| |
| |||||||
Log-Analyse und Auswertung: Security Center !Achtung! Ihr Computer wurde gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.02.2012, 20:41
| #1 |
 |  Security Center !Achtung! Ihr Computer wurde gesperrt Gestern erschien auf meinem Notebook eben dieses Fenster mit der Aufschrift: "Security Center !Achtung! Ihr Computer wurde gesperrt!" ergänzt durch die Forderung von 100 EUR, da Microsoft auf dem Computer nicht lizensierte Software entdeckt habe. Dies ist definitiv nicht der Fall. Ich bin ratlos, da das meine Kompetenz bei weitem übersteigt. Momentan kann ich den Rechner nur noch im gesicherten Modus starten. Ich wäre sehr dankbar, wenn mir jemand helfen könnte, da ich den PC leider zum Arbeiten brauche. Viele Grüße und Danke im Voraus Benf |
|
01.02.2012, 20:47
| #2 |
| /// Malware-holic   | Security Center !Achtung! Ihr Computer wurde gesperrt hi, genau, starte im abgesicherten modus mit netzwerk.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.02.2012, 23:30
| #3 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 01.02.2012 21:06:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Helmut\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,02% Memory free 4,25 Gb Paging File | 4,00 Gb Available in Paging File | 94,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 15,20 Gb Free Space | 27,19% Space Free | Partition Type: NTFS Drive D: | 49,06 Gb Total Space | 15,87 Gb Free Space | 32,34% Space Free | Partition Type: NTFS Computer Name: BENI | User Name: Helmut | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.01 21:00:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.12.24 00:57:42 | 003,580,928 | ---- | M] () -- C:\Program Files\VistaCodecPack\filters\ffdshow.ax MOD - [2009.08.11 20:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\System32\ac3filter.acm MOD - [2009.06.02 17:10:58 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - [2011.06.28 13:23:49 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.06.28 13:23:49 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.06.28 13:23:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 09:12:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.06 08:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Stopped] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc) SRV - [2010.09.06 08:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.08.26 19:38:25 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.05.07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.01.22 00:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2010.01.01 13:13:38 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.11.06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008.04.21 23:11:56 | 000,527,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008.04.20 23:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.04.17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.09.12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2007.09.12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 17:47:48 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.03.26 19:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 13:23:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 13:23:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.06 08:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.09.06 08:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.07.20 11:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010.07.20 11:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2010.07.20 11:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2009.11.16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.11.09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC) DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008.10.28 16:07:12 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.10.28 16:07:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.09.08 09:25:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.09.08 09:25:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.09.08 09:25:18 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.09.08 09:24:47 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman) DRV - [2008.05.18 17:40:17 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PzWDM.sys -- (PzWDM) DRV - [2008.04.17 08:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.02.01 11:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2007.12.10 13:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2007.12.10 13:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2007.05.24 15:01:57 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 01:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.26 19:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.03.26 19:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.03.26 19:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.03.22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.24 07:27:38 | 000,019,944 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SIVX32.sys -- (SIVDRIVER) DRV - [2007.02.05 11:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:57 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.myspass.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "TranslatorBar 1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2392836&SearchSource=13" FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {00bf7b9c-acd2-4080-bea8-b1c41987070f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Helmut\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.09 13:32:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.19 13:23:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.19 13:23:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 14:29:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 07:55:21 | 000,000,000 | ---D | M] [2010.07.26 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions [2010.07.26 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.19 15:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.01.13 09:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions [2012.01.13 09:54:38 | 000,000,000 | ---D | M] (TranslatorBar 1 Community Toolbar) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f} [2010.05.03 19:08:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(200) [2010.05.03 19:08:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(201) [2010.07.08 22:46:05 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\searchrecs@veoh.com [2010.04.21 11:08:16 | 000,000,933 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\by33jvx7.default\searchplugins\conduit.xml [2011.12.18 20:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.05.08 20:36:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BY33JVX7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.01.08 14:29:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.08 14:29:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.08 14:29:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.08 14:29:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.08 14:29:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.08 14:29:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.08 14:29:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [vasja] C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe (Quick Heal Technologies (P) Ltd.