| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder st鋘dig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu k鰊nen, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauensw黵dig ist und bis zur vollst鋘digen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.03.2012, 15:19
| #1 |
 |  Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Hallo liebes trojaner-board.de Team. Mich hat es erwischt und mein Computer wurde von dem hier schon in mehreren Themen behandelten 50 Virus befallen. Schon nach wenigen Sekunden, nachdem ich den PC gestartet habe und mit dem Internet verbunden bin, erscheint folgende Meldung: Durch das Besuchen von Seiten mit infizierten und pornographischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen k鰊nen. Um das System wiederherstellen zu k鰊nen m黶sen Sie ein zus鋞zliches Sicherheitsupdate herunterladen. Dieses Update ist ein kostenpflichtiges Upgrade f黵 besonders infizierte Windowssysteme. Es besch黷zt das System vollst鋘dig von Virus und Schadprogrammen, stabilisiert Ihr Computersystem und verhindert den Datenverlust. Ich bin ein absoluter Laie und hoffe, dass ich hier richtig bin... Das Betriebssystem ist Windows 7 (32 bit). Den Forumregeln nach er鰂fne ich deswegen hier einen neuen Thread, in der Hoffnung, dass ihr mir schnell weiterhelfen k鰊nt. Anbei f黦e ich einige Logfiles bei dir ich der Anleitung f黵 neue Threads nach erstellen sollte: dds: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26 Run by Admin at 14:46:58 on 2012-03-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2813.1856 [GMT 1:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\system32\brss01a.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\ICQ7.6\ICQ.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://startsear.ch/?aff=1 mStart Page = hxxp://startsear.ch/?aff=1 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Pageshots for Internet Explorer PRO: {28cf50da-4a17-4442-bbf9-d916bfde072c} - c:\programdata\pageshotspro\pageshots_x86.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll TB: toolplugin: {dfefcdee-cf1a-4fc8-89af-189327213627} - toolplugin\toolbar.dll uRun: [<NO NAME>] uRun: [ICQ] "c:\program files\icq7.6\ICQ.exe" silent loginmode=4 uRun: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] c:\users\admin\appdata\roaming\microsoft\torrent.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to iPhone Converter - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoiphoneconverter.htm IE: Free YouTube to MP3 Converter - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe IE: {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/ IE: {998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 213.211.192.34 213.187.64.1 TCP: Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068} : DhcpNameServer = 213.211.192.34 213.187.64.1 TCP: Interfaces\{692779E6-F838-4B7A-B811-22C354536B52} : DhcpNameServer = 193.189.244.225 193.189.244.206 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\ FF - prefs.js: browser.search.selectedEngine - Search the web FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npuuseep.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\tvuplayer\npTVUAx.dll FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search the web FF - user.js: browser.search.order.1 - Search the web FF - user.js: browser.search.defaultenginename - Search the web FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q= FF - user.js: privacy.item.cookies - false FF - user.js: privacy.sanitize.promptOnSanitize - false . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe [2010-10-29 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-5 176128] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-9-22 645048] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-5 5587456] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-5 210432] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Droppix Service;Droppix Service;c:\program files\common files\droppix\DxService.exe [2011-5-6 221184] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-21 15872] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224] . =============== Created Last 30 ================ . 2012-03-07 13:07:44 -------- d-----w- c:\users\admin\appdata\roaming\QuickScan 2012-03-06 21:48:57 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0a9d0c6-60fe-45d0-b0f0-951d1c695917}\mpengine.dll 2012-03-06 09:36:45 922176 ------w- c:\program files\mozilla firefox\ger\DPInst.exe 2012-03-05 09:02:27 -------- d-----w- c:\program files\Software4u 2012-02-26 19:43:06 -------- d-----w- c:\program files\SPSS Viewer 2012-02-23 19:48:52 -------- d-----w- c:\program files\iPod 2012-02-23 09:16:51 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-07 10:24:04 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll 2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl 2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll 2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll 2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-02-24 16:08:38 4554119 ----a-w- c:\program files\MyPhoneExplorer_Setup_v1.8.exe 2009-10-13 07:34:26 3439104 ----a-w- c:\program files\iRinger.exe 2008-03-04 02:08:22 131072 ----a-w- c:\program files\ICQ Status Checker.exe . ============= FINISH: 14:48:30,27 =============== dds attached: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 29.10.2010 11:06:34 System Uptime: 07.03.2012 14:43:43 (0 hours ago) . Motherboard: Hewlett-Packard | | 1475 Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Unknown | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 22,935 GiB free. D: is FIXED (NTFS) - 230 GiB total, 40,372 GiB free. E: is CDROM () H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0001 Service: vpnva . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader 9.4.6 - Deutsch Amazon MP3-Downloader 1.0.9 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Audacity 1.2.6 Bonjour Broadcom 802.11 Wireless LAN Adapter Brother MFL-Pro Suite DCP-115C Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CdCoverCreator 2.5.3 Cisco AnyConnect VPN Client Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Cisco Systems VPN Client 5.0.07.0290 Compatibility Pack for the 2007 Office system Cucusoft iPhone Video Converter 7.18 DAEMON Tools Toolbar Driver Detective Droppix Label Maker 2.x Druckerdeinstallation f黵 EPSON SX410 Series Epson Easy Photo Print 2 EPSON Scan Epson Stylus SX210_SX410_TX210_TX410 Handbuch ESET NOD32 Antivirus Free Audio Converter version 2.3.4.920 Free Video to iPhone Converter version 3.2.18.426 Free YouTube Download version 3.0.13.815 Free YouTube to iPhone Converter version 2.11.6.727 Free YouTube to MP3 Converter version 3.10.6.727 High-Definition Video Playback 10 HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞 HP Deskjet 2050 J510 series Hilfe HP ESU for Microsoft Windows 7 HP Photo Creations HP Product Detection HP