| |
| |||||||
Log-Analyse und Auswertung: Windows gesperrt - 50 Euro zu zahlenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.01.2012, 18:38
| #1 |
| |  Windows gesperrt - 50 Euro zu zahlen Hallo zusammen, erst einmal vielen Dank für euer Forum. ich weiß gar nicht, was ich sonst machen würde! Wie bereits oben im Titel angekündigt, habe ich mir einen Trojaner eingefangen, der Windows sperrt und mich auffordert 50 Euro zu zahlen. Ich werde gleich das Log posten ... Vielen Dank für eure Hilfe! |
|
20.01.2012, 19:59
| #2 |
| /// Malware-holic   | Windows gesperrt - 50 Euro zu zahlen hi, pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
20.01.2012, 20:51
| #3 |
| | Windows gesperrt - 50 Euro zu zahlen hier sind die logs:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 20.01.2012 20:42:16 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Laura\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 72,26% Memory free 7,09 Gb Paging File | 6,51 Gb Available in Paging File | 91,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,91 Gb Total Space | 66,71 Gb Free Space | 48,03% Space Free | Partition Type: NTFS Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Laura\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Laura\Downloads\Defogger.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Laura\Downloads\Defogger.exe () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\wxvault.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.) DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation) DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys () DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 18:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 16:38:19 | 000,000,000 | ---D | M] [2009.07.11 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions [2012.01.19 20:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions [2010.05.01 09:39:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.07 17:51:48 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}(126) [2012.01.09 10:50:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(125) [2011.02.15 11:51:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 15:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.30 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} () (No name found) -- C:\USERS\LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBG1Y0I.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI [2012.01.04 00:55:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll [2010.05.25 09:38:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe () O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}] C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe () O4 - HKCU..\Run: [{6B4795EC-6539-2F71-F881-BD95F12448DD}] C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe (Orb Networks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe () O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 80.69.100.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23841AE8-6C8D-42A4-954D-00ADC665EE9C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F07D9316-C35E-4B25-A389-5BE7FCF77FC5}: DhcpNameServer = 80.69.100.214 80.69.100.206 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\AutoRun\command - "" = F:\STOBOM/odlazim.exe O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\explore\command - "" = F:\STOBOM/odlazim.exe O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\open\command - "" = F:\STOBOM/odlazim.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe - (Dell Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software ) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk - C:\Program Files\phase6\phase6_19\WinStart\p6erinnerung.exe - (phase6) MsConfig - StartUpFolder: C:^Users^Laura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: ChangeTPMAuth - hkey= - key= - C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) MsConfig - StartUpReg: CLIVFR - hkey= - key= - C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe (CyberLink) MsConfig - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) MsConfig - StartUpReg: DellConnectionManager - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) MsConfig - StartUpReg: DellControlPoint - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.) MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) MsConfig - StartUpReg: dradio-RecorderTimer - hkey= - key= - C:\Program Files\dradio-Recorder\phonostarTimer.exe () MsConfig - StartUpReg: EmbassySecurityCheck - hkey= - key= - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MsConfig - StartUpReg: SansaDispatch - hkey= - key= - File not found MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Spyware Doctor - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SysTrayApp - hkey= - key= - File not found MsConfig - StartUpReg: USCService - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) MsConfig - StartUpReg: WavXMgr - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.20 18:27:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe [2012.01.20 18:23:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Xeenatk [2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Tyi [2012.01.13 16:37:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.11 22:43:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 22:43:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 22:43:41 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 22:43:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 22:43:37 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ] [7 C:\Users\Laura\Documents\*.tmp files -> C:\Users\Laura\Documents\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.20 20:25:10 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat [2012.01.20 18:27:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe [2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable [2012.01.20 18:26:38 | 000,598,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.20 18:26:38 | 000,104,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.20 18:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.20 18:18:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.20 