| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sirefef.bv.2 in System32 - verschiedene DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2012, 07:59
| #1 |
| |  Sirefef.bv.2 in System32 - verschiedene Dateien Liebe Helfer, seit ein paar Tagen kommt immer wieder die Meldung meines Virenscanners, dass verschiedene Dateien im System32-Ordner mit dem Sirefef.bv.2 infiziert seien. Das Entfernen dieser Dateien führt nicht weiter weil neue auftauchen. Hier die Infos gem. der Anleitung: 1. defogger friert nach dem disable ein. Hier die gebildete defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:19 on 26/03/2012 (Hans Mustermann) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... 2. DDS und attach: DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by *** at 15:41:30 on 2012-03-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1967 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\taskeng.exe C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\TEMP\qyecsj\setup.exe C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ControlCenter4\BrCtrlCntr.exe C:\Program Files\ControlCenter4\BrCcUxSys.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hamachi\hamachi-2.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Windows\system32\rpcnet.exe C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Browny02\BrYNSvc.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\svchost.exe -k SDRSVC \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.hotspotshield.com/g/?c=h mStart Page = about: BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Ocs_SM] c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizer.exe mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START dRun: [ImperioServer] c:\program files\imperio\imperio server\ImperioServer.exe MIN dRun: [NTsrv] c:\windows\temp\tqcsbb\setup.exe StartupFolder: c:\users\bertra~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe uPolicies-explorer: NoRealMode = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Alles mit FDM herunterladen - file://c:\program files\free download manager\dlall.htm IE: Auswahl mit FDM herunterladen - file://c:\program files\free download manager\dlselected.htm IE: Datei mit FDM herunterladen - file://c:\program files\free download manager\dllink.htm IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: Videos mit FDM herunterladen - file://c:\program files\free download manager\dlfvideo.htm IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\0553 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\142736F627D2537344245373 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\16C6963656E27776 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\4435C475C414E4D4F64656D6230303 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\830323E21387 : DhcpNameServer = 134.2.200.2 134.2.3.191 TCP: Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C} : DhcpNameServer = 10.93.8.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\q30dsgm9.default\ FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\tvuplayer\npTVUAx.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\np-mswmp.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R?2 AMService;AMService;c:\windows\temp\qyecsj\setup.exe run --> c:\windows\temp\qyecsj\setup.exe run [?] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2012-3-7 40560] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-14 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-14 12464] R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-2-21 13440] R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\OCDE.sys [2007-8-25 30480] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-8 566560] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizerHelper.exe [2011-3-29 40960] R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224] R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-11 245760] R3 NETwLv32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-11-18 6639616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176] S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-12-12 10240] S2 nod32krn;Whoisd32;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-25 30312] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-7-14 13184] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-7 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-7 11104] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-25 121192] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-25 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-25 136680] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-2-25 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-2-25 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-2-25 123648] S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2011-2-25 100352] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-19 1343400] S3 wxpSvc;webcamXP Service;c:\program files\webcamxp 5\wService.exe [2011-7-27 5023744] . =============== Created Last 30 ================ . 2012-03-24 10:25:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-19 17:03:08 -------- d-----w- c:\program files\Origin Games 2012-03-19 17:02:47 -------- d-----w- c:\users\***\appdata\local\Origin 2012-03-19 17:02:46 -------- d-----w- c:\programdata\Origin 2012-03-19 17:00:21 -------- d-----w- c:\users\***\appdata\roaming\Origin 2012-03-19 17:00:20 -------- d-----w- c:\programdata\Electronic Arts 2012-03-19 17:00:08 -------- d-----w- c:\program files\Origin 2012-03-14 20:55:44 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 20:55:43 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 17:00:13 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 17:00:12 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 13:54:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 13:54:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 13:54:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 13:54:38 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 13:54:38 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 13:54:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-11 19:38:24 -------- d-----w- c:\users\***\appdata\roaming\Zeon 2012-03-11 19:33:57 -------- d-----w- c:\users\***\appdata\roaming\FLEXnet 2012-03-11 19:33:47 -------- d-----w- c:\users\***\appdata\roaming\ControlCenter4 2012-03-11 19:25:33 -------- d-----w- C:\Brother 2012-03-11 19:25:28 -------- d-----w- c:\programdata\ControlCenter4 2012-03-11 19:25:28 -------- d-----w- c:\program files\Browny02 2012-03-11 19:25:21 -------- d-----w- c:\program files\ControlCenter4 2012-03-11 19:16:55 217088 ----a-w- c:\windows\system32\BrJDec.dll 2012-03-11 19:16:55 1475072 ----a-w- c:\windows\system32\BrWi209d.dll 2012-03-11 19:16:52 55808 ----a-w- c:\windows\system32\BrUsi09d.dll 2012-03-11 19:16:51 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL 2012-03-11 19:16:48 103736 ----a-w- c:\windows\system32\BRRBTOOL.EXE 2012-03-11 19:16:46 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL 2012-03-11 19:16:46 25299 ----a-w- c:\windows\system32\BRLM03A.DLL 2012-03-11 19:14:02 -------- d-----w- c:\programdata\zeon 2012-03-11 19:13:00 -------- d-----w- c:\users\***\appdata\roaming\Nuance 2012-03-11 19:12:04 -------- d-----w- c:\program files\common files\ScanSoft Shared 2012-03-11 19:12:00 -------- d-----w- c:\programdata\Nuance 2012-03-11 19:12:00 -------- d-----w- c:\program files\Nuance 2012-03-07 17:21:36 -------- d-----w- c:\users\***\appdata\local\DDMSettings 2012-03-07 08:16:18 -------- d-----w- c:\programdata\createonepart 2012-03-07 08:16:12 -------- d-----w- c:\programdata\explauncher 2012-03-07 08:16:11 -------- d-----w- c:\programdata\launcher 2012-03-07 08:15:44 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2012-03-07 08:15:32 -------- d-----w- c:\program files\Paragon Software 2012-03-07 08:01:47 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-03-07 08:01:46 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-03-07 08:01:45 11104 ------w- c:\windows\system32\pwdspio.sys 2012-03-07 08:01:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1 2012-03-01 12:06:36 -------- d-----w- c:\program files\Hamachi . ==================== Find3M ==================== . 