Update HP Webcam Driver iCloud ICQ7.6 iDevice Manager IDT Audio iTunes Java Auto Updater Java(TM) 6 Update 26 LightScribe System Software Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Speichern als PDF oder XPS Add-In f黵 2007 Microsoft Office-Programme Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MobileMe Control Panel Mozilla Firefox 10.0.2 (x86 de) MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhoneExplorer Nero 10 ClipartPack Nero 10 Menu TemplatePack 1 Nero 10 Menu TemplatePack 2 Nero 10 Menu TemplatePack 3 Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack 1 Nero 10 Movie ThemePack 2 Nero 10 Movie ThemePack Basic Nero 10 Sample ImagePack Nero 10 Sample Videos Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero Core Components 10 Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero DiscCopy Gadget 10 Nero DiscCopyGadget 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) Nokia Connectivity Cable Driver Nokia Ovi Suite Nokia Ovi Suite Software Updater Ovi Desktop Sync Engine OviMPlatform PageshotsPro 1.0.0 PC Connectivity Solution PDF Settings CS5 PhotoScape PokerStars.net QuickPar 0.9 QuickTime Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Skype 5.0 SopCast 3.2.9 SPSS SmartViewer 15G Synaptics Pointing Device Driver toolplugin Trojancheck 6 Uninstall 1.0.0.1 Update f黵 Microsoft Office Excel 2007 Help (KB963678) Update f黵 Microsoft Office Outlook 2007 Help (KB963677) Update f黵 Microsoft Office Powerpoint 2007 Help (KB963669) Update f黵 Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition VLC media player 1.1.11 vShare.tv plugin 1.3 Winamp Winamp Erkennungs-Plug-in Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Media Player Firefox Plugin WiseFixer 3.5 . ==== End Of File =========================== GMer.txt: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit quick scan 2012-03-07 15:02:34 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC72E Running: q5q18dyk.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxdiqpog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Vielen Dank schon mal im Voraus LG Joschi |
|
07.03.2012, 15:30
| #2 |
| /// Malware-holic   | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus hi,
__________________neustart f8 dr點ken abgesicherter modus mit netzwerk w鋒len, im infizierten konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
07.03.2012, 16:07
| #3 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Hallo Markus,
__________________vielen Dank f黵 deine schnelle Meldung. Hier die Textdateien aus OTL: Extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Admin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.5
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In f黵 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}" = HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2592F05-6715-4454-B37C-088EA1F9E20A}" = ESET NOD32 Antivirus
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9273F52-B929-E315-D82B-EDF384D53924}" = ATI Catalyst Install Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA35F4DF-8DE9-47DB-07C7-A176B2C54878}" = ccc-utility
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft iPhone Video Converter_is1" = Cucusoft iPhone Video Converter 7.18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Droppix Label Maker_is1" = Droppix Label Maker 2.x
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX410 Series" = Druckerdeinstallation f黵 EPSON SX410 Series
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.18.426
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.6.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2012 15:48:00 - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Admin\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free 5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32 Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service) SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters) SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard) DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M] [2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions [2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com [2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com [2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml [2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml [2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll [2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100 O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/ File not found O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/ File not found O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - () MsConfig - StartUpReg: (default) - hkey= - key= - File not found MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= - File not found MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com [2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan [2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI [2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe [2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner [2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012 [2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012 [2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager [2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer [2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer [2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys [2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe [2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com [2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf [2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf [2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf [2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk [2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk [2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm [2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe [2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf [2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf [2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf [2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk [2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk [2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe [2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg [2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll ========== LOP Check ========== [2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan [2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec [2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett [2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner [2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery [2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users [2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe [2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe [2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTORV.SYS > [2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys [2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1 [2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2 [2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf [2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf [2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms [2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms [2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf [2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf [2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf [2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms [2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms [2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf [2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf [2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
