| |
| |||||||
Log-Analyse und Auswertung: WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.12.2012, 20:24
| #1 |
 |  WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Hallo Trojaner-Board-Experten. Ich hoffe, ihr könnt mir weiterhelfen. Ich habe mir den bekannten GVU-Trojaner eingefangen. Dieser ließ mich selbst im abgesicherten Modus nichts mehr amchen (schwarzer Bildschirm). Habe vorhin gerade im Netz gesucht und denke, es müsste die 2.10-Version sein. Habe mich dann eingelesen (by the way: Ich benutze gerade einen PC eines Kumpels) und bereits eine CD erstellt mit OTLPENet.exe und bei dem dann auftauchenden REATOGO-X-PE Desktop über OTLPE die beiden Log-Files OLT.txt und Extra.txt erstellt. Habe die beiden Dateien dann über's Internet verschickt, weil USB-Sticks an dem PC nicht erkannt werden. Hoffentlich war das kein Fehler. Wie ihr schon seht, bin ich kein Fachmann auf diesem Gebiet - um es mal milde auszudrücken. Das ist auch der Grund, warum ich euch um Hilfe bitte bei den weiteren Schritten. Vor allem, weil es jetzt an das Auslesen der Codes geht und da sollte man ja dann doch nichts falsch machen. Anbei die beiden Dateien und jetzt schon mal einen Dank an euch für diese tollen Leistungen hier. Beste Grüße Mufus P.S.: Ich weiß nicht, ob das normal ist oder ob mir ein Fehler unterlaufen ist, aber die beiden Textdateien haben überall Leerzeichen drin. Ist das normal? OLT.txt Code:
ATTFilter ��O T L l o g f i l e c r e a t e d o n : 1 2 / 2 2 / 2 0 1 2 2 : 2 7 : 1 0 P M - R u n
O T L P E b y O l d T i m e r - V e r s i o n 3 . 1 . 4 8 . 0 F o l d e r = X : \ P r o g r a m s \ O T L P E
W i n d o w s V i s t a ( T M ) U l t i m a t e S e r v i c e P a c k 2 ( V e r s i o n = 6 . 0 . 6 0 0 2 ) - T y p e = S y s t e m
I n t e r n e t E x p l o r e r ( V e r s i o n = 9 . 0 . 8 1 1 2 . 1 6 4 2 1 )
L o c a l e : 0 0 0 0 0 4 0 7 | C o u n t r y : D e u t s c h l a n d | L a n g u a g e : D E U | D a t e F o r m a t : d d . M M . y y y y
2 . 0 0 G b T o t a l P h y s i c a l M e m o r y | 2 . 0 0 G b A v a i l a b l e P h y s i c a l M e m o r y | 8 2 . 0 0 % M e m o r y f r e e
2 . 0 0 G b P a g i n g F i l e | 2 . 0 0 G b A v a i l a b l e i n P a g i n g F i l e | 9 5 . 0 0 % P a g i n g F i l e f r e e
P a g i n g f i l e l o c a t i o n ( s ) : ? : \ p a g e f i l e . s y s [ b i n a r y d a t a ]
% S y s t e m D r i v e % = C : | % S y s t e m R o o t % = C : \ W i n d o w s | % P r o g r a m F i l e s % = C : \ P r o g r a m F i l e s
D r i v e C : | 1 8 4 . 2 2 G b T o t a l S p a c e | 3 6 . 4 7 G b F r e e S p a c e | 1 9 . 8 0 % S p a c e F r e e | P a r t i t i o n T y p e : N T F S
D r i v e X : | 4 3 6 . 5 9 M b T o t a l S p a c e | 0 . 0 0 M b F r e e S p a c e | 0 . 0 0 % S p a c e F r e e | P a r t i t i o n T y p e : C D F S
C o m p u t e r N a m e : R E A T O G O | U s e r N a m e : S Y S T E M
