011.12.30 23:29:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.30 12:29:46 | 000,038,986 | ---- | M] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 11:07:06 | 000,001,226 | ---- | M] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:51:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 09:15:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:07 | 000,962,160 | ---- | M] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.29 12:02:56 | 125,290,681 | ---- | M] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi [2011.12.22 15:34:18 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.22 09:49:30 | 000,001,813 | ---- | M] () -- C:\Users\Media\Desktop\UseNeXT.lnk [2011.12.15 07:28:38 | 000,507,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.01.01 11:28:54 | 4195,057,663 | R--- | C] () -- C:\Users\Media\Desktop\20111231213721.MTS [2011.12.31 12:25:15 | 125,290,681 | ---- | C] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi [2011.12.30 23:22:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.30 23:22:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.30 23:22:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.30 23:22:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.30 23:22:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.30 12:29:40 | 000,038,986 | ---- | C] () -- C:\Users\Media\Documents\cc_20111230_122937.reg [2011.12.30 11:07:06 | 000,001,226 | ---- | C] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk [2011.12.30 10:51:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 09:15:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.12.29 12:43:06 | 000,962,160 | ---- | C] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht [2011.12.22 15:34:18 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 10:28:06 | 000,003,584 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.06 22:41:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.06 22:38:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.05 22:26:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.05.05 13:42:41 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.001 [2011.05.05 13:30:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2011.05.05 13:30:59 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2011.05.05 13:30:58 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2011.05.05 13:30:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2011.05.05 13:30:58 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2011.05.05 13:30:58 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2011.05.05 13:30:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2011.05.05 13:03:49 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.dat [2009.07.14 09:47:43 | 000,700,716 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,402 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,507,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,662,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,123,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2003.02.27 09:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.06.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Media :: MEDIACENTER [Administrator] 07.01.2012 00:28:36 mbam-log-2012-01-07 (00-28-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202311 Laufzeit: 3 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.01.2012 00:47:03 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Media\Desktop\Trojaner
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,16% Memory free
6,00 Gb Paging File | 4,89 Gb Available in Paging File | 81,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 34,67 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 330,56 Gb Free Space | 39,64% Space Free | Partition Type: NTFS
Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}" = Microsoft Office Outlook-Minianwendungen für Windows SideShow
"{41DA03AC-71BF-4725-AD26-FC4070B0F0A9}" = My Movies for Windows Media Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A24C18C8-E26C-488B-8373-A45F5D3C6A35}" = BILD.de für Windows Media Center
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC07DE4F-4E89-4546-916E-ABE00FEE264A}" = ESET Smart Security
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVerMedia A177 PCIe Dual Hybrid DVB-T" = AVerMedia A177 PCIe Dual Hybrid DVB-T 1.3.0.76
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"vmcMoteServer" = vmcMoteServer
"WinAce Archiver" = WinAce Archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.01.2012 15:16:13 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
Zeitstempel: 0x45b868bc Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b725 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d5d ID des fehlerhaften
Prozesses: 0x8f4 Startzeit der fehlerhaften Anwendung: 0x01cccbddce546e5e Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL Berichtskennung: bb4d689c-37d1-11e1-9398-001dba192b71
Error - 05.01.2012 16:01:10 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 16:01:10 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 05.01.2012 16:01:10 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 06.01.2012 07:43:41 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
Zeitstempel: 0x45b868bc Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b725 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d5d ID des fehlerhaften
Prozesses: 0x39c Startzeit der fehlerhaften Anwendung: 0x01cccc6868e2f9c3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL Berichtskennung: adeadb3c-385b-11e1-9f2c-001dba192b71
Error - 06.01.2012 09:00:44 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
Zeitstempel: 0x45b868bc Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b725 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d5d ID des fehlerhaften
Prozesses: 0x820 Startzeit der fehlerhaften Anwendung: 0x01cccc732a0e8f1e Pfad der
fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL Berichtskennung: 716039d3-3866-11e1-9504-001dba192b71
Error - 06.01.2012 09:02:51 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 06.01.2012 09:02:51 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 06.01.2012 09:02:51 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local.
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
Error - 06.01.2012 09:21:33 | Computer Name = Mediacenter | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 26.12.2011 18:49:12 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:12 - Fehler beim Herstellen der Internetverbindung. 23:49:12
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2011 18:49:46 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:41 - Fehler beim Herstellen der Internetverbindung. 23:49:41
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 05:09:48 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:09:48 - Fehler beim Herstellen der Internetverbindung. 10:09:48
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 05:10:28 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:10:18 - Fehler beim Herstellen der Internetverbindung. 10:10:18
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 06:11:09 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:09 - Fehler beim Herstellen der Internetverbindung. 11:11:09
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 06:11:43 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:38 - Fehler beim Herstellen der Internetverbindung. 11:11:38
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 07:12:25 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:25 - Fehler beim Herstellen der Internetverbindung. 12:12:25
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 07:13:00 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:54 - Fehler beim Herstellen der Internetverbindung. 12:12:54
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 08:13:41 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:13:41 - Fehler beim Herstellen der Internetverbindung. 13:13:41
- Serververbindung konnte nicht hergestellt werden..
Error - 27.12.2011 08:14:15 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:14:10 - Fehler beim Herstellen der Internetverbindung. 13:14:10
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 27.06.2011 07:45:19 | Computer Name = Mediacenter | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1713
seconds with 960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.11.2011 20:08:52 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 02:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 05:19:34 | Computer Name = Mediacenter | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?11.?2011 um 10:15:29 unerwartet heruntergefahren.
Error - 06.11.2011 05:19:53 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.11.2011 14:21:20 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 07.11.2011 14:00:45 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 07.11.2011 18:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 08.11.2011 13:41:36 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 09.11.2011 04:12:34 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 10.11.2011 14:54:04 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
| Themen zu Rechner infiziert mit Win32Spy.Zbot Trojaner |
| anhang, anhang geöffnet, anwendung, arbeitsspeicher, befallen, bild, e-mail, e-mail anhang, entfernen, eset, explorer, getarnt, hängt, infektion, infiziert, internet, internet explorer, langsam, melde, meldet, rechner, spy.zbot, system, trojane, trojaner, virus, win, ähnliches |
Textbox.
Hybrid-Darstellung