2012-03-26 13:35:10 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-03-26 13:35:07 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-03-24 10:26:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-16 21:37:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-02-16 21:29:17 473656 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-01-22 13:31:01 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.1.7601 Disk: ST9120822AS rev.3.CLF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x83408000]<< >>UNKNOWN [0x8CF99000]<< >>UNKNOWN [0x8CF88000]<< >>UNKNOWN [0x86FD3FD0]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 nt!IofCallDriver[0x83436FAE] -> \Device\Harddisk0\DR0[0x86CE9A10] \Driver\Disk[0x86CE8B38] -> IRP_MJ_CREATE -> 0x8CF9D39F 3 [0x8CF9D59E] -> nt!IofCallDriver[0x83436FAE] -> [0x87012EF8] \Driver\00001221[0x86DFD180] -> IRP_MJ_CREATE -> 0x86FD3FD0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 15:45:48,29 =============== attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 18.05.2010 23:41:46 System Uptime: 26.03.2012 15:32:51 (0 hours ago) . Motherboard: LENOVO | | IEL10 Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 106 GiB total, 1,135 GiB free. D: is CDROM () E: is FIXED (NTFS) - 5 GiB total, 5,045 GiB free. G: is CDROM () I: is CDROM () J: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . "Nero SoundTrax Help ABBYY FineReader 9.0 Professional Edition Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) - Deutsch Advertising Center Alnera FeedBuster AmoK Playlist Copy 2.06 ANNO 1602 Königs-Edition Anti-Twin (Installation 06.09.2011) AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Audible Download Manager AudibleManager Audiograbber 1.83 SE Audiograbber MP3-Plugin Auto Gordian Knot 2.55 Avira Free Antivirus AviSynth 2.5 BGHSt CD-ROM - Grundwerk Band 1-46 BGHZ CD-ROM - Grundwerk Band 1-146 Bluetooth Stack for Windows by Toshiba Brother MFL-Pro Suite DCP-7010 Brother MFL-Pro Suite DCP-7055 Camtasia Studio 7 capella 7 CCleaner CDBurnerXP Cisco Systems VPN Client 5.0.07.0290 CloneDVD2 Compatibility Pack für 2007 Office System Convert AVI to MP4 1.3 D-Fend Reloaded 1.0.3 (deinstallieren) D3DX10 DAEMON Tools Lite Desktop Icon für Amazon Digital Video Repair 2.2.0.1 DivX-Setup DolbyFiles Dropbox Efficient Elements for presentations 1.3.0.78 eSupport UndeletePlus 3.0.2.1214 FIFA 10 Fifa 12 (c) Electronic Arts version 1 FIFA 2001 Firebird SQL Server - MAGIX Edition FormatFactory 2.70 Free Download Manager 3.0 Free M4a to MP3 Converter 6.2 Free Studio version 4.6 Gigaflat GoldWave v5.58 GOM Player Google Chrome Google Earth Plug-in Google Gears Google Talk Plugin Google Update Helper Hama Webcam Suite High-Definition Video Playback Hotspot Shield 2.24 ICQ 7.6 Build #5618 Banner Remover 1.0 ICQ Status Checker 1.8 ICQ7.6 ImagXpress IrfanView (remove only) iRotate iTunes Java Auto Updater Java(TM) 6 Update 26 JDownloader Kuffs Password Safe Last.fm 1.5.4.27091 Logitech iTouch Software LogMeIn Hamachi LucasArts Star Wars: Episode I Racer Lyrics Plugin for Winamp Magic ISO Maker v5.5 (build 0281) MediaCoder PMP Edition Menu Templates - Starter Kit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Virtual PC 2007 SP1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MiniTool Partition Wizard Home Edition 7.1 Movie Templates - Starter Kit Mozilla Firefox 8.0.1 (x86 de) Mozilla Thunderbird 11.0 (x86 de) MSVC80_x86 MSVC80_x86_v2 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) mufin player 2.5 MusicBrainz Tagger 0.10.5 MyFreeCodec MyPhoneExplorer Nat Geo Quiz! Wild Life NAVIGON Fresh 3.2.0 Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero BurningROM Nero BurnRights Nero ControlCenter Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero Express 11 Nero Express 11 Help (CHM) Nero InfoTool Nero Installer Nero Kwik Media Nero Kwik Media Help (CHM) Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode 11 Nero Recode 11 Help (CHM) Nero Recode Help Nero Rescue Agent Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero RescueAgent Help Nero ShowTime Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero StartSmart Nero StartSmart Help Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero Vision Nero WaveEditor Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) Nero WaveEditor Help nero.prerequisites.msi NeroBurningROM NeroExpress neroxml NetBalancer No23 Recorder Nokia Connectivity Cable Driver NoteBurner 2.31 Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA Drivers NVIDIA PhysX OpenOffice.org 3.2 Opera 11.50 Oracle VM VirtualBox 4.1.8 Origin Original CD Emulator Personal Edition PaperPort Image Printer Paragon Partition Manager™ 11 Free Edition PC Connectivity Solution PDF Combine PDFCreator PL-2303 USB-to-Serial Prince of Persia T2T Privoxy (remove only) ProtectDisc Driver, Version 11 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Rosetta Stone Version 3 Samsung Kies SAMSUNG USB Driver for Mobile Phones Scansoft PDF Professional Schlag den Raab SearchAnonymizer Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SHOUTcast Source DSP 1.9.1 (remove only) Shutdown Buddy 1.0.0 simfy Skype Click to Call Skype™ 5.8 SopCast 3.2.9 SoundTrax SRWare Iron 14.0.850.0 Streamripper (Remove only) StreamTorrent 1.0 StreamTransport version: 1.0.2.2171 Subtitle Workshop 2.51 SubViewer Synaptics Pointing Device Driver System Requirements Lab TightVNC 2.0.2 TmUnitedForever TVUPlayer 2.5.3.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Veetle TV 0.9.18 VLC media player 1.0.5 vShare.tv plugin 1.3 webcamXP 5 welcome Win7codecs Winamp Winamp Anwendungserkennung Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR WISO Steuer-Sparbuch 2011 XviD MPEG4 Video Codec (remove only) YOU DON'T KNOW JACK® Zattoo4 4.0.5 Zip Motion Block Video codec (Remove Only) ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Security ZoneAlarm Toolbar . ==== End Of File =========================== 3. Gmer: Ich habe das scannen nach etwa 24 Stunden gestoppt weil es nicht mehr weiterging. Das Log bis dahin trotzdem im Anhang. Ich hoffe ihr könnt mir weiterhelfen. |
|
28.03.2012, 08:26
| #2 |
  | Sirefef.bv.2 in System32 - verschiedene Dateien Hi,
__________________das wird wohl Neuaufsetzen werden... Bitte ein OTL-Log erstellen, lt. GMER haben wir Ihn hier (Rootkit): C:\Windows\$NtUninstallKB21903$\2985288800 OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Danach lassen wir CF los: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... Dann MAM: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
|