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PH1ZWp1JWE = C:\ProgramData\upgvkjit\cbqdgfwt.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E6D2DA-3FE7-4292-A7C1-1D3FE5E806F5}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA776327-0BF5-406F-8850-05CCA96DA247}: DhcpNameServer = 192.168.250.11 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O21 - SSODL: admsetgen - {254E6018-0286-1655-1886-02237EC41171} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2ad267a0-079b-11dd-8f1f-001bfcf2bd86}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe O33 - MountPoints2\{2ad267b6-079b-11dd-8f1f-001bfcf2bd86}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe O33 - MountPoints2\{d91932ba-14d6-11df-b1dc-001bfcf2bd86}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rtD.exE O33 - MountPoints2\{f9849a20-82f2-11dd-8097-001bfcf2bd86}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 08:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.01 21:00:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.02.01 01:08:50 | 002,247,216 | ---- | C] (SPAMfighter ApS) -- C:\Users\Helmut\Desktop\spywarefighter.exe [2012.02.01 00:46:48 | 000,000,000 | R--D | C] -- C:\Users\Helmut\Favorites [2012.01.31 20:22:53 | 000,000,000 | R--D | C] -- C:\Users\Helmut\Documents [2012.01.31 20:18:35 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\heavens gate [2012.01.31 20:18:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\Event project [2012.01.31 20:18:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop [2012.01.25 07:54:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2007.01.24 11:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2012.02.01 21:00:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.02.01 18:24:39 | 000,650,512 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.01 18:24:39 | 000,606,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.01 18:24:39 | 000,133,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.01 18:24:39 | 000,110,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.01 18:21:40 | 000,001,356 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.02.01 18:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.01 18:15:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.01 18:15:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.01 18:15:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.01 18:15:24 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.02.01 01:30:25 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.02.01 01:22:03 | 000,050,477 | ---- | M] () -- C:\Users\Helmut\Desktop\Defogger.exe [2012.02.01 01:08:52 | 002,247,216 | ---- | M] (SPAMfighter ApS) -- C:\Users\Helmut\Desktop\spywarefighter.exe [2012.02.01 00:33:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.31 23:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.31 21:38:17 | 000,200,971 | ---- | M] () -- C:\Users\Helmut\Desktop\Donzdorf1,32km.jpg [2012.01.31 21:35:11 | 000,178,764 | ---- | M] () -- C:\Users\Helmut\Desktop\Donzdorf2,83km.jpg [2012.01.31 20:23:29 | 000,000,549 | ---- | M] () -- C:\Users\Helmut\Desktop\Uni - Verknüpfung.lnk [2012.01.31 20:17:27 | 000,131,072 | ---- | M] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.25 07:55:22 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2012.02.01 18:15:26 | 000,003,839 | ---- | C] () -- C:\Windows\System32\drivers\GETPADD.sys [2012.02.01 01:22:02 | 000,050,477 | ---- | C] () -- C:\Users\Helmut\Desktop\Defogger.exe [2012.01.31 21:38:17 | 000,200,971 | ---- | C] () -- C:\Users\Helmut\Desktop\Donzdorf1,32km.jpg [2012.01.31 21:35:11 | 000,178,764 | ---- | C] () -- C:\Users\Helmut\Desktop\Donzdorf2,83km.jpg [2012.01.31 20:19:14 | 000,221,409 | ---- | C] () -- C:\Users\Helmut\Desktop\tarifplanneuinnenmitlegende.pdf [2012.01.31 20:19:14 | 000,000,104 | ---- | C] () -- C:\Users\Helmut\Desktop\Papierkorb - Verknüpfung.lnk [2012.01.31 20:19:13 | 000,306,834 | ---- | C] () -- C:\Users\Helmut\Desktop\tarifplanneuaussenmitlegendejan2011.pdf [2012.01.31 20:19:08 | 000,202,775 | ---- | C] () -- C:\Users\Helmut\Desktop\schnellbahn-netzplan2011.pdf [2012.01.31 20:18:44 | 000,000,549 | ---- | C] () -- C:\Users\Helmut\Desktop\Uni - Verknüpfung.lnk [2012.01.25 07:55:22 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.01.25 07:55:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.05.23 09:38:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.05.23 09:38:25 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.04.07 13:59:06 | 000,001,356 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2010.09.06 08:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.09.06 08:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.09.06 08:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.09.06 08:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.07.11 18:49:04 | 000,032,768 | ---- | C] () -- C:\Windows\URCACM.EXE [2010.02.25 22:04:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.01.24 13:50:21 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.01.01 14:28:27 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old [2010.01.01 14:28:27 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.01.01 03:01:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.12.31 21:08:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.31 21:07:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.03.05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.02.16 20:54:25 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.02.16 20:54:25 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.28 16:07:12 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.10.28 16:07:11 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\winlogonpc.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\userconfig9x.dll [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\taack.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\taack.dat [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\psoft1.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\ps1.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\netode.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mwin32.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mtr2.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\msgp.