18:18:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.20 18:18:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.16 13:06:03 | 013,415,134 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_19990211-0900b.mp3 [2012.01.16 13:05:29 | 013,625,340 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20000323-0900b.mp3 [2012.01.16 13:04:55 | 019,824,400 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20030410-0900a.mp3 [2012.01.16 13:04:46 | 020,324,635 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20040212-0900a.mp3 [2012.01.16 13:04:35 | 020,262,743 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20041007-0900a.mp3 [2012.01.16 13:01:13 | 020,229,648 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20051117-0900a.mp3 [2012.01.16 13:00:53 | 020,300,085 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20070208-0900a.mp3 [2012.01.16 13:00:35 | 020,302,257 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20080320-0900a.mp3 [2012.01.16 13:00:24 | 020,261,990 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20080424-0900a.mp3 [2012.01.16 13:00:10 | 020,260,105 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20081106-0900a.mp3 [2012.01.16 12:59:58 | 020,294,261 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20090115-0900a.mp3 [2012.01.16 12:59:45 | 020,369,207 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20091029-0900a.mp3 [2012.01.15 19:57:53 | 000,013,073 | ---- | M] () -- C:\Users\Laura\Documents\dandrey_neu.odt [2012.01.06 19:09:20 | 052,808,192 | ---- | M] () -- C:\Users\Laura\Desktop\111010_2003_Hoerspiel-und-Medienkunst_Elfriede-Jelinek-Neid-1.mp3 [9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ] [7 C:\Users\Laura\Documents\*.tmp files -> C:\Users\Laura\Documents\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.20 18:26:45 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable [2012.01.16 13:05:56 | 013,415,134 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_19990211-0900b.mp3 [2012.01.16 13:05:23 | 013,625,340 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20000323-0900b.mp3 [2012.01.16 13:04:47 | 019,824,400 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20030410-0900a.mp3 [2012.01.16 13:04:37 | 020,324,635 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20040212-0900a.mp3 [2012.01.16 13:04:27 | 020,262,743 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20041007-0900a.mp3 [2012.01.16 13:01:04 | 020,229,648 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20051117-0900a.mp3 [2012.01.16 13:00:44 | 020,300,085 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20070208-0900a.mp3 [2012.01.16 13:00:27 | 020,302,257 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20080320-0900a.mp3 [2012.01.16 13:00:15 | 020,261,990 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20080424-0900a.mp3 [2012.01.16 13:00:02 | 020,260,105 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20081106-0900a.mp3 [2012.01.16 12:59:49 | 020,294,261 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20090115-0900a.mp3 [2012.01.16 12:59:36 | 020,369,207 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20091029-0900a.mp3 [2012.01.15 19:57:52 | 000,013,073 | ---- | C] () -- C:\Users\Laura\Documents\dandrey_neu.odt [2012.01.13 16:38:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.01.11 22:43:45 | 000,025,088 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe [2012.01.06 19:08:50 | 052,808,192 | ---- | C] () -- C:\Users\Laura\Desktop\111010_2003_Hoerspiel-und-Medienkunst_Elfriede-Jelinek-Neid-1.mp3 [2010.11.05 11:39:21 | 000,001,356 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat [2010.05.09 17:04:00 | 000,017,408 | ---- | C] () -- C:\Users\Laura\AppData\Local\WebpageIcons.db [2010.01.17 15:38:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.01.03 15:13:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.12.24 16:19:28 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2009.12.24 16:19:27 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2009.10.25 14:05:55 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe [2009.10.25 13:58:51 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2009.09.17 11:50:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 11:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 11:48:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.01 04:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll [2009.08.23 12:08:07 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys [2009.07.11 21:15:42 | 000,036,352 | ---- | C] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.11 13:39:34 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\WavXMapDrive.bat [2009.06.29 16:54:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.06.29 15:38:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2009.05.07 00:51:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.05.07 00:51:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009.05.07 00:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.07 00:28:40 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.05.07 00:28:39 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.05.07 00:28:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.05.07 00:28:39 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.05.06 16:16:11 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2009.05.06 16:13:35 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2009.05.06 16:05:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll [2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll [2008.11.08 11:56:48 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll [2008.11.08 11:56:46 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll [2008.11.08 11:56:46 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll [2008.11.08 11:56:44 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll [2008.11.08 11:56:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll [2008.11.08 11:56:42 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll [2008.11.08 11:56:42 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll [2008.11.08 11:56:42 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll [2008.11.08 11:56:40 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll [2008.11.08 11:56:40 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll [2008.11.08 11:56:38 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll [2008.11.08 11:56:38 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll [2008.11.08 11:56:34 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll [2008.11.08 11:56:32 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll [2008.11.08 11:56:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll [2008.11.08 11:56:30 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll [2008.11.08 11:56:30 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll [2008.11.08 11:56:30 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll [2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll [2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll [2008.11.08 11:56:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll [2008.11.08 11:56:10 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll [2008.11.08 11:56:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll [2008.09.26 07:33:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll [2008.09.24 18:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll [2008.09.24 18:37:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll [2008.09.24 18:36:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll [2008.09.24 18:36:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll [2008.09.24 18:36:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll [2008.09.24 18:36:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll [2008.09.24 18:36:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll [2008.09.24 18:35:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll [2008.09.24 18:35:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll [2008.09.24 18:35:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll [2008.09.24 18:35:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll [2008.09.24 18:35:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll [2008.09.24 18:35:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll [2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll [2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll [2008.09.24 18:35:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll [2008.09.24 18:35:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll [2008.09.24 18:35:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll [2008.09.24 18:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll [2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll [2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll [2008.09.24 18:35:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll [2008.09.24 18:35:30 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll [2008.09.24 18:35:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll [2008.09.19 08:51:24 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll [2008.08.22 16:28:12 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll [2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll [2008.03.18 13:02:52 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll [2008.02.03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.19 05:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll [2007.04.19 05:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll [2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,387,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,598,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll [2006.06.30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll [2004.09.10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll [2004.09.10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2009.08.04 11:14:13 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Academic Software Zurich [2009.12.23 14:59:00 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\BitDefender [2009.07.11 13:40:01 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Broadcom [2011.02.15 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.10 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\FreeAudioPack [2012.01.20 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Gmail Notifier [2009.07.11 16:43:59 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\OpenOffice.org [2010.02.21 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Opera [2011.02.19 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\phonostar GmbH [2011.02.17 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PlagiarismFinder [2010.04.02 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\QuickScan [2010.02.11 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SanDisk [2010.12.07 11:28:18 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Tobit [2012.01.20 17:17:16 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Tyi [2010.12.07 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Uniblue [2009.07.11 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Wave Systems Corp [2012.01.20 17:24:43 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Xeenatk [2012.01.20 18:18:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.02 23:04:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.15 12:06:29 | 000,000,000 | ---D | M] -- C:\2f8797f6ddf2b357ee394ad39f020833 [2009.10.18 16:22:58 | 000,000,000 | ---D | M] -- C:\Boot [2012.01.14 12:28:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.19 17:47:30 | 000,000,000 | ---D | M] -- C:\DELL [2009.07.11 13:37:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.07 00:28:38 | 000,000,000 | ---D | M] -- C:\Drivers [2009.05.06 16:26:20 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.02 22:02:57 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.01.21 03:33:10 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.09 18:12:50 | 000,000,000 | ---D | M] -- C:\PPFS_SCAN2 [2011.09.09 22:46:59 | 000,000,000 | ---D | M] -- C:\PPF_Scan1 [2011.12.30 17:58:16 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.14 13:43:37 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.03.06 22:25:58 | 000,000,000 | ---D | M] -- C:\rsit [2010.10.16 14:49:38 | 000,000,000 | ---D | M] -- C:\SynView [2012.01.20 12:01:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.17 