28.03.2012, 08:50
| #3 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Danke für die schnelle Antwort. Hier die Logfiles:
__________________OTL.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.03.2012 09:29:30 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,47% Memory free 5,99 Gb Paging File | 4,43 Gb Available in Paging File | 73,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,41 Gb Total Space | 1,12 Gb Free Space | 1,05% Space Free | Partition Type: NTFS Drive E: | 5,38 Gb Total Space | 5,04 Gb Free Space | 93,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\Temp\qyecsj\setup.exe () PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\SRWare Iron\iron.exe (SRWare) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.) PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll () MOD - C:\Programme\SRWare Iron\avcodec-53.dll () MOD - C:\Programme\SRWare Iron\avformat-53.dll () MOD - C:\Programme\SRWare Iron\avutil-51.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - \\?\globalroot\systemroot\system32\mswsock.DLL () MOD - \\.\globalroot\systemroot\system32\mswsock.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (z800obex) -- %systemroot%\system32\ssoftservice.dll File not found SRV - (vpcvmm) -- %systemroot%\system32\OneCareMP.dll File not found SRV - (UsbDiag) -- %systemroot%\system32\NTIDrvr.dll File not found SRV - (U81xmdm) -- %systemroot%\system32\avg7rsxp.dll File not found SRV - (tsscoreservice) -- %systemroot%\system32\A4S2600.dll File not found SRV - (tmlisten) -- %systemroot%\system32\mindretrieve.dll File not found SRV - (tap0901) -- %systemroot%\system32\ctdvda2k.dll File not found SRV - (susbser) -- %systemroot%\system32\portmapper.dll File not found SRV - (Stltrk2k) -- %systemroot%\system32\USB11LDR.dll File not found SRV - (smartscaps) -- %systemroot%\system32\wacomvhid.dll File not found SRV - (se58bus) -- %systemroot%\system32\oracleservicesecinst.dll File not found SRV - (se2Dnd5) -- %systemroot%\system32\vrmonsvc.dll File not found SRV - (SANDRA) -- %systemroot%\system32\z800mdm.dll File not found SRV - (s616mdm) -- %systemroot%\system32\lightscribeservice.dll File not found SRV - (rtm) -- %systemroot%\system32\swupdtmr.dll File not found SRV - (ROCKEYNT) -- %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll File not found SRV - (RivaTuner32) -- %systemroot%\system32\pinetmgr.dll File not found SRV - (REVOSENS) -- %systemroot%\system32\mr2kserv.dll File not found SRV - (Rawwan) -- %systemroot%\system32\Video3D.dll File not found SRV - (qmofiltr) -- %systemroot%\system32\mgactrl.dll File not found SRV - (procexp90) -- %systemroot%\system32\dmserver.dll File not found SRV - (pmounter) -- %systemroot%\system32\ndiscm.dll File not found SRV - (pgpsdkservice) -- %systemroot%\system32\hpzid412.dll File not found SRV - (pdscheduler) -- %systemroot%\system32\adaptecstoragemanageragent.dll File not found SRV - (pdlnemsg) -- %systemroot%\system32\retrolauncher.dll File not found SRV - (OracleOraHome92ClientCache) -- %systemroot%\system32\SNC.dll File not found SRV - (ntrtscan) -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll File not found SRV - (nod32krn) -- %systemroot%\system32\iaimtv0.dll File not found SRV - (NETw3v32) -- %systemroot%\system32\lckfldservice.dll File not found SRV - (nbf) -- %systemroot%\system32\autostore.dll File not found SRV - (mqdmmdfl) -- %systemroot%\system32\ssoftservice.dll File not found SRV - (mfcom) -- %systemroot%\system32\pxfhmdfl.dll File not found SRV - (mcmispupdmgr) -- %systemroot%\system32\npptnt2.dll File not found SRV - (lxcf_device) -- %systemroot%\system32\avcgbfl.dll File not found SRV - (LPCFilter) -- %systemroot%\system32\GVCplDrv.dll File not found SRV - (licensemanagersocket) -- %systemroot%\system32\themes.dll File not found SRV - (ksthunk) -- %systemroot%\system32\SrvcSSIOMngr.dll File not found SRV - (jsdaemon) -- %systemroot%\system32\ipfilterdriver.dll File not found SRV - (imapiservice) -- %systemroot%\system32\Dell1100_FUService.dll File not found SRV - (ihcservice) -- %systemroot%\system32\sfdrv01.dll File not found SRV - (HWSCtrl) -- %systemroot%\system32\razerusb.dll File not found SRV - (guardian2) -- %systemroot%\system32\ZTEusbser6k.dll File not found SRV - (emitray) -- %systemroot%\system32\oraclesnmppeerencapsulator.dll File not found SRV - (DritekPortIO) -- %systemroot%\system32\mdvrmng.dll File not found SRV - (DfwWebAgent) -- %systemroot%\system32\VX3000.dll File not found SRV - (dcsloader) -- %systemroot%\system32\awservice.dll File not found SRV - (db2licd) -- %systemroot%\system32\agnwifi.dll File not found SRV - (CTEXFIFX.DLL) -- %systemroot%\system32\rslinx.dll File not found SRV - (CnxTrUsb) -- %systemroot%\system32\pcidump.dll File not found SRV - (cfosspeed) -- %systemroot%\system32\patrol_scheduler.dll File not found SRV - (cdaudio) -- %systemroot%\system32\dlcg_device.dll File not found SRV - (btnhnd) -- %systemroot%\system32\agpcpq.dll File not found SRV - (botcbs) -- %systemroot%\system32\SE2Bmdfl.dll File not found SRV - (bltrust) -- %systemroot%\system32\ati2mtaa.dll File not found SRV - (aw_host) -- %systemroot%\system32\cwcpsvc20.dll File not found SRV - (ATSWPDRV) -- %systemroot%\system32\NWSAP.dll File not found SRV - (alerter) -- %systemroot%\system32\zpjava.dll File not found SRV - (AMService) -- C:\Windows\TEMP\qyecsj\setup.exe () SRV - (Hamachi2Svc) -- C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (wxpSvc) -- C:\Program Files\webcamXP 5\wService.exe (Moonware Studios) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (NetBalancer Windows Service) -- C:\Programme\NetBalancer\SeriousBit.NetBalancer.Service.exe (Microsoft) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (tvnserver) -- C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (alertservice) -- C:\Windows\System32\sparrow.dll () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software)) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (tclondrv) -- system32\DRIVERS\tclondrv.sys File not found DRV - (NPF) -- system32\drivers\npf.sys File not found DRV - (FsUsbExDisk) -- C:\Windows\system32\FsUsbExDisk.SYS File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (Bcim) -- system32\DRIVERS\bcim.sys File not found DRV - (AmDriver) -- C:\Windows\system32\AMDriver.sys File not found DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (NETwLv32) Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ntcdrdrv) -- C:\Windows\System32\drivers\ntcdrdrv.sys (NoteBurn Software) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (OCDE) -- C:\Windows\System32\drivers\OCDE.sys (ZTekWare.) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (itchfltr) -- C:\Windows\System32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\Windows\System32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\Windows\System32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM) DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:PA IE - HKLM\..\SearchScopes,DefaultScope = {40439b93-f815-4122-8073-d03bed94c303} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 7D 34 AC D3 F6 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0 IE - HKCU\..\SearchScopes\{084DCDAA-E105-4634-B236-6C4B7DE3B473}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3B631C1A-5821-44BE-83BF-188C95772858}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.mystart.