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\iTunesMusic.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hxiwlgpm.exe [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hxiwlgpm.dat [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hoproxy.dll [2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\FVProtect.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\WINWGPX.EXE [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\winsystem.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\temp#01.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysreq.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\ssvchost.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\Rundl1.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\regm64.dll [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\newsd32.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mssecu.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\mssecu.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\h@tkeysh@@k.dll [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\dpcproxy.exe [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\bdn.com [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\bdn.com [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\awtoolb.dll [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\anticipator.dll [2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\akttzn.exe [2008.08.10 10:45:28 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.07.15 16:08:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.26 08:22:58 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat [2008.05.18 18:43:18 | 000,028,915 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\UserTile.png [2008.05.18 18:13:29 | 009,730,075 | ---- | C] () -- C:\Program Files\vlc-0.8.6f-win32.exe [2008.05.18 17:40:08 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.05.18 17:40:08 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.05.18 17:40:08 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.05.18 17:40:08 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2008.05.18 17:17:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.05.18 17:02:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.04.21 10:05:41 | 000,131,072 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.04.08 16:53:09 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABF3Ke.DAT [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.08.02 19:09:55 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2007.08.02 19:09:51 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.08.02 19:09:43 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2007.08.02 19:04:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2007.08.02 18:45:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.05.24 14:52:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.24 14:28:45 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.18 10:14:04 | 000,650,512 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.04.18 10:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.04.18 10:14:04 | 000,133,572 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.04.18 10:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.04.18 09:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.02.20 09:39:09 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,606,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,110,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.08.06 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\4Media [2009.03.02 08:22:26 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Anthropics [2010.02.08 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Audacity [2008.07.04 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\CD-LabelPrint [2011.06.06 16:50:05 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Diercke Globus Online [2012.01.08 09:02:35 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Dropbox [2010.01.24 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Leadertech [2011.01.19 13:23:12 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Local [2011.05.23 09:32:19 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Samsung [2009.08.02 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TeamViewer [2010.07.26 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Thunderbird [2010.06.19 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TomTom [2008.08.10 11:08:59 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TuneUp Software [2009.12.31 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\VistaCodecs [2012.02.01 18:15:24 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012.02.01 01:14:39 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < Code: > < --------- > < %SYSTEMDRIVE%\*. > [2008.07.03 13:57:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.11.04 19:55:15 | 000,000,000 | ---D | M] -- C:\a350f16921ea856758a2b839 [2009.02.16 20:51:57 | 000,000,000 | ---D | M] -- C:\BlueByte [2011.06.04 16:54:41 | 000,000,000 | -HSD | M] -- C:\Boot [2012.01.26 09:28:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.01.04 15:37:48 | 000,000,000 | ---D | M] -- C:\demobodenkarte [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.08.02 17:30:45 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.11.04 10:35:30 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.07 22:22:09 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.06 14:03:15 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.31 13:07:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.04.07 08:42:25 | 000,000,000 | R--D | M] -- C:\Users [2012.02.01 00:46:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2008.05.18 18:13:10 | 009,730,075 | ---- | M] () -- C:\Program Files\vlc-0.8.6f-win32.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.05.12 20:42:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.05.12 20:42:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.05.12 20:42:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.05.13 19:31:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.05.13 19:31:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.08.02 18:00:59 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.08.02 18:00:59 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.02.01 21:06:25 | 003,407,872 | ---- | M] () -- C:\Users\Helmut\ntuser.dat [2012.02.01 21:06:25 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat.LOG1 [2008.04.07 08:42:26 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat.LOG2 [2008.08.10 11:39:51 | 001,572,864 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT_BAK_12923 [2008.10.26 11:09:35 | 001,835,008 | ---- | M] () -- C:\Users\Helmut\ntuser.dat_BAK_75874 [2008.08.10 11:39:27 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\NTUSER.DAT_TU_12923.LOG1 [2008.08.10 11:39:27 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\NTUSER.DAT_TU_12923.LOG2 [2008.10.26 11:09:21 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat_TU_75874.LOG1 [2008.10.26 11:09:21 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat_TU_75874.LOG2 [2008.12.07 23:22:40 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TM.blf [2008.12.07 23:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2008.12.07 23:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2009.03.10 22:25:30 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TM.blf [2009.03.10 22:25:30 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2009.03.10 22:25:30 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2008.04.07 09:07:45 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008.04.07 09:07:45 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.04.07 09:07:45 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.08.10 14:20:48 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TM.blf [2008.08.10 14:20:48 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2008.08.10 14:20:48 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2008.12.15 19:53:53 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TM.blf [2008.12.15 19:53:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2008.12.15 19:53:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2011.06.04 16:55:00 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TM.blf [2011.06.04 16:55:00 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2010.02.02 16:43:56 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2012.02.01 11:44:13 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TM.blf [2012.02.01 11:44:13 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2011.06.04 16:57:41 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2010.02.02 12:00:11 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TM.blf [2010.02.02 12:00:11 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2009.09.20 15:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2008.10.26 11:21:08 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TM.blf [2008.10.26 11:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2008.10.26 11:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2008.11.04 11:06:02 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TM.blf [2008.11.04 11:06:02 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms [2008.11.04 11:06:02 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms [2008.04.07 08:42:27 | 000,000,020 | -HS- | M] () -- C:\Users\Helmut\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
01.02.2012, 23:39
| #4 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.02.2012 21:06:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Helmut\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,02% Memory free
4,25 Gb Paging File | 4,00 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 15,20 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 15,87 Gb Free Space | 32,34% Space Free | Partition Type: NTFS
Computer Name: BENI | User Name: Helmut | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103E8A86-E0E7-4E48-9897-65908B7B19B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{28466698-D852-457B-B9C2-4FFDE70927EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E0586CC-DEB3-4E2D-9571-6E74A2A6EF64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45E0E8BA-B89E-482A-9046-BCB12200BFAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59E92CCE-A3B1-476D-A409-DD0DFA4751B3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5846CCF-4F89-41F1-A981-AAB8CBC6106F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB8D64F8-0145-47EF-A820-BBC8BE6F87FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC269F52-B440-434A-9191-AB641FAC7B53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ED80D5CD-ED01-4490-AD94-F039F6DBEFCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD731354-3EE3-4650-AE15-DEB0407CAF52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0858CC05-0443-4548-93AE-5445B9AD5F52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AF6E8C0-1E90-4D47-8F4B-B0ED9CB37A37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BC8A9BC-7722-4A24-83E9-D3A29B4F7A22}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{154AB5BE-3B9A-49EF-96F8-B5746EE65D89}" = protocol=6 | dir=in | app=c:\users\helmut\appdata\roaming\dropbox\bin\dropbox.exe |
"{17EB68B9-A54C-4674-9335-388C6F2D5682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1B90BDDE-CD99-467D-994F-18405B2C6AF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35A3F261-710C-463C-B8FF-48131E4F7A96}" = protocol=6 | dir=out | app=system |
"{47D3C134-9197-4D9C-82B3-BE481C4DCB2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63EA5219-11F0-4A03-B4DC-00AACC575FB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E3E75A4-3C7A-4EDA-B8FF-ADAFC3B5749A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7A531804-1753-4763-9003-A93AC06B4215}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F52536B-C707-49C5-A4DE-E198F02FB6FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90540528-53DB-407A-BDD1-C53075E6FB81}" = protocol=17 | dir=in | app=c:\users\helmut\appdata\roaming\dropbox\bin\dropbox.exe |
"{B826458C-1050-49D8-B71F-571695E03AF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDC3674B-81E3-41E8-9D76-C4DC0326D729}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C271CEC6-EECC-4AC5-94C0-DCA0C42E7AA1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C8A00FBB-285C-4DB8-A749-5604727D7F25}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C8CFEDBB-22AF-40BF-9A35-08CBD1A8A5AF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CAAF9802-4ACA-4C67-A7F6-6597EE04A9FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D26D7CF3-6C04-4DB1-AF3B-66808A0BD759}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5EF151D-19BE-4E3F-B975-4753B80809A8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D6B20AC4-902F-4AE9-BED7-BBE223BCA85A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D952686F-7774-4BB0-B899-8746BF01E8A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC5917E1-112D-4AB5-A930-23AAED47783E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC9E788A-50B0-487C-809E-28308238464B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{024BC378-EE4B-4BAA-B6D6-A33F8ACDF215}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{0E1C4C3A-3AF4-4150-B474-633727A93365}E:\programs\ftptest\ftp-test.exe" = protocol=6 | dir=in | app=e:\programs\ftptest\ftp-test.exe |