07.03.2012, 16:09
| #4 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Hallo Markus, vielen Dank f黵 deine schnelle Meldung. Hier die Textdateien aus OTL: Extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Admin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.5
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft Speichern als PDF oder XPS Add-In f黵 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}" = HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2592F05-6715-4454-B37C-088EA1F9E20A}" = ESET NOD32 Antivirus
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9273F52-B929-E315-D82B-EDF384D53924}" = ATI Catalyst Install Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA35F4DF-8DE9-47DB-07C7-A176B2C54878}" = ccc-utility
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.0
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft iPhone Video Converter_is1" = Cucusoft iPhone Video Converter 7.18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Droppix Label Maker_is1" = Droppix Label Maker 2.x
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX410 Series" = Druckerdeinstallation f黵 EPSON SX410 Series
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.18.426
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.6.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2012 15:48:00 - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Admin\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free 5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32 Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service) SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters) SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard) DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M] [2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions [2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com [2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com [2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml [2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml [2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll [2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100 O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - () MsConfig - StartUpReg: (default) - hkey= - key= - File not found MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= - File not found MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com [2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan [2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI [2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe [2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner [2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012 [2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012 [2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager [2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer [2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer [2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys [2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe [2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com [2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf [2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf [2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf [2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk [2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk [2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm [2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe [2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf [2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf [2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf [2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk [2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk [2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe [2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg [2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll ========== LOP Check ========== [2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan [2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec [2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett [2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner [2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery [2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users [2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe [2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe [2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTORV.SYS > [2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys [2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1 [2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2 [2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf [2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf [2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms [2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms [2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf [2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf [2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf [2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms [2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms [2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf [2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf [2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms [2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms [2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
07.03.2012, 16:11
| #5 |
| /// Malware-holic | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus hi dieses script sowie evtl. folgende scripts sind nur f黵 den jeweiligen user. wenn ihr probleme habt, er鰂fnet eigene topics und wartet auf, f黵 euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found
:Files
C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner n鋍hsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Dr點ke bitte die  + E Taste.