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6D7973746172742E636F6D2F7365617263685F772E7068703F747970653D776262746F6F6C315F306D7363682666723D6368722D766D6E26713D7B7365617263685465726D737D2665693D5554462D38&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0 IE - HKCU\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D323638352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235302D69652D73686F7574636173742D6368726F6D6573626F782D656E2D7573&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0 IE - HKCU\..\SearchScopes\{6D255F23-0DF8-4E26-A82D-9CF0DD332544}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{812F297E-4D50-43B6-A008-CAE7BA221C12}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{82BF699D-898F-4954-8FEE-EE00CA355F76}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0 IE - HKCU\..\SearchScopes\{BF05D949-8E82-4BAD-A937-1DB55CA9C848}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{C3CC3850-B41C-488C-9AA9-9307825DFAE3}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.28 14:01:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.03.10 13:57:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.07 19:18:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.09 19:29:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.27 20:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.30 10:20:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.29 22:30:04 | 000,000,000 | ---D | M] [2011.12.09 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.19 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.09 19:29:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.05 01:04:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.19 13:58:40 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.29 13:36:46 | 000,004,015 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml [2011.03.29 13:36:46 | 000,002,345 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml [2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Znout (de) (Enabled) CHR - default_search_provider: search_url = hxxp://de.znout.org.anonymize-me.de/?anonymto=687474703A2F2F64652E7A6E6F75742E6F72672F7365617263682E7068703F713D7B7365617263685465726D737D&st={searchTerms}&clid=ae476378-1b54-459e-8d03-35af7b3d568d&pid=murb&k=0 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: vshare plugin = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ O1 HOSTS File: ([2011.05.18 20:18:46 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C}: DhcpNameServer = 10.93.8.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c47b7489-58e5-11e1-9bd1-c4a4d2bbc869}\Shell - "" = AutoRun O33 - MountPoints2\{c47b7489-58e5-11e1-9bd1-c4a4d2bbc869}\Shell\AutoRun\command - "" = J:\racer.exe O33 - MountPoints2\{e1712cc3-6378-11df-bf6d-001c26ee4cdb}\Shell - "" = AutoRun O33 - MountPoints2\{e1712cc3-6378-11df-bf6d-001c26ee4cdb}\Shell\AutoRun\command - "" = F:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.28 09:28:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.28 08:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.28 08:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.03.26 15:06:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com [2012.03.24 13:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Dateien Jacoby [2012.03.19 19:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2012.03.19 19:02:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Origin [2012.03.19 19:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.03.19 19:00:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Origin [2012.03.19 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.03.19 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.03.19 19:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012.03.14 22:55:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.03.14 22:55:43 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.14 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TBBT [2012.03.14 19:00:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 19:00:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 15:54:41 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.14 15:54:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.14 15:54:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.14 15:54:38 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.11 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zeon [2012.03.11 21:38:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene PaperPort-Dokumente [2012.03.11 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FLEXnet [2012.03.11 21:33:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ControlCenter4 [2012.03.11 21:25:33 | 000,000,000 | ---D | C] -- C:\Brother [2012.03.11 21:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.03.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.03.11 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.03.11 21:16:55 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.03.11 21:16:55 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.03.11 21:16:52 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrUsi09d.dll [2012.03.11 21:16:48 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.03.11 21:16:46 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.03.11 21:16:46 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.03.11 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.03.11 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nuance [2012.03.11 21:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.03.11 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.03.11 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.03.11 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MeineWebSeiten [2012.03.07 19:21:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings [2012.03.07 10:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\createonepart [2012.03.07 10:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2012.03.07 10:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2012.03.07 10:15:44 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys [2012.03.07 10:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 11 Free Edition [2012.03.07 10:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2012.03.07 10:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1 [2012.03.07 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1 [2012.03.05 01:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.05 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.03.01 14:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi [2012.03.01 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.28 09:38:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.28 09:38:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.28 09:28:15 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.28 09:12:22 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2669674786-3467101850-3848234698-1001UA.job [2012.03.28 08:58:08 | 000,009,310 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2012.03.28 08:54:40 | 000,007,017 | ---- | M] () -- C:\Users\***\Desktop\Gmer.7z [2012.03.28 08:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 08:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 08:47:35 | 009,311,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.28 08:47:35 | 003,602,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.28 