"TCP Query User{53950042-5703-430E-98E7-FC4E570592E4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9D75D519-883D-4079-996F-54466ABB1238}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{C5F2BAAF-B363-4642-BD2D-A3CF843358E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F498715C-4D6A-4D26-A2DF-A400B8D56A48}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0D0CCFF4-C8D4-47C6-B76A-2732D0B44D0D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{6E07F3A7-4946-4E64-BCB1-76C0E1D4CD0E}E:\programs\ftptest\ftp-test.exe" = protocol=17 | dir=in | app=e:\programs\ftptest\ftp-test.exe |
"UDP Query User{867F2D69-8998-46FB-B2D7-DBE1BF676C96}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{9A897125-2AD7-4F45-857C-D6CD65FB054E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9CB6EC9A-F151-4F21-972C-0CAF75A90CDE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{E811C563-A948-48C6-8AA7-D10DC6BD937A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"netrcacm Uninstall" = RCA Digital Cable Modem
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 7.0
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2010 13:33:14 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
Error - 06.01.2010 20:46:09 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
Error - 07.01.2010 10:13:33 | Computer Name = Beni | Source = MsiInstaller | ID = 11303
Description =
Error - 09.01.2010 19:52:51 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
Error - 10.01.2010 07:09:55 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
Error - 11.01.2010 06:57:39 | Computer Name = Beni | Source = EventSystem | ID = 4609
Description =
Error - 11.01.2010 07:04:51 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
Error - 11.01.2010 11:48:17 | Computer Name = Beni | Source = Google Update | ID = 20
Description =
Error - 11.01.2010 11:56:38 | Computer Name = Beni | Source = Google Update | ID = 20
Description =
Error - 13.01.2010 19:19:13 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7026
Description =
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description =
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description =
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description =
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description =
Error - 01.02.2012 13:17:18 | Computer Name = Beni | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.02.2012 um 18:15:20 unerwartet heruntergefahren.
Error - 01.02.2012 13:17:32 | Computer Name = Beni | Source = DCOM | ID = 10005
Description =
Error - 01.02.2012 13:17:43 | Computer Name = Beni | Source = DCOM | ID = 10005
Description =
Error - 01.02.2012 13:18:35 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description =
Error - 01.02.2012 13:18:35 | Computer Name = Beni | Source = Service Control Manager | ID = 7026
Description =
[ TuneUp Events ]
Error - 06.05.2010 10:14:13 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.05.2010 03:06:38 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.05.2010 05:26:14 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.05.2010 09:24:26 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.05.2010 13:00:47 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.05.2010 12:32:14 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.05.2010 12:45:20 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.05.2010 12:56:28 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.05.2010 13:16:59 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.05.2010 13:54:25 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
02.02.2012, 11:35
| #5 |
| /// Malware-holic | Security Center !Achtung! Ihr Computer wurde gesperrt hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [vasja] C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe (Quick Heal Technologies (P) Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PH1ZWp1JWE = C:\ProgramData\upgvkjit\cbqdgfwt.exe
:Files
C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe
C:\ProgramData\upgvkjit
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 12:19
| #6 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt All processes killed Error: Unable to interpret <Code:> in the current context! Error: Unable to interpret <---------> in the current context! ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully. C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\PH1ZWp1JWE deleted successfully. ========== FILES ========== File\Folder C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe not found. C:\ProgramData\upgvkjit folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41 bytes User: Default User User: Helmut ->Flash cache emptied: 7231 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User User: Helmut ->Temp folder emptied: 1120985 bytes ->Temporary Internet Files folder emptied: 402333330 bytes ->Java cache emptied: 9953353 bytes ->FireFox cache emptied: 28352572 bytes ->Google Chrome cache emptied: 6090534 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6782740 bytes RecycleBin emptied: 1408924831 bytes Total Files Cleaned = 1.777,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02022012_115842 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
02.02.2012, 12:23
| #7 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt ok markusg.. Sollte alles geklappt haben |
|
02.02.2012, 12:45
| #8 |
| /// Malware-holic | Security Center !Achtung! Ihr Computer wurde gesperrt hatt es, sehr gut. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 15:08
| #9 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt Hallo markusg. Combofix ist nun endlich fertig, allerdings finde ich keine Textdatei namens Combofix.txt. Wo könnte die sonst noch sein? |
|
02.02.2012, 16:00
| #10 |
| /// Malware-holic | Security Center !Achtung! Ihr Computer wurde gesperrt ist es bis zum ende durchgelaufen? sie müsste auf c: liegen. wenn nicht mal erneut ausführen, im abgesicherten modus mit netzwerk diesmal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 18:41
| #11 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt Der Comboficordner ist jetzt auf C vorhanden, allerdings enthält er nur folgende Dateien: PEV (Anwendung) und snapshot.00.dat allerdings hatte ich nach dem Combofix-Scan (ist das überhaupt ein Scan??) auf dem Desktop eine offene Textdatei namens Log. Hab sie mal präventiv auf dem Desktop gespeichert und poste dir hier den Inhalt: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-02.01 - Helmut 02.02.2012 17:43:18.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1508 [GMT 1:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mssecu.exe
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\bdn.com
c:\windows\system32\dpcproxy.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\msgp.exe
c:\windows\system32\mssecu.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\ps1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\userconfig9x.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-02 bis 2012-02-02 ))))))))))))))))))))))))))))))
.