B o o t M o d e : N o r m a l | S c a n M o d e : A l l u s e r s
C o m p a n y N a m e W h i t e l i s t : O f f | S k i p M i c r o s o f t F i l e s : O f f | N o C o m p a n y N a m e W h i t e l i s t : O n | F i l e A g e = 3 0 D a y s
U s i n g C o n t r o l S e t : C o n t r o l S e t 0 0 1
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = W i n 3 2 S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]
S R V - [ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 2 3 | 0 0 0 , 2 1 2 , 4 8 0 | - - - - | M ] ( ) [ O n _ D e m a n d ] - - C : \ U s e r s \ D e l l \ w g s d g s d g d s g s d . d l l - - ( W i n m g m t )
S R V - [ 2 0 1 2 / 1 1 / 2 9 0 8 : 5 0 : 2 5 | 0 0 3 , 4 6 3 , 0 8 0 | - - - - | M ] ( T e a m V i e w e r G m b H ) [ A u t o ] - - C : \ P r o g r a m F i l e s \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e - - ( T e a m V i e w e r 8 )
S R V - [ 2 0 1 2 / 1 1 / 2 5 1 0 : 0 1 : 3 3 | 0 0 0 , 1 1 5 , 1 6 8 | - - - - | M ] ( M o z i l l a F o u n d a t i o n ) [ O n _ D e m a n d ] - - C : \ P r o g r a m F i l e s \ M o z i l l a M a i n t e n a n c e S e r v i c e \ m a i n t e n a n c e s e r v i c e . e x e - - ( M o z i l l a M a i n t e n a n c e )
S R V - [ 2 0 1 2 / 1 1 / 1 2 1 3 : 0 9 : 0 0 | 0 0 4 , 5 3 9 , 7 1 2 | - - - - | M ] ( ) [ A u t o ] - - C : \ p r o g r a m f i l e s \ c o m m o n f i l e s \ a k a m a i / n e t s e s s i o n _ w i n _ c e 5 b a 2 4 . d l l - - ( A k a m a i )
S R V - [ 2 0 1 2 / 0 7 / 2 7 1 5 : 5 1 : 2 6 | 0 0 0 , 0 6 3 , 9 6 0 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) [ A u t o ] - - C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e - - ( A d o b e A R M s e r v i c e )
S R V - [ 2 0 1 1 / 0 7 / 0 8 1 2 : 0 4 : 2 2 | 0 0 0 , 2 6 9 , 4 8 0 | - - - - | M ] ( A v i r a G m b H ) [ A u t o ] - - C : \ H i l f s p r o g g s \ A v i r a A n t i V i r 1 0 \ A v i r a \ A n t i V i r D e s k t o p \ a v g u a r d . e x e - - ( A n t i V i r S e r v i c e )
S R V - [ 2 0 1 1 / 0 4 / 2 1 0 0 : 5 2 : 5 1 | 0 0 0 , 1 3 6 , 3 6 0 | - - - - | M ] ( A v i r a G m b H ) [ A u t o ] - - C : \ H i l f s p r o g g s \ A v i r a A n t i V i r 1 0 \ A v i r a \ A n t i V i r D e s k t o p \ s c h e d . e x e - - ( A n t i V i r S c h e d u l e r S e r v i c e )
S R V - [ 2 0 1 1 / 0 3 / 1 5 0 7 : 4 1 : 4 0 | 0 0 0 , 4 0 7 , 3 3 6 | - - - - | M ] ( V a l v e C o r p o r a t i o n ) [ D i s a b l e d ] - - C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ S t e a m \ S t e a m S e r v i c e . e x e - - ( S t e a m C l i e n t S e r v i c e )
S R V - [ 2 0 0 9 / 1 0 / 3 1 1 2 : 3 3 : 2 2 | 0 0 0 , 0 8 5 , 0 9 6 | - - - - | M ] ( A u t o d e s k ) [ D i s a b l e d ] - - C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ A u t o d e s k S h a r e d \ S e r v i c e \ A d s k S c S r v . e x e - - ( A u t o d e s k L i c e n s i n g S e r v i c e )