08:47:35 | 000,344,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.28 08:47:35 | 000,055,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.28 08:39:32 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2012.03.28 08:39:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2012.03.28 08:38:34 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd [2012.03.28 08:38:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.28 08:38:20 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2012.03.27 15:12:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2669674786-3467101850-3848234698-1001Core.job [2012.03.26 15:49:49 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\l2bg6sd1.exe [2012.03.26 15:06:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com [2012.03.26 15:05:58 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.26 15:04:36 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.03.26 14:41:49 | 000,427,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.25 22:52:40 | 000,039,230 | ---- | M] () -- C:\Users\***\Desktop\Text Collage-1.pdf [2012.03.24 13:05:19 | 000,000,914 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012.03.24 12:26:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.03.23 16:40:17 | 000,115,000 | ---- | M] () -- C:\Users\***\Desktop\1155l6f_20.jpeg [2012.03.19 19:00:20 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.03.16 13:39:05 | 000,001,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.11 21:39:09 | 000,103,457 | ---- | M] () -- C:\Users\***\Desktop\Bafög bescheid.pdf [2012.03.07 08:42:39 | 000,415,916 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2012.02.29 20:02:48 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.28 08:58:08 | 000,009,310 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2012.03.28 08:54:40 | 000,007,017 | ---- | C] () -- C:\Users\***\Desktop\Gmer.7z [2012.03.26 15:49:47 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\l2bg6sd1.exe [2012.03.26 15:05:58 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.26 15:04:35 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.03.25 22:52:38 | 000,039,230 | ---- | C] () -- C:\Users\***\Desktop\Text Collage-1.pdf [2012.03.24 13:05:19 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012.03.24 12:25:54 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd [2012.03.23 16:40:24 | 000,115,000 | ---- | C] () -- C:\Users\***\Desktop\1155l6f_20.jpeg [2012.03.19 19:00:20 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.03.11 21:39:06 | 000,103,457 | ---- | C] () -- C:\Users\***\Desktop\Bafög bescheid.pdf [2012.03.11 21:16:51 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.03.11 21:16:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.03.11 21:16:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.03.07 10:01:47 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2012.03.07 10:01:46 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2012.03.07 10:01:45 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2011.10.27 13:08:32 | 000,000,086 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011.10.26 00:20:16 | 000,000,853 | ---- | C] () -- C:\Windows\wiso.ini [2011.10.19 13:52:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.10.17 12:10:34 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2011.10.17 11:27:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.18 10:17:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{30167394-935D-4681-806D-508904A9CC50} [2011.07.06 13:04:18 | 000,000,040 | ---- | C] () -- C:\Users\***\AppData\Local\tmp.no23 [2011.06.24 14:02:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.06.21 09:04:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.21 14:41:21 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.15 23:09:32 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.20 11:11:20 | 000,000,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\iRotate.INI [2010.10.05 10:24:54 | 000,010,752 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.01 13:36:55 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2010.10.01 11:19:35 | 000,000,926 | ---- | C] () -- C:\Windows\AirLite.INI [2010.08.03 18:13:01 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.08.02 13:53:53 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.07.17 19:23:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.07.17 19:23:49 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7010.DAT [2010.06.29 15:17:28 | 000,001,536 | ---- | C] () -- C:\Windows\System32\bcevent.dll [2010.06.06 20:00:57 | 000,001,476 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2010.05.23 12:20:01 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.05.23 12:20:01 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.05.21 17:10:06 | 000,034,153 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.05.19 21:33:25 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.05.19 16:41:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.19 01:58:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.05.18 23:30:14 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2010.05.18 23:29:05 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2010.04.09 22:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE < End of report > Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.03.2012 09:29:30 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,47% Memory free
5,99 Gb Paging File | 4,43 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,41 Gb Total Space | 1,12 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 5,38 Gb Total Space | 5,04 Gb Free Space | 93,74% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\SRWare Iron\iron.exe (SRWare)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1EEE7BCD-FC6D-47AF-9D1A-7A37826A5811}" = Nat Geo Quiz! Wild Life
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{304D416E-CCA6-A949-A728-19702A085FC1}" = simfy
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45F4941E-5E77-11DF-A71D-005056C00008}" = Paragon Partition Manager™ 11 Free Edition
"{469D0E8F-2B20-47FD-8FB3-8769F348A67F}" = mufin player 2.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5E27A19D-0A3C-4708-98EA-A120F6318930}" = SubViewer
"{5E2B1ED0-7B71-4015-929E-E3651CF3F5EF}" = Original CD Emulator Personal Edition
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81AAF01A-C7F0-412D-979C-06ABD052B43A}" = capella 7
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7010
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 14.0.850.0
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C640CAE0-8024-11D4-0090-B700902724B3}" = FIFA 2001
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED370B93-44B9-478F-89F3-5CF10F50C235}" = Kuffs Password Safe
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmoK Playlist Copy" = AmoK Playlist Copy 2.06
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"Anti-Twin 2011-09-06 13.28.39" = Anti-Twin (Installation 06.09.2011)
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"bghst.nfo" = BGHSt CD-ROM - Grundwerk Band 1-46
"bghz.nfo" = BGHZ CD-ROM - Grundwerk Band 1-146
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DesktopIconAmazon" = Desktop Icon für Amazon
"D-Fend Reloaded" = D-Fend Reloaded 1.0.3 (deinstallieren)
"Digital Video Repair_is1" = Digital Video Repair 2.2.0.1
"DivX Setup" = DivX-Setup