.
2071-07-25 07:13 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-02-02 16:52 . 2012-02-02 16:52 -------- d-----w- c:\users\Helmut\AppData\Local\temp
2012-02-02 16:52 . 2012-02-02 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 10:58 . 2012-02-02 10:58 -------- d-----w- C:\_OTL
2012-01-26 08:40 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 08:40 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-26 08:40 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 08:40 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 08:40 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-26 08:40 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 15:40 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:40 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:40 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:40 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 15:40 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 15:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:40 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 15:40 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-08 13:29 . 2012-01-08 13:29 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 13:29 . 2012-01-08 13:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 13:29 . 2012-01-08 13:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 13:29 . 2012-01-08 13:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 13:01 . 2007-08-02 18:04 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-23 13:37 . 2011-12-14 10:22 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 12:22 . 2011-05-17 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 10:21 2048 ----a-w- c:\windows\system32\tzres.dll
2008-05-18 17:13 . 2008-05-18 17:13 9730075 ----a-w- c:\program files\vlc-0.8.6f-win32.exe
2012-01-08 13:29 . 2011-12-18 19:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-21 2622296]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-21 911168]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-20 136472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-6-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"MBBalloon"=c:\program files\HOTALBUMMyBOX\MBBalloon.exe
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-02 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2012-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-08 16:39]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:03]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myspass.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\by33jvx7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2392836&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-02 17:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'Explorer.exe'(200)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-02-02 17:56:11
ComboFix-quarantined-files.txt 2012-02-02 16:56
ComboFix2.txt 2012-02-02 13:13
.
Vor Suchlauf: 13 Verzeichnis(se), 15.472.472.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 15.440.113.664 Bytes frei
.
- - End Of File - - 231EAAB5A022ABCA5F18A4A80396B004
Viele Grüße |
|
02.02.2012, 19:30
| #12 |
| /// Malware-holic | Security Center !Achtung! Ihr Computer wurde gesperrt jo ist es. danke für das log. öffne mal computer, c: qoobox, den ordner quarantain packen, und ebenfalls im upload channel hochladen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 19:49
| #13 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt Ich konnte den Ordner zwar komprimieren, aber leider nicht hochladen... Der Uploadchannel scheint nur Dateien und keine Ordner zu akzeptieren (oder bin ich beschränkt?) Oder soll ich den nicht komprimierten Ordner versuchen hochzuladen?? Kann ich dir den Inhalt irgendwie anderweitig zukommen lassen?? Viele Grüße |
|
02.02.2012, 20:31
| #14 |
| /// Malware-holic | Security Center !Achtung! Ihr Computer wurde gesperrt vllt einfach nur zu groß File-Upload.net - Ihr kostenloser File Hoster! dort hochladen und den link als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 21:09
| #15 |
| | Security Center !Achtung! Ihr Computer wurde gesperrt äh ja, sind über 70MB...mal sehen wie lange der Upload noch dauert.... |
|
| Themen zu Security Center !Achtung! Ihr Computer wurde gesperrt |
| 100 eur, achtung, achtung!, arbeiten, center, compu, computer, computer wurde gesperrt, dankbar, definitiv, ebook, entdeck, entdeckt, fenster, gesperrt, gestern, ihr computer wurde gesperrt, ihr computer wurde gesperrt!, microsoft, modus, notebook, ratlos, rechner, security, security center, software, starte, tan, übers |
Linear-Darstellung
