| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2012, 12:08
| #1 |
 |  Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Hallo liebe Freunde der Polizeiviren, ich habe mich gestern mit einer Polizeivirusvariante infiziert. Wie beim BKA Virus erscheint ein Bild über den ganzen Bildschirm, auf dem das Banner der West Yorkshire Police erscheint. Ich befinde mich zurzeit in England, was erklärt, warum es die englische Variante ist. Der Computer lässt sich nicht im abgesicherten Modus starten, d.h. er startet jedes Mal neu, sobald man das Windows-Kennwort eingibt. Betriebssystem ist Windows 7 Professional 32-bit. In meiner Verzweifelung habe ich schon Dr. Web drüberlaufen lassen, was allerdings zu keinem Erfolg geführt hat. Nun möchte ich Frage, ob die Vorgehensweise die selbe ist wie für den so oft beschriebenen BKA Virus --> OTLPE und Logs posten? Vielen Dank im Voraus, Snake |
|
24.07.2012, 01:53
| #2 |
| /// Helfer-Team  | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
|
24.07.2012, 12:11
| #3 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Hallo t'john,
__________________vielen Dank für die schnelle Hilfe. Hier ist mein OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/24/2012 1:42:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 21.92 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 57.61 Gb Total Space | 11.52 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 57.11 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive F: | 244.90 Gb Total Space | 104.70 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive K: | 57.42 Gb Total Space | 38.63 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (SkypeUpdate)
SRV - File not found [Auto] -- -- (NMSAccess)
SRV - File not found [Auto] -- -- (mitsijm2012)
SRV - File not found [Auto] -- -- (BBDemon)
SRV - File not found [Auto] -- -- (Akamai)
SRV - File not found [On_Demand] -- -- (ACDaemon)
SRV - [2012/06/10 14:32:54 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/05 22:15:50 | 000,217,600 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/03/26 12:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 12:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/17 18:52:59 | 003,601,920 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2011/09/30 11:25:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/12 05:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/08 15:29:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 08:08:16 | 000,018,656 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/04 05:34:02 | 000,147,456 | ---- | M] (Saitek) [Auto] -- C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe -- (SaiDOutput)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (tap0801)
DRV - [2012/04/06 01:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/06 01:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 21:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 15:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/23 08:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/11/30 13:10:13 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/11/30 13:10:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011/11/30 13:10:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/04/26 05:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/16 11:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 18:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 05:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 05:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/04/03 04:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/03/29 22:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/04 11:12:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiH0762.sys -- (SaiH0762)
DRV - [2007/06/29 09:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/24 12:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006/11/30 10:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/05/01 13:59:26 | 001,903,646 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctxS51.sys -- (ctxS51)
DRV - [2001/06/21 23:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 C4 2D 71 81 F2 CC 01 [binary data]
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D EB DD EF 1C 93 CA 01 [binary data]
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 15:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\Max_Mustermann_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Max_Mustermann_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Max_Mustermann_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\Max_Mustermann_ON_C..\Run: [UIAnimation] C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.250.50.41 138.250.54.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/07/22 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2012/07/22 06:19:54 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5803BA30-5399-4891-9644-800099FEB87D}
[2012/07/22 06:19:41 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{25DD8290-FAB6-4ECC-BFE7-38CCC15556A5}
[2012/07/21 06:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CB9C41EE-507C-484E-B08B-54387CECC7DC}
[2012/07/21 06:49:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{4BC4390D-E43A-457F-8FD0-25AB11F79CBE}
[2012/07/20 05:29:31 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2CA6A9B8-93D7-432F-864D-72A9048987E2}
[2012/07/20 05:29:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{28CAE3C4-D488-437E-8ABC-5BBFA6F5BB20}