"ee4p_is1" = Efficient Elements for presentations 1.3.0.78
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.1214
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FormatFactory" = FormatFactory 2.70
"Free Download Manager_is1" = Free Download Manager 3.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Studio_is1" = Free Studio version 4.6
"GoldWave v5.58" = GoldWave v5.58
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"iRotate" = iRotate
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"LucasArts' Star Wars: Episode I Racer" = LucasArts Star Wars: Episode I Racer
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MAGIX_MSI_mufin_player_2_5" = mufin player 2.5
"MediaCoder PMP Edition" = MediaCoder PMP Edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"MusicBrainz Tagger 0.10.5" = MusicBrainz Tagger 0.10.5
"Nat Geo Quiz! Wild Life" = Nat Geo Quiz! Wild Life
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NetBalancer_is1" = NetBalancer
"NoteBurner_is1" = NoteBurner 2.31
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.50.1074" = Opera 11.50
"Origin" = Origin
"PDF Combine_is1" = PDF Combine
"Privoxy" = Privoxy (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Schlag den Raab_is1" = Schlag den Raab
"SearchAnonymizer" = SearchAnonymizer
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Shutdown Buddy" = Shutdown Buddy 1.0.0
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"Streamripper" = Streamripper (Remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.2
"TmUnitedForever_is1" = TmUnitedForever
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"wLite" = webcamXP 5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YDKJG" = YOU DON'T KNOW JACK®
"Zattoo4" = Zattoo4 4.0.5
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2012 14:00:24 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 27.03.2012 15:11:58 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 27.03.2012 16:10:16 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 27.03.2012 17:12:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 27.03.2012 18:01:07 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 02:39:51 | Computer Name = ***-PC | Source = NetBalancer Windows Service | ID = 0
Description = SeriousBit.NetBalancer.Core.Adapters.DriverLoadException: Driver failed
to load or was not installed. Try to reinstall application. bei SeriousBit.NetBalancer.Core.Adapters.NetworkAdapter.a()
bei SeriousBit.NetBalancer.Core.Adapters.NetworkAdapter.b() bei fq.f() bei
f3.a(String[] A_0)
Error - 28.03.2012 02:39:52 | Computer Name = ***-PC | Source = NetBalancer Windows Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error - 28.03.2012 02:42:09 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.03.2012 02:47:35 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 28.03.2012 03:11:46 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.03.2012 03:27:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.03.2012 03:27:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.03.2012 03:29:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
|
|
28.03.2012, 09:05
| #4 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Hi, unbedingt nach dem OTL-Fix ComboFix ausführen: Fix für OTL:
 Code:
ATTFilter
:OTL
PRC - C:\Windows\Temp\qyecsj\setup.exe ()
:FILES
C:\Windows\$NtUninstallKB21903$
C:\Windows\$NtUninstallKB21903$\2985288800
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = dword:0x01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:0x01
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = dword:0x01
:Commands
[emptytemp]
[Reboot]
chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
28.03.2012, 09:34
| #5 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Hier die OTL-Fix-Log: (führe dann jetzt ComboFix aus) All processes killed ========== OTL ========== No active process named setup.exe was found! ========== FILES ========== Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\Searches folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\Saved Games folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\Lokale Einstellungen folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\Links folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\Cookies folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\Contacts folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Verlauf folder moved successfully. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\Cra shReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\Anwendungsdaten folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\Journal folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$ scheduled to be moved on reboot. File\Folder C:\Windows\$NtUninstallKB21903$\2985288800 not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" |dword:0x01 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" |dword:0x01 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | dword:0x01 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: *** ->Temp folder emptied: 2016 bytes ->Temporary Internet Files folder emptied: 28171224 bytes ->Java cache emptied: 13092105 bytes ->FireFox cache emptied: 110800835 bytes ->Google Chrome cache emptied: 5837168 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 114876 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Test ->Temp folder emptied: 2075404 bytes ->Temporary Internet Files folder emptied: 48937717 bytes ->FireFox cache emptied: 30707308 bytes ->Flash cache emptied: 960 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 445730692 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 654,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 03282012_101723 Files\Folders moved on Reboot... Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\Cra shReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungs daten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten not found! File\Folder C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Anwendungsdaten not found! Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\TxR scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\LocalLow scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Temp scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google\CrashReports scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local\Google scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData\Local scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$\RegBack scheduled to be moved on reboot. Folder move failed. C:\Windows\$NtUninstallKB21903$ scheduled to be moved on reboot. File\Folder C:\Windows\temp\ZLT01edb.TMP not found! Registry entries deleted on Reboot... |
|
28.03.2012, 10:10
| #6 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Hi, ok... chris
__________________ --> Sirefef.bv.2 in System32 - verschiedene Dateien |
|
28.03.2012, 11:54