22:04:39 | 000,000,000 | R--D | M] -- C:\Users [2012.01.20 18:23:14 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_bdffb04d\atapi.sys [2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22130_none_dda155213abfc239\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_fbc3e716\atapi.sys [2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20786_none_db8b089b3dbc5507\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_853be412\atapi.sys [2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.05.07 00:46:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.05.07 00:46:38 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.05.07 00:46:38 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.05.07 00:46:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.12.04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Drivers\storage\R207268\IaStor.sys [2008.12.04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\drivers\iaStor.sys [2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_38fdd39d\iaStor.sys [2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_627c3848\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable [2012.01.20 20:42:12 | 003,670,016 | -HS- | M] () -- C:\Users\Laura\ntuser.dat [2012.01.20 20:42:12 | 000,262,144 | -H-- | M] () -- C:\Users\Laura\ntuser.dat.LOG1 [2009.07.11 13:38:04 | 000,000,000 | -H-- | M] () -- C:\Users\Laura\ntuser.dat.LOG2 [2010.12.09 00:19:25 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TM.blf [2010.12.09 00:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TMContainer00000000000000000001.regtrans-ms [2010.12.07 19:09:27 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TMContainer00000000000000000002.regtrans-ms [2010.12.07 18:22:51 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2010.12.07 18:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2009.07.11 15:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms [2012.01.20 17:23:16 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TM.blf [2012.01.20 17:23:16 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TMContainer00000000000000000001.regtrans-ms [2010.12.17 14:37:44 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TMContainer00000000000000000002.regtrans-ms [2009.07.11 13:38:04 | 000,000,020 | -HS- | M] () -- C:\Users\Laura\ntuser.ini [2011.01.30 20:15:23 | 000,002,526 | ---- | M] () -- C:\Users\Laura\Rechnung.htm < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > und Teil 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.01.2012 20:42:16 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Laura\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 72,26% Memory free
7,09 Gb Paging File | 6,51 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 66,71 Gb Free Space | 48,03% Space Free | Partition Type: NTFS
Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BA1906-EA85-4676-8EC8-EE7B7DDD8DA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E38398B-94BB-450E-BC3A-4E2CF6374662}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1D67C097-44C6-4454-B365-B681A0752BD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4352F3EE-B338-47E7-A1F0-E78C07EDB16B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{452B8285-F1D1-42D4-B0DE-C90B66D2A87B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{873EF4EF-6368-4C28-85AC-9BABCE44CB7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8F88865B-BE15-4428-98B0-606DFDA79CEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{940AE4BD-1467-4B8C-972A-87D2438BD2FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC6807E5-8198-411F-A5AF-CF90E672B303}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF0E6371-3CA0-43F5-B06C-7E3DE22B8321}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CF8ACB-36D8-4D11-BC64-6D3A4BBF7DA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{050F23D3-C08A-47A2-92EB-7E54028DAF28}" = protocol=17 | dir=in | app=c:\users\laura\appdata\local\temp\7zs4d87.tmp\symnrt.exe |
"{053A7A1E-8D2F-4AB0-ACB3-A5145DE343C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13BDFAAC-B30D-4E0C-8B33-F1441C07CBDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{242F00E1-253F-43F5-B543-DC090B65A102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3165A6C9-A9A8-4201-9347-2B791DAB9BDD}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{3FA9252D-8EB1-451A-8C3A-3A7C83DBA0F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FFAE661-8BD7-4753-B009-A7A36B256752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51B80EDC-00C1-4C61-978D-10817E390EE9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{5441CFAF-9418-4EE1-9BB4-7356C50F3C15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7181C4BB-6D00-40C9-8632-D55C741C2363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{751ED8FD-D0D4-41E7-B7D4-A2DF257829DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AAAA2A2-13D8-4A0C-927F-F24AED8EBB41}" = protocol=17 | dir=in | app=c:\users\laura\appdata\local\temp\7zs49b0.tmp\symnrt.exe |
"{80A5463D-FA3A-4624-812A-FBF8708C6DB6}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{886C57D5-139D-443B-971D-580BEDB7E74E}" = protocol=6 | dir=out | app=system |
"{89C4D86E-02FB-4C44-8F6F-2D3B6DDEE375}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C08A9E6-9E77-4FF5-A112-A08EB5A70E3B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"{8F092AD3-AD9A-4744-9624-EB60B3C0684C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9887D2CD-70A0-4308-A3AB-22E8824C8DED}" = protocol=6 | dir=in | app=c:\users\laura\appdata\local\temp\7zs49b0.tmp\symnrt.exe |
"{98B69A68-A4C1-4C91-9A8D-7061E8A012F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F7DB67A-6C4B-40BE-8E98-86F3338B597C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F9F1C92-1F60-4F4A-A9E6-F428D6248C21}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{A308D34C-2C80-4129-B3D2-B78A16F1DE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A6B4BC3B-17CC-4EBA-9EC0-CE8A57E2D470}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{B70D7283-8F27-4B14-B661-02BFE3E659CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98E83D7-6708-4073-892B-6860343D2F7D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{DBC5F059-4F07-48A5-98E4-F211C78C3655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD0CF21F-1D55-4FC9-903D-D24BE8D0FFDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4C4D0F9-FE82-415D-8344-045A13E36F24}" = protocol=6 | dir=in | app=c:\users\laura\appdata\local\temp\7zs4d87.tmp\symnrt.exe |