[2012/07/20 04:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/20 04:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/07/20 04:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/07/20 04:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/20 04:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/20 04:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/20 04:25:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/20 03:37:34 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F67FA238-0544-4D82-AA22-83B115DF4DD4}
[2012/07/20 03:37:23 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B163ED18-EC30-4176-B0EF-839E51E54C97}
[2012/07/19 06:06:56 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9145B203-A399-4033-A25A-5E30F84E7663}
[2012/07/19 06:06:44 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9D22EAB-1D13-43A9-8150-48D6DA204184}
[2012/07/18 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FF3CC55B-FFE4-4188-BE0B-83FD673244AA}
[2012/07/18 15:23:47 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5A53752C-B755-4D25-AABE-F4511FEDDAE8}
[2012/07/18 03:06:00 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{95BC5C18-8D12-4B13-BB82-3D3DFAA58FE3}
[2012/07/18 03:05:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{1F5D1972-DD19-4A25-86AD-906D276CDBAF}
[2012/07/17 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{A6594775-D2CC-4212-AF48-EB2ABECE107F}
[2012/07/17 11:37:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{3C71321E-7C61-49C7-B583-FBB451BCFF1F}
[2012/07/16 05:36:04 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{97EC9D44-AB5A-448C-B97C-9E47CF782627}
[2012/07/16 05:35:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{204ECA46-5FF5-409B-BBE8-10924D16E9AE}
[2012/07/15 06:57:39 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{ED30F66F-2151-483A-973A-AF62C5661BB5}
[2012/07/15 06:57:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{C8F5533B-FE9F-41A1-B01A-B96F115A8553}
[2012/07/14 06:18:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5031BE25-4A72-42AF-8DEE-C19C008CB372}
[2012/07/14 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{4719ED47-9A78-4137-B9C1-E0F327C28FD5}
[2012/07/14 05:34:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{3908B020-81A1-4E27-80D5-BFA347A88EC8}
[2012/07/14 05:34:15 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CD774E9A-1E55-4C98-9474-20CFF05DA258}
[2012/07/13 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CCA56C3B-41F0-4775-94E2-B5523236DD66}
[2012/07/13 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7D9E0AEF-BF4C-49B1-B57A-BED7C07BFA05}
[2012/07/12 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8645E601-3049-4EB6-AFAD-5DD3EC5120B8}
[2012/07/12 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DB991426-CD7F-49E3-BF01-15881500D832}
[2012/07/12 04:37:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{853DD339-52D8-4272-9876-93B952AC2F95}
[2012/07/12 04:37:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{65FFA8DC-1ED2-4C06-B2E9-EA4B19778B56}
[2012/07/12 03:33:22 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9D8D303E-5D65-4380-8C91-988A591CEE6D}
[2012/07/12 03:33:09 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{46B13C86-BC5A-4A86-BCF0-8412E6F6DA99}
[2012/07/11 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B359C52E-C501-4EE7-8151-C496A2F2A8CB}
[2012/07/11 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{28B8B826-EC2A-4547-A816-00B9680A9110}
[2012/07/11 10:23:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7A45A750-39B9-4ACE-8C30-E843AE84E28A}
[2012/07/11 10:04:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 10:04:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 10:04:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 10:04:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 10:04:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/07/11 10:04:15 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 10:04:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 09:54:35 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 09:51:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 09:51:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/11 09:51:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 05:11:14 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\Desktop\Linux Working Directory
[2012/07/10 10:06:40 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{76390958-C0CE-4914-BD57-DD4922ADE78D}
[2012/07/10 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5C5C3C2A-79AD-4D87-9D90-205F6DCF3A08}
[2012/07/10 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8D0C5A09-13F9-427A-A643-09ED254E4926}
[2012/07/10 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9E7E219-793C-4B0A-9A61-B033CA256764}
[2012/07/09 05:20:56 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9E05AEC-D3EF-478C-8F28-774AD9884828}
[2012/07/09 05:20:45 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{6C56AE65-FCD9-41F5-BD27-543597BB2608}
[2012/07/08 06:39:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B47C6171-14E0-47BB-88D9-3D7FC8C6C0B5}
[2012/07/08 06:39:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{EF175ABE-1357-472F-96D4-F41B9C7B7DAF}
[2012/07/07 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{1D26CACC-3EFD-4AA9-BCE2-8E6C226CA6BF}
[2012/07/07 18:38:39 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{22323335-13AD-4A3A-927F-FB288C17CD8C}
[2012/07/07 06:38:10 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{523DD322-23EF-4674-A3AB-E5C764F0C2C3}
[2012/07/07 06:37:59 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{21ADB804-DF45-496B-864A-F8D33059C648}
[2012/07/06 04:16:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5992E25B-AC8D-4646-BCA8-12149A95A4A3}
[2012/07/06 04:16:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{55EE2B0F-0065-4DAF-B447-819F08A2F883}
[2012/07/06 04:02:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D8DB7724-B5CE-48C7-A45C-DDF10EC018CA}