| #7 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Also habe ComboFix vollständig durchlaufen lassen allerdings ist der PC nach einem Neustart und während ComboFix die Log-Datei erstellt hat einfach abgestürzt. Trotzdem hier die ComboFix.txt aus C:\ComboFix: ComboFix 12-03-27.03 - *** 28.03.2012 11:31:39.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2321 [GMT 2:00] ausgeführt von:: C:\Users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\install.exe C:\Program Files\Perfect Optimizer C:\Program Files\Perfect Optimizer\License.ini C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini C:\Users\***\AppData\Local\lame_enc.dll C:\Users\***\AppData\Local\no23xwrapper.dll C:\Users\***\AppData\Local\ogg.dll C:\Users\***\AppData\Local\vorbis.dll C:\Users\***\AppData\Local\vorbisenc.dll C:\Users\***\AppData\Local\vorbisfile.dll C:\Users\***\ntuser.dat.tmp C:\Windows\$NtUninstallKB21903$\2985288800\@ C:\Windows\$NtUninstallKB21903$\2985288800\cfg.ini C:\Windows\$NtUninstallKB21903$\2985288800\Desktop.ini C:\Windows\$NtUninstallKB21903$\2985288800\L\xadqgnnk C:\Windows\$NtUninstallKB21903$\2985288800\U\00000001.@ C:\Windows\$NtUninstallKB21903$\2985288800\U\00000002.@ C:\Windows\$NtUninstallKB21903$\2985288800\U\00000004.@ C:\Windows\$NtUninstallKB21903$\2985288800\U\80000000.@ C:\Windows\$NtUninstallKB21903$\2985288800\U\80000004.@ C:\Windows\$NtUninstallKB21903$\2985288800\U\80000032.@ C:\Windows\$NtUninstallKB21903$\2985288800\version C:\Windows\$NtUninstallKB21903$\3218322970 C:\Windows\Fonts\ERASLGHT.TTF C:\Windows\Fonts\LFAXD.TTF C:\Windows\IsUn0407.exe C:\Windows\ServiceProfiles\LocalService\ntuser.dat.tmp C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.tmp C:\Windows\system32\dds_trash_log.cmd C:\Windows\system32\drivers\etc\hosts.ics C:\Windows\system32\muzapp.exe C:\Windows\system32\Packet.dll C:\Windows\system32\WanPacket.dll C:\Windows\unin0407.exe Infizierte Kopie von C:\Windows\system32\drivers\afd.sys wurde gefunden und desinfiziert Kopie von - The cat found it  wurde wiederhergestellt ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_AMService -------\Service_NPF ((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 )))))))))))))))))))))))))))))) 2012-03-28 09:58:00 . 2012-03-28 09:58:00 -------- d-----w- C:\Users\Test\AppData\Local\temp 2012-03-28 06:54:28 . 2012-03-28 06:54:29 -------- d-----w- C:\Program Files\7-Zip 2012-03-19 17:03:08 . 2012-03-19 17:03:08 -------- d-----w- C:\Program Files\Origin Games 2012-03-19 17:02:47 . 2012-03-19 17:02:47 -------- d-----w- C:\Users\***\AppData\Local\Origin 2012-03-19 17:02:46 . 2012-03-19 17:05:32 -------- d-----w- C:\ProgramData\Origin 2012-03-19 17:00:21 . 2012-03-19 17:03:08 -------- d-----w- C:\Users\***\AppData\Roaming\Origin 2012-03-19 17:00:20 . 2012-03-19 17:00:20 -------- d-----w- C:\ProgramData\Electronic Arts 2012-03-19 17:00:08 . 2012-03-19 17:02:42 -------- d-----w- C:\Program Files\Origin 2012-03-14 20:55:44 . 2011-11-19 14:50:02 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2012-03-14 20:55:43 . 2011-11-19 14:50:02 3913584 ----a-w- C:\Windows\system32\ntoskrnl.exe 2012-03-14 17:00:13 . 2012-02-03 03:54:27 2343424 ----a-w- C:\Windows\system32\win32k.sys 2012-03-14 17:00:12 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\system32\DWrite.dll 2012-03-14 13:54:41 . 2012-01-25 05:32:35 58880 ----a-w- C:\Windows\system32\rdpwsx.dll 2012-03-14 13:54:41 . 2012-01-25 05:32:34 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll 2012-03-14 13:54:41 . 2012-01-25 05:27:51 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe 2012-03-14 13:54:38 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\system32\rdpcore.dll 2012-03-14 13:54:38 . 2012-02-17 04:13:22 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys 2012-03-14 13:54:37 . 2012-02-17 04:14:08 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys 2012-03-11 19:38:24 . 2012-03-11 19:38:24 -------- d-----w- C:\Users\***\AppData\Roaming\Zeon 2012-03-11 19:33:57 . 2012-03-11 19:33:57 -------- d-----w- C:\Users\***\AppData\Roaming\FLEXnet 2012-03-11 19:33:47 . 2012-03-11 19:34:41 -------- d-----w- C:\Users\***\AppData\Roaming\ControlCenter4 2012-03-11 19:25:33 . 2012-03-11 19:25:33 -------- d-----w- C:\Brother 2012-03-11 19:25:28 . 2012-03-11 19:25:30 -------- d-----w- C:\Program Files\Browny02 2012-03-11 19:25:28 . 2012-03-11 19:25:28 -------- d-----w- C:\ProgramData\ControlCenter4 2012-03-11 19:25:21 . 2012-03-11 19:25:28 -------- d-----w- C:\Program Files\ControlCenter4 2012-03-11 19:16:55 . 2010-06-10 06:09:28 1475072 ----a-w- C:\Windows\system32\BrWi209d.dll 2012-03-11 19:16:55 . 2010-04-01 10:28:35 217088 ----a-w- C:\Windows\system32\BrJDec.dll 2012-03-11 19:16:52 . 2010-06-07 11:18:02 55808 ----a-w- C:\Windows\system32\BrUsi09d.dll 2012-03-11 19:16:51 . 2005-01-17 07:10:16 45056 ----a-w- C:\Windows\system32\BRTCPCON.DLL 2012-03-11 19:16:48 . 2010-05-10 08:45:58 103736 ----a-w- C:\Windows\system32\BRRBTOOL.EXE 2012-03-11 19:16:46 . 2010-04-02 05:33:34 25299 ----a-w- C:\Windows\system32\BRLM03A.DLL 2012-03-11 19:16:46 . 2004-08-09 06:42:08 77824 ----a-w- C:\Windows\system32\BRLMW03A.DLL 2012-03-11 19:14:02 . 2012-03-11 19:14:02 -------- d-----w- C:\ProgramData\zeon 2012-03-11 19:13:00 . 2012-03-11 19:38:14 -------- d-----w- C:\Users\***\AppData\Roaming\Nuance 2012-03-11 19:12:52 . 2012-03-11 19:12:59 -------- d-----w- C:\ProgramData\ScanSoft 2012-03-11 19:12:04 . 2012-03-11 19:12:15 -------- d-----w- C:\Program Files\Common Files\ScanSoft Shared 2012-03-11 19:12:00 . 2012-03-11 19:35:32 -------- d-----w- C:\ProgramData\Nuance 2012-03-11 19:12:00 . 2012-03-11 19:14:59 -------- d-----w- C:\Program Files\Nuance 2012-03-07 17:21:36 . 2012-03-07 17:21:36 -------- d-----w- C:\Users\***\AppData\Local\DDMSettings 2012-03-07 08:16:18 . 2012-03-07 08:16:18 -------- d-----w- C:\ProgramData\createonepart 2012-03-07 08:16:12 . 2012-03-07 08:16:12 -------- d-----w- C:\ProgramData\explauncher 2012-03-07 08:16:11 . 2012-03-07 08:16:11 -------- d-----w- C:\ProgramData\launcher 2012-03-07 08:15:44 . 2010-05-18 10:25:52 40560 ----a-w- C:\Windows\system32\drivers\hotcore3.sys 2012-03-07 08:15:32 . 2012-03-07 08:15:32 -------- d-----w- C:\Program Files\Paragon Software 2012-03-07 08:01:47 . 2012-01-18 14:55:58 922184 ----a-w- C:\Windows\system32\pwNative.exe 2012-03-07 08:01:46 . 2012-01-18 14:55:56 16472 ------w- C:\Windows\system32\pwdrvio.sys 2012-03-07 08:01:45 . 2012-01-18 14:55:54 11104 ------w- C:\Windows\system32\pwdspio.sys 2012-03-07 08:01:40 . 2012-03-07 08:01:43 -------- d-----w- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1 2012-03-04 23:02:27 . 2012-03-04 23:02:27 -------- d-----w- C:\Program Files\Common Files\Skype 2012-03-01 12:06:36 . 2012-03-01 12:06:43 -------- d-----w- C:\Program Files\Hamachi . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-03-28 10:08:51 . 2010-05-18 21:29:05 17408 ----a-w- C:\Windows\system32\rpcnetp.exe 2012-03-28 10:03:28 . 2010-05-18 21:49:41 58288 ----a-w- C:\Windows\system32\rpcnet.dll 2012-03-24 10:26:01 . 2011-05-15 10:28:53 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-02-17 13:51:08 . 2010-06-20 14:01:59 164880 ---ha-w- C:\Users\***\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2012-02-16 21:37:18 . 2012-02-16 21:37:18 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys 2012-02-16 21:29:17 . 2010-05-19 18:48:00 473656 ----a-w- C:\Windows\system32\drivers\sptd.sys 2012-02-15 18:54:55 . 2011-10-17 08:33:44 137416 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2012-01-22 13:31:01 . 2012-01-22 13:31:01 27248 ----a-w- C:\Windows\system32\drivers\cnnctfy2.sys 2012-01-04 08:58:41 . 2012-02-14 21:21:09 442880 ----a-w- C:\Windows\system32\ntshrui.dll 2012-01-04 00:48:42 . 2012-01-04 00:48:42 354176 ----a-w- C:\Windows\system32\DivXControlPanelApplet.cpl 2011-12-30 05:27:56 . 2012-02-14 21:21:17 478720 ----a-w- C:\Windows\system32\timedate.cpl 2011-11-21 04:21:43 . 