S R V - [ 2 0 0 9 / 1 0 / 3 0 1 0 : 2 4 : 3 2 | 0 0 0 , 6 5 1 , 7 2 0 | - - - - | M ] ( M a c r o v i s i o n E u r o p e L t d . ) [ D i s a b l e d ] - - C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ M a c r o v i s i o n S h a r e d \ F L E X n e t P u b l i s h e r \ F N P L i c e n s i n g S e r v i c e . e x e - - ( F L E X n e t L i c e n s i n g S e r v i c e )
S R V - [ 2 0 0 9 / 1 0 / 2 7 0 3 : 2 6 : 3 6 | 0 0 0 , 6 5 7 , 4 0 8 | - - - - | M ] ( N o k i a ) [ D i s a b l e d ] - - C : \ P r o g r a m F i l e s \ P C C o n n e c t i v i t y S o l u t i o n \ S e r v i c e L a y e r . e x e - - ( S e r v i c e L a y e r )
S R V - [ 2 0 0 8 / 0 1 / 1 9 0 2 : 3 8 : 2 4 | 0 0 0 , 2 7 2 , 9 5 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ A u t o ] - - C : \ P r o g r a m F i l e s \ W i n d o w s D e f e n d e r \ M p S v c . d l l - - ( W i n D e f e n d )
S R V - [ 2 0 0 7 / 1 1 / 0 7 1 8 : 5 8 : 1 8 | 0 0 3 , 0 0 4 , 4 1 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ D i s a b l e d ] - - C : \ H i l f s p r o g g s \ M S V i s u a l S t u d i o 2 0 0 8 \ C o m m o n 7 \ I D E \ R e m o t e D e b u g g e r \ x 8 6 \ m s v s m o n . e x e - - ( m s v s m o n 9 0 )
S R V - [ 2 0 0 7 / 1 0 / 2 6 0 7 : 2 8 : 0 6 | 0 0 1 , 5 2 4 , 5 1 2 | - - - - | M ] ( C i s c o S y s t e m s , I n c . ) [ A u t o ] - - C : \ P r o g r a m F i l e s \ C i s c o S y s t e m s \ V P N C l i e n t \ c v p n d . e x e - - ( C V P N D )
S R V - [ 2 0 0 7 / 0 4 / 2 7 0 2 : 3 2 : 0 6 | 0 0 0 , 3 8 6 , 5 9 2 | - - - - | M ] ( D e l l I n c . ) [ A u t o ] - - C : \ P r o g r a m F i l e s \ D e l l \ Q u i c k S e t \ N i c C o n f i g S v c . e x e - - ( n i c c o n f i g s v c )
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = D r i v e r S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]
D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d ] - - - - ( v p n v a )
D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d ] - - - - ( U S B A A P L )
D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d ] - - - - ( N w l n k F w d )
D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d ] - - - - ( N w l n k F l t )
D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d ] - - - - ( I p I n I p )
D R V - [ 2 0 1 2 / 0 7 / 0 2 1 4 : 5 4 : 5 0 | 0 0 0 , 2 8 1 , 7 6 0 | - - - - | M ] ( ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a t k s g t . s y s - - ( a t k s g t )
D R V - [ 2 0 1 2 / 0 7 / 0 2 1 4 : 5 4 : 5 0 | 0 0 0 , 0 2 5 , 8 8 8 | - - - - | M ] ( ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ l i r s g t . s y s - - ( l i r s g t )
D R V - [ 2 0 1 1 / 0 7 / 0 8 1 2 : 0 4 : 2 3 | 0 0 0 , 1 3 8 , 1 9 2 | - - - - | M ] ( A v i r a G m b H ) [ K e r n e l | S y s t e m ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a v i p b b . s y s - - ( a v i p b b )