[2012/07/06 04:02:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{E9E274C1-8FAA-4B80-AA35-ADBABBEB30CC}
[2012/07/05 09:54:12 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F0B2D1A4-D7DD-458A-8DD8-123E8B45FC1E}
[2012/07/05 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8CE021E5-EAAA-4A24-9D49-8599B2DED45E}
[2012/07/04 16:13:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{0265CDCC-BD23-46A3-ADFA-B978F6E00FED}
[2012/07/04 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8DB09C73-DEF9-43A0-9E75-0C006B50BB46}
[2012/07/04 04:13:00 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7F24B127-659F-4BAC-BA96-7DD0C265D342}
[2012/07/04 04:12:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7F871FAB-93A5-46EA-B70D-07E5B9D4961C}
[2012/07/03 09:42:08 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9CD7EC92-B05E-4474-AF10-FCD271CD482E}
[2012/07/03 09:41:54 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5207E0C8-42B5-4EEF-A81E-DFFC239460AC}
[2012/07/02 17:04:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7E622CA4-1818-4816-B8CF-9D0DEE40A629}
[2012/07/02 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{BC67CF46-C3FA-45C5-9160-7AEF09AD3159}
[2012/07/02 05:03:53 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{88144363-072B-4EE2-8DEE-B5B2726F938A}
[2012/07/02 05:03:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{35587484-F989-46E0-9BF1-40B6836D7679}
[2012/07/01 06:34:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{54D4C910-1421-43BD-9269-BEE2A57FA67F}
[2012/07/01 06:34:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FE06D11B-DD28-4066-B7D2-849F98229A43}
[2012/06/30 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{067D3590-275F-423B-B5FD-AEA0849D72B3}
[2012/06/30 16:05:24 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FD3C283C-1DDF-4E2B-9B82-3C347F5682D4}
[2012/06/29 04:39:26 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F6512CFB-779A-4B39-8C35-6E1D919EFF55}
[2012/06/29 04:39:12 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B8142DD3-B51F-47D5-A882-F70D7A0FE214}
[2012/06/28 04:12:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DBCC9292-01FF-41CE-BCC7-9E6108EF00E7}
[2012/06/28 04:12:09 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DC0A9F5E-4805-42CF-9817-6E4312FF2C28}
[2012/06/27 17:47:45 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{521E6B7A-5B92-459E-9BE3-1D3830BCDEC2}
[2012/06/26 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D28A272B-9228-4A50-919B-6ED622BFDDA9}
[2012/06/26 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2F466579-368E-4DFB-AB55-00457E1FC99A}
[2012/06/26 04:06:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D99DC988-5F95-450A-A303-6E0795CA67A6}
[2012/06/26 04:06:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{52747F41-51A0-4804-812E-4BB71F2BAE0F}
[2012/06/25 08:05:46 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B32D299E-7C8F-4069-BBC9-6FCBF4D20141}
[2012/06/25 08:05:31 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{C7735A5D-E158-44BE-BA1A-0756ACDC3912}
[2012/06/24 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2A49E111-3BC1-4596-AF32-4CD728998A73}
[2012/06/24 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{12E26823-7346-425F-B6B5-A4402387016F}
[2008/08/14 03:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000213248
[2008/08/14 03:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000113245
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/23 05:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 05:38:36 | 2818,220,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 08:27:04 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:27:04 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:15:28 | 000,001,270 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/07/21 13:42:00 | 000,735,617 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Max_Mustermann_Polz_Führungszeugnis_17_07_2012.pdf
[2012/07/20 09:42:58 | 000,779,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/20 09:42:58 | 000,724,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/20 09:42:58 | 000,178,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/20 09:42:58 | 000,151,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/20 05:42:47 | 000,000,600 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2012/07/20 04:29:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/16 13:11:15 | 000,000,600 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\winscp.rnd
[2012/07/15 15:39:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/15 15:39:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/14 09:41:44 | 000,390,501 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Thesis.pdf
[2012/07/12 03:17:27 | 002,496,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 13:58:42 | 021,352,536 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\American Cars 1946-1959 - Every Model Year by Year (Malestrom).pdf
[2012/07/11 11:46:15 | 000,000,618 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/10 07:28:27 | 000,721,377 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document3.pdf
[2012/07/10 07:27:39 | 000,738,937 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document2.pdf
[2012/07/10 07:27:02 | 000,751,969 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document.pdf
[2012/07/04 14:24:18 | 1474,192,958 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Matlab45onecase_001.res
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/21 13:42:00 | 000,735,617 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Max_Mustermann_Polz_Führungszeugnis_17_07_2012.pdf