"{E8187DA7-C95C-4789-A500-382EBB78A89F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F69A8158-0798-4A19-8A6D-3F5F59C1783F}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"TCP Query User{163B1147-812F-47B8-9648-05BC09530AA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{5045FDC3-04D3-44F3-B5E6-1236283A7800}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7C5F51F8-8930-44F1-AD7D-5729C06F7A4A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{995E5D55-EAA0-4F5E-AD6E-05E7EA36D90B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9C9DEAA4-6648-4330-86A3-E4D501F9B2EF}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{BE997588-30FD-400A-8210-185FBFE392B2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F3C768F2-85B5-4E44-BFD6-0100310ED9AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{0571C39E-77A4-40B4-A7BC-DD82F5A0F71F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{05C88454-8F47-4E3E-9455-EA941FE3E6F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{683C34EC-4D56-4BE6-BB3E-79DF0EAD8A1F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{BA6AD641-CBF7-403D-942A-E7AE61D45D76}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CC43766D-CA90-407D-8BCF-58302172B454}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{E94C9D1C-18DF-4DA0-870D-152A97D4FEA3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F13BE792-133F-4C3C-9479-CFD97F82F601}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4502
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager
"{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8361A088-1A86-425B-968E-034555992392}" = NTRU TCG Software Stack
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E25AB4C-71E0-4B43-B44F-108BE18DC531}" = DCP32MMWrapper
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}" = Dell Button Service
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D43C8156-C238-4FE1-9CEA-C39E3B8A3530}" = Wave Infrastructure Installer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FDE4BEC4-2D7E-4799-A9BA-2BD23512CC7B}" = Dell Control Point
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF1FB289-146C-49EB-98C1-FADF4162CE28}" = Dell ControlPoint System Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Webcam Central" = Dell Webcam Central
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gmail Notifier" = Gmail Notifier
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Tobit ClipInc Server" = WDR RadioRecorder
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.01.2012 13:18:21 | Computer Name = Laura-Laptop | Source = LMS | ID = 2
Description = Failed to unregister for device notifications
Error - 20.01.2012 13:18:22 | Computer Name = Laura-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2012 13:22:06 | Computer Name = Laura-Laptop | Source = EventSystem | ID = 4609
Description =
Error - 20.01.2012 13:22:34 | Computer Name = Laura-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2012 13:49:54 | Computer Name = Laura-Laptop | Source = Application Error | ID = 1000
Description = Faulting application z6ujhl4o.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module z6ujhl4o.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x1fc, application
start time 0x01ccd79bc2d2d3b3.
Error - 20.01.2012 13:55:20 | Computer Name = Laura-Laptop | Source = Perflib | ID = 1008
Description =
Error - 20.01.2012 13:55:20 | Computer Name = Laura-Laptop | Source = Perflib | ID = 1010
Description =
Error - 20.01.2012 13:55:21 | Computer Name = Laura-Laptop | Source = PerfNet | ID = 2004
Description =
Error - 20.01.2012 15:30:42 | Computer Name = Laura-Laptop | Source = System Restore | ID = 8193
Description =
Error - 20.01.2012 15:43:09 | Computer Name = Laura-Laptop | Source = System Restore | ID = 8193
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 20.01.2012 11:49:02 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 11:50:56 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 12:22:20 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 12:23:18 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 20.01.2012 12:23:18 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 12:25:21 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 12:54:54 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 13:18:42 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
Error - 20.01.2012 13:18:44 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 20.01.2012 13:18:44 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory
[ OSession Events ]
Error - 20.01.2011 06:24:56 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3767
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.04.2011 13:48:36 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.07.2011 07:41:16 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 356
seconds with 120 seconds of active time. This session ended with a crash.
Error - 04.08.2011 05:44:28 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.08.2011 05:55:57 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
seconds with 120 seconds of active time. This session ended with a crash.
Error - 06.09.2011 08:03:49 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58038
seconds with 5520 seconds of active time. This session ended with a crash.
Error - 03.11.2011 14:17:16 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.11.2011 10:22:45 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2011 22:44:17 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11281
seconds with 3420 seconds of active time. This session ended with a crash.
Error - 10.12.2011 08:03:46 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6979
seconds with 2040 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.01.2012 12:54:32 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2012 13:17:57 | Computer Name = Laura-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:15:33 on 20.01.2012 was unexpected.