D R V - [ 2 0 0 9 / 1 0 / 2 7 1 6 : 1 2 : 2 4 | 0 0 0 , 1 0 1 , 2 4 8 | - - - - | M ] ( A V M B e r l i n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a v m a u r a . s y s - - ( a v m a u r a )
D R V - [ 2 0 0 9 / 1 0 / 0 8 1 0 : 5 5 : 3 3 | 0 0 0 , 0 2 8 , 5 2 0 | - - - - | M ] ( A v i r a G m b H ) [ K e r n e l | S y s t e m ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ s s m d r v . s y s - - ( s s m d r v )
D R V - [ 2 0 0 9 / 1 0 / 0 6 0 5 : 5 2 : 5 0 | 0 0 0 , 0 0 7 , 9 3 6 | - - - - | M ] ( N o k i a ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b s e r _ l o w e r f l t j . s y s - - ( U s b s e r F i l t )
D R V - [ 2 0 0 9 / 1 0 / 0 6 0 5 : 5 2 : 3 4 | 0 0 0 , 0 2 2 , 0 1 6 | - - - - | M ] ( N o k i a ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ c c d c m b o . s y s - - ( n m w c d c )
D R V - [ 2 0 0 9 / 1 0 / 0 6 0 5 : 5 2 : 3 4 | 0 0 0 , 0 1 7 , 6 6 4 | - - - - | M ] ( N o k i a ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ c c d c m b . s y s - - ( n m w c d )
D R V - [ 2 0 0 9 / 1 0 / 0 6 0 5 : 5 2 : 3 4 | 0 0 0 , 0 0 7 , 9 3 6 | - - - - | M ] ( N o k i a ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b s e r _ l o w e r f l t . s y s - - ( u p p e r d e v )
D R V - [ 2 0 0 9 / 0 6 / 2 0 0 8 : 4 0 : 2 2 | 0 0 0 , 7 2 1 , 9 0 4 | - - - - | M ] ( D u p l e x S e c u r e L t d . ) [ K e r n e l | B o o t ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ s p t d . s y s - - ( s p t d )
D R V - [ 2 0 0 9 / 0 4 / 1 1 0 0 : 0 6 : 2 6 | 0 0 0 , 0 1 9 , 9 6 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ W S D S c a n . s y s - - ( W S D S c a n )
D R V - [ 2 0 0 9 / 0 4 / 1 0 2 3 : 3 8 : 5 9 | 0 0 0 , 0 3 0 , 2 0 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b c c i d . s y s - - ( U S B C C I D )
D R V - [ 2 0 0 9 / 0 1 / 3 0 0 2 : 1 2 : 0 0 | 0 0 7 , 5 4 4 , 8 3 2 | - - - - | M ] ( N V I D I A C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ n v l d d m k m . s y s - - ( n v l d d m k m )
D R V - [ 2 0 0 8 / 1 0 / 2 8 2 2 : 3 2 : 4 2 | 0 0 0 , 0 3 2 , 2 8 8 | - - - - | M ] ( R E A L T E K S E M I C O N D U C T O R C o r p . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ R T L 2 8 3 2 U U S B . s y s - - ( R T L 2 8 3 2 U U S B )
D R V - [ 2 0 0 8 / 1 0 / 2 8 2 2 : 3 2 : 3 6 | 0 0 0 , 0 7 0 , 0 4 8 | - - - - | M ] ( R E A L T E K S E M I C O N D U C T O R C o r p . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ R T L 2 8 3 2 U B D A . s y s - - ( R T L 2 8 3 2 U B D A )
D R V - [ 2 0 0 8 / 0 8 / 2 6 0 3 : 2 6 : 1 2 | 0 0 0 , 0 1 8 , 8 1 6 | - - - - | M ] ( N o k i a ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ p c c s m c f d . s y s - - ( p c c s m c f d )
D R V - [ 2 0 0 8 / 0 1 / 1 9 0 1 : 1 4 : 5 9 | 0 0 0 , 0 1 6 , 8 9 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ W S D P r i n t . s y s - - ( W S D P r i n t D e v i c e )