[2012/07/16 13:32:11 | 444,281,772 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\FlowAna160k_001.res
[2012/07/16 12:45:40 | 1474,192,958 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Matlab45onecase_001.res
[2012/07/14 09:41:37 | 000,390,501 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Thesis.pdf
[2012/07/11 12:10:54 | 021,352,536 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\American Cars 1946-1959 - Every Model Year by Year (Malestrom).pdf
[2012/07/11 11:46:15 | 000,000,618 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/10 07:28:27 | 000,721,377 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document3.pdf
[2012/07/10 07:27:39 | 000,738,937 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document2.pdf
[2012/07/10 07:27:02 | 000,751,969 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document.pdf
[2012/05/25 08:21:09 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2012/05/25 08:19:22 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\winscp.rnd
[2012/04/05 21:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/05 21:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/04/05 17:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/18 15:53:25 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2012/03/09 09:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/10 17:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/10/31 18:22:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011/10/19 13:49:11 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2011/10/19 13:49:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2011/10/19 13:49:11 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader27.dll
[2011/09/28 13:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/28 13:11:13 | 000,029,871 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\XFLR5.ini
[2011/08/03 16:40:58 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/05/25 09:47:29 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/03/02 11:49:01 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/03/02 11:47:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/12/08 16:29:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/20 15:14:20 | 000,025,944 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\UserTile.png
[2010/05/26 11:14:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/05/26 11:14:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010/05/19 06:47:39 | 000,007,603 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\Resmon.ResmonCfg
[2010/03/24 13:42:23 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/23 13:53:50 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/23 13:53:50 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/02/10 16:27:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/10 16:27:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/01 06:34:36 | 000,004,608 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 08:33:56 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/11 20:41:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 04:47:43 | 000,779,462 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,178,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,496,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,724,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,151,220 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/05 14:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 14:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/04/04 11:12:04 | 000,851,968 | ---- | C] () -- C:\Windows\System32\SaiC0762.Dll
[2008/04/04 11:12:04 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0762_0C.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_10.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_0A.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_07.dll
[2008/04/04 11:12:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_09.dll
[2008/04/04 11:12:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_0402.dll
[2008/04/04 11:12:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0762_11.dll
[2004/04/23 10:02:10 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe
[2003/02/18 13:26:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll
========== LOP Check ==========
[2012/02/23 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Snakeone\AppData\Roaming\Ansys
[2012/02/23 20:43:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ansys
[2010/12/20 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ashampoo
[2011/12/06 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Audacity
[2011/10/23 18:47:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Autodesk
[2010/03/24 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Canneverbe Limited
[2010/10/16 07:26:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Cuttermaran
[2011/02/13 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\DassaultSystemes
[2012/07/23 05:40:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox
[2010/12/08 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GetRightToGo
[2012/07/22 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2011/10/22 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\JAM Software
[2012/03/07 06:26:27 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Launcher
[2010/01/12 09:35:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Leadertech
[2011/11/01 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Red Alert 3 Demo
[2010/12/08 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\SourceTec
[2012/07/11 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\uTorrent
[2010/12/25 11:28:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Windows Live Writer
[2011/08/03 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XMedia Recode