__________________ -Verd鋍htige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterst黷zen m鯿htet |
|
07.03.2012, 16:19
| #6 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Sorry f黵 den doppelten Post! Das war nicht beabsichtigt und ich kann eine der Nachrichten leider nicht wieder l鰏chen... |
|
07.03.2012, 16:38
| #7 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Hier die von dir gew黱schte Datei von dir, auch der Upload war erfolgreich. Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2012 15:48:00 - Run 1> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Admin\Desktop> in the current context! Error: Unable to interpret < Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 8.0.7601.17514)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free> in the current context! Error: Unable to interpret <5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context! Error: Unable to interpret <Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan> in the current context! Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context! Error: Unable to interpret <PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)> in the current context! Error: Unable to interpret <SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)> in the current context! Error: Unable to interpret <SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)> in the current context! Error: Unable to interpret <SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)> in the current context! Error: Unable to interpret <SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)> in the current context! Error: Unable to interpret <SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)> in the current context! Error: Unable to interpret <SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)> in the current context! Error: Unable to interpret <SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)> in the current context! Error: Unable to interpret <SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)> in the current context! Error: Unable to interpret <SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)> in the current context! Error: Unable to interpret <SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)> in the current context! Error: Unable to interpret <SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)> in the current context! Error: Unable to interpret <SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard)> in the current context! Error: Unable to interpret <DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)> in the current context! Error: Unable to interpret <DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)> in the current context! Error: Unable to interpret <DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)> in the current context! Error: Unable to interpret <DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)> in the current context! Error: Unable to interpret <DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)> in the current context! Error: Unable to interpret <DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)> in the current context! Error: Unable to interpret <DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)> in the current context! Error: Unable to interpret <DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)> in the current context! Error: Unable to interpret <DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)> in the current context! Error: Unable to interpret <DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)> in the current context! Error: Unable to interpret <DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)> in the current context! Error: Unable to interpret <DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)> in the current context! Error: Unable to interpret <DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)> in the current context! Error: Unable to interpret <DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)> in the current context! Error: Unable to interpret <DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)> in the current context! Error: Unable to interpret <DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)> in the current context! Error: Unable to interpret <DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)> in the current context! Error: Unable to interpret <DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)> in the current context! Error: Unable to interpret <DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)> in the current context! Error: Unable to interpret <DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)> in the current context! Error: Unable to interpret <DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)> in the current context! Error: Unable to interpret <DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)> in the current context! Error: Unable to interpret <DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: - No CLSID value found> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== FireFox ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Web Search"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Search the web"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Search the web"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Search the web"> in the current context! Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "www.google.de"> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26> in the current context! Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03> in the current context! Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - user.js..browser.search.selectedEngine: "Search the web"> in the current context! Error: Unable to interpret <FF - user.js..browser.search.order.1: "Search the web"> in the current context! Error: Unable to interpret <FF - user.js..browser.search.defaultenginename: "Search the web"> in the current context! Error: Unable to interpret <FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions> in the current context! Error: Unable to interpret <[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions> in the current context! Error: Unable to interpret <[2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}> in the current context! Error: Unable to interpret <[2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}> in the current context! Error: Unable to interpret <[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}> in the current context! Error: Unable to interpret <[2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com> in the current context! Error: Unable to interpret <[2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com> in the current context! Error: Unable to interpret <[2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml> in the current context! Error: Unable to interpret <[2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml> in the current context! Error: Unable to interpret <[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml> in the current context! Error: Unable to interpret <[2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context! Error: Unable to interpret <[2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context! Error: Unable to interpret <[2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context! Error: Unable to interpret <[2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll> in the current context! Error: Unable to interpret <[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll> in the current context! Error: Unable to interpret <[2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context! Error: Unable to interpret <[2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context! Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context! Error: Unable to interpret <O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH)> in the current context! Error: Unable to interpret <O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context! Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100> in the current context! Error: Unable to interpret <O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context! Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)> in the current context! Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context! Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context! Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context! Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM> in the current context! Error: Unable to interpret <ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"> in the current context! Error: Unable to interpret <ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0> in the current context! Error: Unable to interpret <ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework> in the current context! Error: Unable to interpret <ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context! Error: Unable to interpret <ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context! Error: Unable to interpret <ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework> in the current context! Error: Unable to interpret <ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> in the current context! Error: Unable to interpret <ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context! Error: Unable to interpret <ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context! Error: Unable to interpret <ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6> in the current context! Error: Unable to interpret <ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context! Error: Unable to interpret <ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context! Error: Unable to interpret <ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context! Error: Unable to interpret <ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context! Error: Unable to interpret <ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner> in the current context! Error: Unable to interpret <ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7> in the current context! Error: Unable to interpret <ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework> in the current context! Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context! Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings> in the current context! Error: Unable to interpret <ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> in the current context! Error: Unable to interpret <ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context! Error: Unable to interpret <ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context! Error: Unable to interpret <ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player> in the current context! Error: Unable to interpret <ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context! Error: Unable to interpret <ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context! Error: Unable to interpret <ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP> in the current context! Error: Unable to interpret <ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig> in the current context! Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <NetSvcs: FastUserSwitchingCompatibility - File not found> in the current context! Error: Unable to interpret <NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <NetSvcs: Nla - File not found> in the current context! Error: Unable to interpret <NetSvcs: Ntmssvc - File not found> in the current context! Error: Unable to interpret <NetSvcs: NWCWorkstation - File not found> in the current context! Error: Unable to interpret <NetSvcs: Nwsapagent - File not found> in the current context! Error: Unable to interpret <NetSvcs: SRService - File not found> in the current context! Error: Unable to interpret <NetSvcs: WmdmPmSp - File not found> in the current context! Error: Unable to interpret <NetSvcs: LogonHours - File not found> in the current context! Error: Unable to interpret <NetSvcs: PCAudit - File not found> in the current context! Error: Unable to interpret <NetSvcs: helpsvc - File not found> in the current context! Error: Unable to interpret <NetSvcs: uploadmgr - File not found> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: (default) - hkey= - key= - File not found> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)> in the current context! Error: Unable to interpret <MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= - File not found> in the current context! Error: Unable to interpret <MsConfig - State: "bootini" - 2> in the current context! Error: Unable to interpret <MsConfig - State: "startup" - 2> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <CREATERESTOREPOINT> in the current context! Error: Unable to interpret <Error creating restore point.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com> in the current context! Error: Unable to interpret <[2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan> in the current context! Error: Unable to interpret <[2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI> in the current context! Error: Unable to interpret <[2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer> in the current context! Error: Unable to interpret <[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia> in the current context! Error: Unable to interpret <[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe> in the current context! Error: Unable to interpret <[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner> in the current context! Error: Unable to interpret <[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012> in the current context! Error: Unable to interpret <[2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012> in the current context! Error: Unable to interpret <[2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager> in the current context! Error: Unable to interpret <[2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u> in the current context! Error: Unable to interpret <[2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer> in the current context! Error: Unable to interpret <[2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer> in the current context! Error: Unable to interpret <[2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes> in the current context! Error: Unable to interpret <[2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod> in the current context! Error: Unable to interpret <[2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes> in the current context! Error: Unable to interpret <[2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe> in the current context! Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context! Error: Unable to interpret <[2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys> in the current context! Error: Unable to interpret <[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe> in the current context! Error: Unable to interpret <[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable> in the current context! Error: Unable to interpret <[2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com> in the current context! Error: Unable to interpret <[2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk> in the current context! Error: Unable to interpret <[2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk> in the current context! Error: Unable to interpret <[2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm> in the current context! Error: Unable to interpret <[2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk> in the current context! Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe> in the current context! Error: Unable to interpret <[2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable> in the current context! Error: Unable to interpret <[2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf> in the current context! Error: Unable to interpret <[2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk> in the current context! Error: Unable to interpret <[2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk> in the current context! Error: Unable to interpret <[2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat> in the current context! Error: Unable to interpret <[2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini> in the current context! Error: Unable to interpret <[2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll> in the current context! Error: Unable to interpret <[2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe> in the current context! Error: Unable to interpret <[2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe> in the current context! Error: Unable to interpret <[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll> in the current context! Error: Unable to interpret <[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll> in the current context! Error: Unable to interpret <[2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll> in the current context! Error: Unable to interpret <[2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe> in the current context! Error: Unable to interpret <[2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini> in the current context! Error: Unable to interpret <[2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context! Error: Unable to interpret <[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll> in the current context! Error: Unable to interpret <[2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll> in the current context! Error: Unable to interpret <[2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini> in the current context! Error: Unable to interpret <[2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI> in the current context! Error: Unable to interpret <[2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI> in the current context! Error: Unable to interpret <[2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat> in the current context! Error: Unable to interpret <[2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI> in the current context! Error: Unable to interpret <[2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg> in the current context! Error: Unable to interpret <[2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe> in the current context! Error: Unable to interpret <[2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini> in the current context! Error: Unable to interpret <[2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin> in the current context! Error: Unable to interpret <[2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat> in the current context! Error: Unable to interpret <[2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat> in the current context! Error: Unable to interpret <[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ> in the current context! Error: Unable to interpret <[2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan> in the current context! Error: Unable to interpret <[2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Custom Scans ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %SYSTEMDRIVE%\*. >> in the current context! Error: Unable to interpret <[2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin> in the current context! Error: Unable to interpret <[2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec> in the current context! Error: Unable to interpret <[2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput> in the current context! Error: Unable to interpret <[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings> in the current context! Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen> in the current context! Error: Unable to interpret <[2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett> in the current context! Error: Unable to interpret <[2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner> in the current context! Error: Unable to interpret <[2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache> in the current context! Error: Unable to interpret <[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs> in the current context! Error: Unable to interpret <[2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files> in the current context! Error: Unable to interpret <[2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData> in the current context! Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme> in the current context! Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery> in the current context! Error: Unable to interpret <[2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup> in the current context! Error: Unable to interpret <[2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information> in the current context! Error: Unable to interpret <[2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users> in the current context! Error: Unable to interpret <[2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %PROGRAMFILES%\*.exe >> in the current context! Error: Unable to interpret <[2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe> in the current context! Error: Unable to interpret <[2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe> in the current context! Error: Unable to interpret <[2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %LOCALAPPDATA%\*.exe >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %systemroot%\*. /mp /s >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: AGP440.SYS >> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: ATAPI.SYS >> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: CNGAUDIT.DLL >> in the current context! Error: Unable to interpret <[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll> in the current context! Error: Unable to interpret <[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: EXPLORER.EXE >> in the current context! Error: Unable to interpret <[2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe> in the current context! Error: Unable to interpret <[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe> in the current context! Error: Unable to interpret <[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe> in the current context! Error: Unable to interpret <[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe> in the current context! Error: Unable to interpret <[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe> in the current context! Error: Unable to interpret <[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe> in the current context! Error: Unable to interpret <[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe> in the current context! Error: Unable to interpret <[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe> in the current context! Error: Unable to interpret <[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe> in the current context! Error: Unable to interpret <[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe> in the current context! Error: Unable to interpret <[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe> in the current context! Error: Unable to interpret <[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe> in the current context! Error: Unable to interpret <[2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: IASTORV.SYS >> in the current context! Error: Unable to interpret <[2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys> in the current context! Error: Unable to interpret <[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys> in the current context! Error: Unable to interpret <[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys> in the current context! Error: Unable to interpret <[2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: NETLOGON.DLL >> in the current context! Error: Unable to interpret <[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll> in the current context! Error: Unable to interpret <[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll> in the current context! Error: Unable to interpret <[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: NVSTOR.SYS >> in the current context! Error: Unable to interpret <[2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys> in the current context! Error: Unable to interpret <[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys> in the current context! Error: Unable to interpret <[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys> in the current context! Error: Unable to interpret <[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys> in the current context! Error: Unable to interpret <[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys> in the current context! Error: Unable to interpret <[2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: SCECLI.DLL >> in the current context! Error: Unable to interpret <[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll> in the current context! Error: Unable to interpret <[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll> in the current context! Error: Unable to interpret <[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: USER32.DLL >> in the current context! Error: Unable to interpret <[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll> in the current context! Error: Unable to interpret <[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll> in the current context! Error: Unable to interpret <[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: USERINIT.EXE >> in the current context! Error: Unable to interpret <[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe> in the current context! Error: Unable to interpret <[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe> in the current context! Error: Unable to interpret <[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: WINLOGON.EXE >> in the current context! Error: Unable to interpret <[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe> in the current context! Error: Unable to interpret <[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe> in the current context! Error: Unable to interpret <[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe> in the current context! Error: Unable to interpret <[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe> in the current context! Error: Unable to interpret <[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << MD5 for: WS2IFSL.SYS >> in the current context! Error: Unable to interpret <[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys> in the current context! Error: Unable to interpret <[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %systemroot%\system32\drivers\*.sys /lockedfiles >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %systemroot%\System32\config\*.sav >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %systemroot%\system32\*.dll /lockedfiles >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %USERPROFILE%\*.* >> in the current context! Error: Unable to interpret <[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable> in the current context! Error: Unable to interpret <[2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT> in the current context! Error: Unable to interpret <[2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1> in the current context! Error: Unable to interpret <[2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2> in the current context! Error: Unable to interpret <[2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf> in the current context! Error: Unable to interpret <[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf> in the current context! Error: Unable to interpret <[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf> in the current context! Error: Unable to interpret <[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf> in the current context! Error: Unable to interpret <[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf> in the current context! Error: Unable to interpret <[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf> in the current context! Error: Unable to interpret <[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf> in the current context! Error: Unable to interpret <[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf> in the current context! Error: Unable to interpret <[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context! Error: Unable to interpret <[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context! Error: Unable to interpret <[2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %USERPROFILE%\Local Settings\Temp\*.exe >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %USERPROFILE%\Local Settings\Temp\*.dll >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << %USERPROFILE%\Application Data\*.exe >> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >> in the current context! Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]> in the current context! Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << >> in the current context! Error: Unable to interpret << End of report > > in the current context! OTL by OldTimer - Version 3.2.35.1 log created on 03072012_162101 |
|
07.03.2012, 16:41
| #8 |
| /// Malware-holic | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus n, das ist nicht das gew黱schte, du hast das otl log kopiert anstelle meines scriptes, bitte noch mal + den upload
__________________ -Verd鋍htige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterst黷zen m鯿htet |
|
07.03.2012, 16:45
| #9 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Oh, das tut mir leid, da hab ich wohl nicht richtig gelesen und die falsche Datei genommen...ich mache es gleich noch mal. |
|
07.03.2012, 16:59
| #10 |
| /// Malware-holic | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus passiert :-)
__________________ -Verd鋍htige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterst黷zen m鯿htet |
|
07.03.2012, 17:04
| #11 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus So, jetzt m黶ste es passen  All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{60E55C92-E33B-11DF-ADB6-806E6F6E6963} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60E55C92-E33B-11DF-ADB6-806E6F6E6963}\ not found. ========== COMMANDS ========== [EMPTYFLASH] User: Admin ->Flash cache emptied: 815 bytes User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Joschi ->Flash cache emptied: 7415 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Admin ->Temp folder emptied: 302936818 bytes ->Temporary Internet Files folder emptied: 1935283 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 64004193 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Joschi ->Temp folder emptied: 28017826 bytes ->Temporary Internet Files folder emptied: 12768371 bytes ->Java cache emptied: 980128 bytes ->FireFox cache emptied: 192257105 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2233825921 bytes RecycleBin emptied: 5482014 bytes Total Files Cleaned = 2.711,00 mb OTL by OldTimer - Version 3.2.35.1 log created on 03072012_165250 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Auch der Upload war erfolgreich. |
|
07.03.2012, 17:19
| #12 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus So eben ist die Meldung wieder aufgetreten und alles war blockiert...habe ich etwas falsch gemacht? |
|
07.03.2012, 17:32
| #13 |
| /// Malware-holic | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus ok, anders im abgesicherten modus mit netzwerk folgendes: Combofix darf ausschlie遧ich ausgef黨rt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verd鋍htige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterst黷zen m鯿htet |
|
07.03.2012, 18:38
| #14 |
| | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus Hier nun die Combofix.txt Datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-07.05 - Admin 07.03.2012 18:21:39.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2813.2072 [GMT 1:00]
ausgef黨rt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere L鰏chungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\program files\Mozilla Firefox\plugins\npuuseep.dll
c:\programdata\Windows
c:\programdata\Windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\users\Joschi\AppData\Roaming\Microsoft\torrent.exe
c:\windows\struct~.ini
c:\windows\system32\nsis_loader.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-07 bis 2012-03-07 ))))))))))))))))))))))))))))))
.