2011-12-09 17:29:26 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 ----a-w- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 15:06:06 222496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 12:59:37 258512] "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 17:17:52 207424] "Ocs_SM"="C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-10-05 13:57:49 106496] "ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 14:44:24 738944] "ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 19:01:38 73360] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 08:32:24 1557800] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 15:24:58 9210400] "NBAgent"="C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 11:37:52 1492264] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-01-30 07:12:00 13605408] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-01-30 07:12:00 92704] "LogMeIn Hamachi Ui"="C:\Program Files\Hamachi\hamachi-2-ui.exe" [2012-02-28 16:38:56 1987976] "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376] "IndexSearch"="C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 23:37:26 46368] "PaperPort PTD"="C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 23:42:02 29984] "PPort12reminder"="C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 12:42:26 328992] "PDFHook"="C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 19:11:30 636192] "PDF5 Registry Controller"="C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 18:11:04 62752] "ControlCenter4"="C:\Program Files\ControlCenter4\BrCcBoot.exe" [2011-04-20 16:53:38 139264] "BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe" [2010-06-10 12:42:44 2621440] "ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336] C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-3-16 26565208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) "EnableLinkedConnections"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRealMode"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i Visual Effects.lnk backup=C:\Windows\pss\Magic-i Visual Effects.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk backup=C:\Windows\pss\Privoxy.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=C:\Windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk backup=C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iRotate.lnk] path=C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iRotate.lnk backup=C:\Windows\pss\iRotate.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2011-10-11 15:17:41 5389944 ----a-w- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] 2002-08-22 10:51:52 45056 ----a-w- C:\Windows\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2009-05-26 14:46:10 1159168 ------w- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2008-12-24 08:26:54 114688 ------w- C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2012-02-13 08:06:56 3481408 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08:12 1259376 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] 2010-04-28 21:28:18 3727411 ----a-w- C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-07-09 18:42:19 136176 ----atw- C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-03-29 11:20:40 119608 ----a-w- C:\Program Files\ICQ7.4\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 16:16:18 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] 2011-03-17 21:07:14 896912 ----a-w- C:\Program Files\Samsung\Kies\KiesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2011-04-09 09:22:03 13824 ----a-w- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2011-03-17 21:07:16 3373456 ----a-w- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2012-02-28 16:38:56 1987976 ----a-w- C:\Program Files\Hamachi\hamachi-2-ui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner] 2010-08-05 10:01:30 5674312 ----a-w- C:\Program Files\NoteBurner\VTBurnerGUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-01-30 07:12:00 13605408 ----a-w- C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-01-30 07:12:00 92704 ----a-w- C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM] 2011-10-05 13:57:49 106496 ----a-w- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2006-02-14 16:32:14 507904 ----a-w- C:\Windows\Samsung\PanelMgr\SSMMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59:52 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-11-27 23:21:25 274608 ----a-w- C:\Program Files\Real\RealPlayer\Update\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol] 2010-07-08 13:28:56 815704 ----a-w- C:\Program Files\TightVNC\tvnserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2004-03-18 07:33:26 892928 ----a-w- C:\Program Files\Logitech\iTouch\iTouch.exe Vielen Dank für deine Mühe soweit. Wie soll ich weiter vorgehen? Jetzt MAM oder nochmal ComboFix weil das Log ggf. nicht vollständig ist? |
|
28.03.2012, 12:27
| #8 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Hi, bitte MAM updaten, Offline gehen und einen FULLSCAN, dann online, log posten... OTL hat es nicht geschafft, aber ComboFix sollte das Rootkit komplett "flachgelegt" haben... (oh, 5€ für die Chauvi-Kasse ;o) chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.03.2012, 12:44
| #9 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Schön wärs gewesen... Aber hier erstmal die MAM-Log: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.28.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Aktiviert 28.03.2012 18:36:02 mbam-log-2012-03-29 (07-14-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 825853 Laufzeit: 4 Stunde(n), 51 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Windows\System32\sparrow.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\System32\sparrow.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt. C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Keine Aktion durchgeführt. C:\Users\***\Desktop\wine-1.3.37\dlls\dmcompos.dll (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Users\***\Desktop\wine-1.3.37\programs\progman.exe (Backdoor.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) Habe die gefundenen Dateien dann noch löschen lassen. Problem ist allerdings nicht verschwunden. Mein Antivir meldet immernoch regelmäßig infizierte Dateien im System32 Ordner. Gibts noch Hoffnung oder wars das dann mit meinem System? |
|
29.03.2012, 15:28
| #10 |
| | Sirefef.bv.2 in System32 - verschiedene Dateien Hi, MAM alle Funde löschen lassen. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Wenn TDSS erkannt wird dann nochmal laufen lassen, auf CURE bei den TDSS-Einträgen gehen (keine Auswahl von Treibern die als generic / unsigned gekennzeichnet sind, das zerschießt u. U. Dein Windows) Poste ein neues TDDs-Log und lass auch CF nochmal laufen (ComboFix)! Logs posten. Cureit (Achtung: Läuft sehr lagen (5-7h)) Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Sirefef.bv.2 in System32 - verschiedene Dateien |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, antivir, avira, cdburnerxp, converter, cpu, desktop, device driver, entfernen, error, excel, firefox, flash player, free download, google, google earth, home, hotspot, hotspot shield, installation, kommt immer wieder, lenovo, mozilla, plug-in, realtek, registry, rootkit, rundll, scan, security, svchost.exe, system, usb, virtualbox, vista, vista 32 bit, windows |
Linear-Darstellung