[2010/12/13 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XnView
[2012/07/20 04:29:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/20 10:25:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011/10/23 18:47:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2010/03/24 13:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2011/02/11 10:16:49 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2011/12/06 18:00:52 | 000,000,000 | ---D | M] -- C:\ProgramData\DATA BECKER Downloads
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/02/05 11:40:28 | 000,000,000 | ---D | M] -- C:\ProgramData\FNP
[2010/05/26 11:13:56 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2012/05/17 07:05:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2011/03/10 15:05:35 | 000,000,000 | ---D | M] -- C:\ProgramData\PlotSoft
[2011/10/14 16:37:33 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2011/12/06 18:50:11 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2010/03/23 14:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2010/03/28 12:39:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Saitek
[2010/05/23 07:03:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Screentime
[2010/03/23 14:05:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/02/06 16:38:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/07/23 16:04:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/10/26 08:08:44 | 000,000,000 | ---D | M] -- C:\ProgramData\VS
[2012/06/30 16:02:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9FA5EC55
< End of report >
Und hier die Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/24/2012 1:42:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 21.92 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 57.61 Gb Total Space | 11.52 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 57.11 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive F: | 244.90 Gb Total Space | 104.70 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive K: | 57.42 Gb Total Space | 38.63 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0492CBCE-9C73-46D4-BFBA-F00DA4B22626}" = Intel Parallel Debugger Extension
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05FBC29D-BCB3-F521-FC84-91964CDEC49D}" = CCC Help Chinese Traditional
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0889887A-AD32-5013-6A13-75A443EED489}" = Catalyst Control Center Localization All
"{0966693F-E938-7952-D44D-4DA4BE5A70C1}" = CCC Help German
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09BBAC92-3275-4794-374F-9F5AE677C05D}" = CCC Help Dutch
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A4BD108-B367-40E4-8E3F-EE209DF5CA75}" = Visual Fortran Integration(s) in Microsoft Visual Studio*
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FF890DD-C566-5F17-B489-A73A7DFFD91C}" = ccc-utility
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143D49C9-F61A-0E40-9333-A02E3C759FA6}" = AMD Drag and Drop Transcoding
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A0E9390-BFA1-40E9-BC22-AEE278ED7C4A}" = Microsoft SQL Server 2008 Native Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207780D5-A515-4E79-B7C2-E4D32F8A6CA1}" = Eco Materials Adviser
"{2084F215-49E0-4B47-3146-EDC069221C18}" = CCC Help Greek
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{266597A9-1632-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 7.0
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FFF7D2-7CF1-E352-AF00-3D38252ED16F}" = CCC Help English
"{2DE4F346-7352-6AED-936A-FDCB472CBE49}" = CCC Help French
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{310EF19E-549B-42BF-B392-545CE2B245D8}" = Intel MKL on Intel(R) 64
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{32966B54-6095-4B12-9C71-96E71DE3C975}" = KLONK Image Measurement
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346603B9-BEE5-16CD-D0D3-9C87D9A47AFD}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F6A75CA-D603-1CE1-4FCB-804B080EC8A2}" = CCC Help Korean
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{42D67693-8130-88F0-ABE3-198A8BFC2E88}" = CCC Help Danish
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul
"{4F5C19F6-27CF-43EC-9BDC-31DB63F1E2DD}" = Saitek DirectOutput 6.2.2.4
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{53E31F9C-6475-F522-4807-36B76D951BCD}" = Catalyst Control Center Graphics Previews Common
"{551E379C-BDE0-41B0-AAB5-5E35F37542F2}" = Intel Visual Fortran Compiler XE on IA-32
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55A13ED7-FA80-F84B-4C70-71573173E740}" = CCC Help Finnish
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{5783F2D7-9004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2011 - Deutsch
"{5783F2D7-9004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - Deutsch
"{5783F2D7-A005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2012
"{5783F2D7-A005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - Deutsch
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5E68A799-F2B1-2B38-A8AE-FC56609B3BD4}" = CCC Help Hungarian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62C191EE-31C4-4C50-9818-C9B30DE0B5EA}" = Source Checker on IA-32
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64B4F378-C1EA-4A8A-9D96-7A2FA55FBDCA}" = Visual Fortran OpenMP on IA-32
"{65415AC9-0D2B-4A0F-9786-28748640F781}" = Falk Navi-Manager
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6954309C-5547-41C8-A107-81B48CAF8225}" = Intel Visual Fortran Compiler XE on Intel(R) 64
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D0BC5A6-1DD3-FE76-51EF-1DCBCABCBD1D}" = CCC Help Spanish
"{6F7FA468-7C5F-4C2B-9CBB-F8473D8D41A3}" = Intel(R) Composer XE 2011 Update 5 for Windows*