.
2012-03-07 17:26 . 2012-03-07 17:26 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-03-07 15:21 . 2012-03-07 16:00 -------- d-----w- C:\_OTL
2012-03-07 13:07 . 2012-03-07 13:07 -------- d-----w- c:\users\Admin\AppData\Roaming\QuickScan
2012-03-07 06:59 . 2012-03-07 06:59 -------- d-----w- c:\users\Admin\AppData\Roaming\ATI
2012-03-06 21:48 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A9D0C6-60FE-45D0-B0F0-951D1C695917}\mpengine.dll
2012-03-06 20:26 . 2012-03-06 20:26 -------- d-----w- c:\users\Admin\AppData\Roaming\Apple Computer
2012-03-06 09:36 . 2009-07-13 09:47 922176 ------w- c:\program files\Mozilla Firefox\ger\DPInst.exe
2012-03-05 11:53 . 2012-03-05 11:53 -------- d-----w- c:\users\Joschi\AppData\Roaming\Software4u
2012-03-05 09:02 . 2012-03-05 09:02 -------- d-----w- c:\program files\Software4u
2012-02-26 19:43 . 2012-02-26 19:43 -------- d-----w- c:\program files\SPSS Viewer
2012-02-23 19:48 . 2012-02-23 19:48 -------- d-----w- c:\program files\iPod
2012-02-23 09:16 . 2012-02-23 19:49 -------- d-----w- c:\program files\iTunes
2012-02-08 23:32 . 2012-02-12 08:40 -------- d-----w- c:\users\Joschi\AppData\Roaming\Becu
2012-02-08 23:32 . 2012-02-10 14:39 -------- d-----w- c:\users\Joschi\AppData\Roaming\Xari
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-10-29 09:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 10:24 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-24 16:08 . 2011-02-24 16:06 4554119 ----a-w- c:\program files\MyPhoneExplorer_Setup_v1.8.exe
2009-10-13 07:34 . 2009-10-13 07:34 3439104 ----a-w- c:\program files\iRinger.exe
2008-03-04 02:08 . 2010-11-14 11:27 131072 ----a-w- c:\program files\ICQ Status Checker.exe
2012-03-06 17:48 . 2011-11-16 18:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr鋑e & legitime Standardeintr鋑e werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-10 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-05 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-05 5587456]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-05 210432]
R3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2009-03-12 221184]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-29 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zus鋞zlicher Suchlauf -------
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseintr鋑e - - - -
.
Toolbar-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
HKCU-Run-{60E55C92-E33B-11DF-ADB6-806E6F6E6963} - c:\users\Admin\AppData\Roaming\Microsoft\torrent.exe
MSConfigStartUp-UUSeeMediaCenter - c:\program files\Common Files\uusee\UUSeeMediaCenter.exe
AddRemove-toolplugin - c:\users\Admin\AppData\Local\Temp\WZSE1.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-07 18:27:45
ComboFix-quarantined-files.txt 2012-03-07 17:27
.
Vor Suchlauf: 11 Verzeichnis(se), 27.407.089.664 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 27.202.732.032 Bytes frei
.
- - End Of File - - 87E12E1027D012E39BF4004F52B07CF4
|
|
07.03.2012, 19:09
| #15 |
| /// Malware-holic | Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus start programme zubeh鰎 editor reinkopieren: Killall:: Folder:: c:\users\Joschi\AppData\Roaming\Becu c:\users\Joschi\AppData\Roaming\Xari datei speichern unter, ort, dort wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet log posten
__________________ -Verd鋍htige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterst黷zen m鯿htet |
|
| Themen zu Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivirus, bonjour, computer, converter, defender, download, eset nod32, excel, explorer, firefox, flash player, infizierte, internet, mozilla, mp3, myphoneexplorer, office 2007, pdf, photoshop, plug-in, realtek, seiten, sekunden, software, svchost.exe, updates, video converter, virus, wmp |
Linear-Darstellung