Error - 20.01.2012 13:18:23 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2012 13:18:43 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 20.01.2012 13:21:57 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description =
Error - 20.01.2012 13:22:06 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description =
Error - 20.01.2012 13:22:11 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description =
Error - 20.01.2012 13:22:36 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 20.01.2012 13:22:36 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 20.01.2012 13:24:42 | Computer Name = Laura-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
< End of report >
|
|
20.01.2012, 21:06
| #4 |
| /// Malware-holic | Windows gesperrt - 50 Euro zu zahlen hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O4 - HKCU..\Run: [{6B4795EC-6539-2F71-F881-BD95F12448DD}] C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe (Orb Networks)
O4 - HKCU..\Run: [{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}] C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe ()
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Xeenatk
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Tyi
:Files
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
C:\Users\Laura\AppData\Roaming\Tyi
C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2012, 21:23
| #5 |
| | Windows gesperrt - 50 Euro zu zahlen Also erst einmal vielen Dank schon mal für deine Mühe!! Du rettest mir hier gerade meinen Tag! All processes killed ========== OTL ========== C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{6B4795EC-6539-2F71-F881-BD95F12448DD} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B4795EC-6539-2F71-F881-BD95F12448DD}\ not found. C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{25FFACB1-3A56-11DE-BEE6-806E6F6E6963} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}\ not found. C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe moved successfully. C:\Users\Laura\AppData\Roaming\Xeenatk folder moved successfully. C:\Users\Laura\AppData\Roaming\Tyi folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Laura ->Flash cache emptied: 38389 bytes User: *** ->Flash cache emptied: 1353 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Laura ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1480734 bytes ->Java cache emptied: 26823043 bytes ->FireFox cache emptied: 58686747 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 32671 bytes ->Temporary Internet Files folder emptied: 7440206 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 438 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8210387 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 176962450 bytes Total Files Cleaned = 267,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01202012_211357 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
20.01.2012, 21:26
| #6 |
| /// Malware-holic | Windows gesperrt - 50 Euro zu zahlen bitte mache den upload. wegen tag rettung, sei da mal noch nicht so vor eilig, hab da was gesehen was mir nicht so gefällt, muss da aber noch nen blick drauf werfen befor ich endgültig was sagen kann.
__________________ --> Windows gesperrt - 50 Euro zu zahlen |
|
20.01.2012, 21:29
| #7 |
| | Windows gesperrt - 50 Euro zu zahlen den upload habe ich getätigt - müsste der eigentlich hier erscheinen? |
|
20.01.2012, 21:57
| #8 |
| /// Malware-holic | Windows gesperrt - 50 Euro zu zahlen nein, in einem extra bereich, in den dateien sind trojaner enthalten, da soll ja niemand drauf zugreifen. angekommen ist er. nutzt du das system für onlinebanking einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2012, 21:59
| #9 |
| | Windows gesperrt - 50 Euro zu zahlen ja, ich nutze den pc für einkäufe bei amazon... aber kein online banking |
|
20.01.2012, 22:00
| #10 |
| /// Malware-holic | Windows gesperrt - 50 Euro zu zahlen ok, du hast nen trojaner der sensible daten stiehlt. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2012, 22:04
| #11 |
| | Windows gesperrt - 50 Euro zu zahlen oh nein! muss ich das jetzt sofort machen, wenn ich erst einmal keine einkäufe etc tätige? ich hab nämlich auch gerade keine zweite festplatte zur verfügung und ich hab auch gerade nicht die cd, um das system zu installieren (brauche ich die?) zu verfügung? |
|
20.01.2012, 22:07
| #12 |
| | Windows gesperrt - 50 Euro zu zahlen mein pc ist dein dell latitude e 43000 (ein fertig typ?) |
|
20.01.2012, 22:09
| #13 |
| /// Malware-holic | Windows gesperrt - 50 Euro zu zahlen naja, ich würde es auf jeden fall zeitnahe machen, muss nicht in den nächsten 5 minuten passieren. hast du noch das handbuch, ich glaub das teil hat ne haus eigene recovery funktion. aber ich bin gleich raus, meld dich wenn du ne festplatte hast zum daten sichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows gesperrt - 50 Euro zu zahlen |
| 50 euro, angekündigt, bereits, eingefangen, euro, gefangen, gen, gesperrt, hallo zusammen, hilfe!, log, poste, posten, sperrt, titel, troja, trojaner, windows, windows gesperrt, würde, zahlen, zusammen |
Linear-Darstellung