"{6FC990F6-F479-F116-D70C-8E8F93CEE75A}" = Catalyst Control Center InstallProxy
"{70584E3B-7FA9-BB7F-A529-E7286CF8D8BE}" = AMD Accelerated Video Transcoding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74FAF575-E1E9-2DAF-C002-2D9549A08662}" = Catalyst Control Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = sentinelsystemdriver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B7DCE3D-752D-8C63-471B-5B952C2EA69C}" = CCC Help Norwegian
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7C35F1AB-7882-4C93-4AC5-5BA30F820092}" = CCC Help Chinese Standard
"{7CBACD2A-8497-0461-BC94-E942B0C77862}" = CCC Help Russian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4DD591-1632-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1632-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F95619-3DEF-8C7F-C632-48F592D918C7}" = CCC Help Thai
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89740E68-3E04-4A02-96BD-7B17AC443938}" = Audials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9172121B-9699-4B18-8704-C357FE2D02BD}" = Intel MKL on IA-32
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92183A31-A803-4FFA-9EBC-7505EE0ACAC9}" = Integrated Documentation
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86
"{9A0C3ACF-4647-FB87-4877-AF070177F6E8}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B36ADC8-05D6-BEF9-C819-C493DF66BBDC}" = AMD Media Foundation Decoders
"{9B6911A3-9215-4EE8-6A60-894C41632BA9}" = CCC Help Japanese
"{9BB8F426-B168-41D0-87F9-CAC1C0B88441}" = Visual Fortran Indicator MSI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A611B2C0-5B79-4E84-B456-02B0D357BE3E}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{A788E8C4-8170-42AD-8F3F-6CFCD09745EA}" = Visual Fortran Top Level Files
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B46DECD1-1632-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B829E8D3-6D42-5178-7818-49CC9A08B9CE}" = CCC Help Czech
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BE166748-9D40-1F2A-C06F-80C3955987E0}" = CCC Help Swedish
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E63BF7-7663-44CC-87BF-89F8D34E44B6}" = Source Checker common files
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C998B529-0D93-16F5-ECF2-AC428DD7F02A}" = CCC Help Polish
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}" = Saitek SD6 Programming Software 6.6.6.9
"{CF526A26-1632-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{CF805758-0755-4489-A93C-96E34C8BDD61}" = Catan - Das Kartenspiel
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D25FF5C1-1632-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D7BF7525-D10D-4902-9F0E-C46C6B1A219D}" = Intel Composer XE 2011 Update 5 for Windows*
"{D829CAFA-0D00-404C-9499-4723BEE1818F}" = Source Checker on Intel(R) 64
"{D8958C6E-E8DF-0913-60D5-A8080A0C92E5}" = CCC Help Italian
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC9BEEB0-F7DC-071A-4558-7F3A17F8B39E}" = AMD Catalyst Install Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{EAE3EA5F-48DF-404F-8E9F-6C47F70F4E5A}" = Intel Composer XE 2011 Update 5 for Windows*
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC98F6C8-2373-426C-A5D4-4D851BFDA74A}" = Intel MKL common files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2BB3349-6039-4B52-9FC4-A303B4519F17}" = Visual Fortran OpenMP on Intel(R) 64
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"360 GEnx (1024)" = 360 GEnx (1024) Screen Saver
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AutoCAD Architecture 2011 - Deutsch" = AutoCAD Architecture 2011 - Deutsch
"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"AviSynth" = AviSynth 2.5
"Catan" = Catan
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"CDisplay_is1" = CDisplay 1.8
"C-Media Audio Driver" = C-Media WDM Audio Driver
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creatix V.9X DSP Data Fax Modem" = Creatix V.9X DSP Data Fax Modem
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DWG TrueView 2012" = DWG TrueView 2012
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"HaaliMkx" = Haali Media Splitter
"IM-Screensaver" = IM-Screensaver
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Iron Man 2 War Machine" = Iron Man 2 War Machine Screen Saver
"JDownloader" = JDownloader
"Logitech Unifying" = Logitech Unifying-Software 2.00
"MatlabR2009a" = MATLAB R2009a
"MeshLab" = MeshLab 1.3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"pywin32-py2.7" = Python 2.7 pywin32-216
"Red Alert" = Red Alert Windows 95
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Screensaver GE90 1024" = Screensaver GE90 1024
"Screensaver GEnx 1024" = Screensaver GEnx 1024
"Side 9 Screensaver" = Side 9 Screensaver
"sp6" = Logitech SetPoint 6.30
"Steam App 200240" = Batman: Arkham City Demo
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TreeSize Free_is1" = TreeSize Free V2.6
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.0.7 beta
"WinUAE" = WinUAE 2.3.3
"XMedia Recode" = XMedia Recode 3.0.1.3
"Xming_is1" = Xming 6.9.0.31
"XnView_is1" = XnView 1.97.8
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Max_Mustermann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
< End of report >
Grüße Snake |
|
25.07.2012, 00:12
| #4 |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Fixen mit OTLpe
Code:
ATTFilter :OTL
SRV - File not found [Auto] -- -- (SkypeUpdate)
SRV - File not found [Auto] -- -- (NMSAccess)
SRV - File not found [Auto] -- -- (mitsijm2012)
SRV - File not found [Auto] -- -- (BBDemon)
SRV - File not found [Auto] -- -- (Akamai)
SRV - File not found [On_Demand] -- -- (ACDaemon)
DRV - File not found [Kernel | On_Demand] -- -- (tap0801)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] File not found
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [VirtualCloneDrive] File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Max_Mustermann_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Max_Mustermann_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Max_Mustermann_ON_C..\Run: [UIAnimation] C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9FA5EC55
--------------------------------------------------------------------------------
[2012/07/22 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2012/07/22 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2012/07/22 08:15:28 | 000,001,270 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
|
|
25.07.2012, 11:38
| #5 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Vielen Dank! Der Computer startet jetzt wieder normal und ohne Banner. Ich muss allerdings noch gestehen, dass ich im Fix die Zeile Code:
ATTFilter IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
Code:
ATTFilter IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;
Nach dem Windowsstart erscheint jetzt ein Fenster "RunDLL" mit dem Inhalt "Problem beim Starten von C:\Windows\System32\LogiLDA.dll; Das angegebene Modul wurde nicht gefunden". Des Weiteren war mir beim allerersten OTL Log noch aufgefallen, dass da als Arbeitsspeicher überall 3Gb angegeben sind. Es sind aber 4 installiert. Ich weiß, dass 32-Bit nich wirklich mit 4 Gb zurechtkommt, aber sollte dann nicht trotzdem bei "Total Physical Memory" 4Gb angegeben sein? Kann es sein, dass da was abgeschmiert ist? Nachfolgend nun noch das Logfile: Code:
ATTFilter ========== OTL ==========
Service\Driver key SkypeUpdate not found.
Service\Driver key NMSAccess not found.
Service\Driver key mitsijm2012 not found.
Service\Driver key BBDemon not found.
Service\Driver key Akamai not found.
Service\Driver key ACDaemon not found.
Service\Driver key tap0801 not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant deleted successfully.
C:\Windows\System32\LogiLDA.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualCloneDrive deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe not found.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\UIAnimation deleted successfully.
C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe moved successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\System32\mctadmin.exe moved successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File C:\Windows\System32\mctadmin.exe not found.
C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB858B22-55E2-413f-87F5-30ADC5552151}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB858B22-55E2-413f-87F5-30ADC5552151}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Max_Mustermann_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
ADS C:\ProgramData\TEMP:9FA5EC55 deleted successfully.
C:\Users\Max Mustermann\AppData\Roaming\hellomoto folder moved successfully.
Folder C:\Users\Max Mustermann\AppData\Roaming\hellomoto\ not found.
File C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: Administrator.Snakeone
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Max Mustermann
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82845391 bytes
Total Files Cleaned = 79.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.Snakeone
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Max Mustermann
User: Public
Total Flash Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 07252012_140719
Snake |
|
25.07.2012, 13:46
| #6 | |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Sehr gut!  Zitat:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich |
|
25.07.2012, 20:05
| #7 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Ich hatte nur die eine Zeile um Code:
ATTFilter 127.0.0.1:9421
Hier nun das Logfile von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.25.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Max Mustermann :: SNAKEONE [Administrator] 25.07.2012 15:16:05 mbam-log-2012-07-25 (19-47-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1122709 Laufzeit: 4 Stunde(n), 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\_OTL\MovedFiles\07252012_140719\C_Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt. D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20019.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt. D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20023.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt. D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\encadapci1710.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/25/2012 at 19:55:37
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Max Mustermann - SNAKEONE
# Running from : C:\Users\Max Mustermann\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v7.0.1 (de)
Profile name : default
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\7isz19o2.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1041 octets] - [25/07/2012 19:55:37]
########## EOF - C:\AdwCleaner[R1].txt - [1169 octets] ##########
Snake |
|
25.07.2012, 20:07
| #8 |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich |
|
25.07.2012, 20:38
| #9 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Sorry, ich hab wahrscheinlich dann das falsche Logfile gepostet. Funde hatte ich alle entfernt, aber das anschließende Logfile wurde offenbar auch nicht automatisch gespeichert. Werd morgen noch mal einen Vollscan machen und das Log dann posten. Der Suchlauf dauert leider über vier Stunden. Grüße Snake |
|
25.07.2012, 20:42
| #10 |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Alles klar! |
|
26.07.2012, 13:11
| #11 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Hier das neue Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Pascal Wilmes :: SNAKEONE [Administrator] 26.07.2012 08:47:29 mbam-log-2012-07-26 (08-47-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1122967 Laufzeit: 4 Stunde(n), 11 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.07.2012, 15:04
| #12 |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
26.07.2012, 23:19
| #13 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Hier das Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/26/2012 at 15:46:52
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Max Mustermann - SNAKEONE
# Running from : C:\Users\Max Mustermann\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v7.0.1 (de)
Profile name : default
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\7isz19o2.default
\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1170 octets] - [25/07/2012 19:55:37]
AdwCleaner[S1].txt - [284 octets] - [26/07/2012 15:45:57]
AdwCleaner[R2].txt - [1289 octets] - [26/07/2012 15:46:09]
AdwCleaner[S2].txt - [1228 octets] - [26/07/2012 15:46:52]
########## EOF - C:\AdwCleaner[S2].txt - [1356 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 26.07.2012 15:59:59
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, H:\, I:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 26.07.2012 16:00:32
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3
-> durdom\Ester.class gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3
-> durdom\Glocker.class gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3
-> durdom\huiak$1.class gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3
-> durdom\Stremer.class gefunden: Trojan-Downloader.Java.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\53391470-
3bfbf0a0 -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\53391470-
3bfbf0a0 -> wyagcsl\llwdspccuvrf.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-
6f9c9b8c -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-
6f9c9b8c -> wyagcsl\llwdspccuvrf.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\299ed764-
3fec7308 -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\299ed764-
3fec7308 -> wyagcsl\llwdspccuvrf.class gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-
4f363cfb -> rc.class gefunden: Java.Downloader.BS!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-
4f363cfb -> rb.class gefunden: Exploit.MS04.CVE-2004-0210-2011-3544.CB!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-
4f363cfb -> lz.class gefunden: Trojan.Java.Exploit!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adbbpci20098.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adcbdas16jrexp.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adkmdas1800hr.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adgesada1.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adrtddm6420.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\adrtddm6430.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\dicbpdiso16.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\docbpdiso16.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\encadpa1700.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\rs232_send.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\rs232_sendrec.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\scblock.mexw32
gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\rs232_rec.mexw32 gefunden: Trojan.Win32.Agent.BNWVMWL!E1
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
\xpcregstack.mexw32 gefunden: Trojan.Win32.Agent!E2
D:\Programme\ANSYS Inc\v140\tgrid\ntbin\ntx86\utility.exe gefunden:
Trojan.Win32.Jorik!E2
D:\Programme\ANSYS Inc\v140\fluent\ntbin\ntx86\utility.exe gefunden:
Trojan.Win32.Jorik!E2
Gescannt 1295380
Gefunden 29
Scan Ende: 26.07.2012 21:56:53
Scan Zeit: 5:56:21
|
|
26.07.2012, 23:58
| #14 |
| /// Helfer-Team | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
28.07.2012, 12:06
| #15 |
| | Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich Puh, das hat etwas länger gedauert. Hier das Log von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb790f1450cd4e48b2f00cff3c9ee7dc
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 02:37:12
# local_time=2012-07-27 03:37:12 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44320124 95865742 0 0
# compatibility_mode=8192 67108863 100 0 193 193 0 0
# scanned=1634
# found=0
# cleaned=0
# scan_time=482
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb790f1450cd4e48b2f00cff3c9ee7dc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-28 08:03:22
# local_time=2012-07-28 09:03:22 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44320675 95866293 0 0
# compatibility_mode=8192 67108863 100 0 744 744 0 0
# scanned=1238810
# found=4
# cleaned=4
# scan_time=62700
R:\Auslagerung 2\Programs\Evaer Video Recorder.rar Variante von MSIL/Packed.CryptoObfuscator.F Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
U:\Eigene Dateien 3\Screensaver\scrsaver_3D_Pack.zip Win32/Adware.Webhancer.A Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
U:\Eigene Dateien 3\Screensaver\idb.zip Win32/Adware.Webhancer.A Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
U:\Eigene Dateien 3\Meine empfangenen Dateien\LaraCroft3DSetup.exe Win32/Adware.NdotNet Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
|
|
| Themen zu Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich |
| abgesicherte, abgesicherten, abgesicherter, abgesicherter modus möglich, banner, betriebssystem, bild, bildschirm, computer, erklärt, erscheint, frage, freunde, gestern, infiziert., kein abgesicherter modus möglich, liebe, modus, neu, poste, posten, professional, sobald, starte, starten, startet, warum, web, windows 7 |
.
Linear-Darstellung