D R V - [ 2 0 0 7 / 1 1 / 0 5 0 5 : 5 6 : 5 8 | 0 0 0 , 1 0 1 , 5 0 4 | - - - - | M ] ( H u a w e i T e c h n o l o g i e s C o . , L t d . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ e w u s b m d m . s y s - - ( h w d a t a c a r d )
D R V - [ 2 0 0 7 / 1 0 / 2 6 0 7 : 2 7 : 0 0 | 0 0 0 , 3 0 6 , 3 0 0 | - - - - | M ] ( C i s c o S y s t e m s , I n c . ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ C V P N D R V A . s y s - - ( C V P N D R V A )
D R V - [ 2 0 0 7 / 0 9 / 2 6 0 1 : 1 2 : 0 0 | 0 0 2 , 2 5 1 , 7 7 6 | - - - - | M ] ( I n t e l C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ N E T w 4 v 3 2 . s y s - - ( N E T w 4 v 3 2 ) I n t e l ( R )
D R V - [ 2 0 0 7 / 0 2 / 1 5 1 9 : 5 7 : 0 4 | 0 0 0 , 0 3 4 , 7 6 0 | - - - - | M ] ( S l y S o f t , I n c . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ E l b y C D F L . s y s - - ( E l b y C D F L )
D R V - [ 2 0 0 7 / 0 2 / 1 5 1 9 : 5 6 : 4 9 | 0 0 0 , 0 1 1 , 9 8 4 | - - - - | M ] ( E l a b o r a t e B y t e s A G ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ E l b y D e l a y . s y s - - ( E l b y D e l a y )
D R V - [ 2 0 0 7 / 0 1 / 3 1 0 6 : 4 5 : 0 6 | 0 0 0 , 1 2 7 , 3 7 6 | - - - - | M ] ( D e t e r m i n i s t i c N e t w o r k s , I n c . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ d n e 2 0 0 0 . s y s - - ( D N E )
D R V - [ 2 0 0 7 / 0 1 / 1 8 1 1 : 2 8 : 0 2 | 0 0 0 , 0 0 5 , 2 7 5 | - - - - | M ] ( C i s c o S y s t e m s , I n c . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ C V i r t A . s y s - - ( C V i r t A )
D R V - [ 2 0 0 6 / 1 2 / 0 5 0 5 : 3 4 : 4 2 | 0 0 0 , 5 0 7 , 1 3 6 | - - - - | M ] ( P i x A r t I m a g i n g I n c . ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ P F C 0 2 7 . S Y S - - ( P A C 2 0 7 )
D R V - [ 2 0 0 6 / 1 1 / 2 0 1 4 : 1 3 : 5 8 | 0 0 0 , 0 4 3 , 5 2 0 | - - - - | M ] ( R E D C ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i m s p t s k . s y s - - ( r i m s p t s k )
D R V - [ 2 0 0 6 / 1 1 / 2 0 1 4 : 1 3 : 5 8 | 0 0 0 , 0 3 7 , 3 7 6 | - - - - | M ] ( R E D C ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i x d p t s k . s y s - - ( r i s m x d p )
D R V - [ 2 0 0 6 / 1 1 / 2 0 1 4 : 1 3 : 5 6 | 0 0 0 , 0 3 2 , 2 5 6 | - - - - | M ] ( R E D C ) [ K e r n e l | A u t o ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i m m p t s k . s y s - - ( r i m m p t s k )
D R V - [ 2 0 0 6 / 1 1 / 2 0 0 0 : 5 7 : 0 0 | 0 0 0 , 2 8 3 , 7 7 6 | - - - - | M ] ( A f a T e c h ) [ K e r n e l | O n _ D e m a n d ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ A F 1 5 B D A . s y s - - ( A F 1 5 B D A ) C i n e r g y T U S B X E ( M K I I )
D R V - [ 2 0 0 1 / 0 8 / 2 2 0 2 : 4 2 : 5 8 | 0 0 0 , 0 1 3 , 6 3 2 | - - - - | M ] ( D e l l C o m p u t e r C o r p o r a t i o n ) [ K e r n e l | S y s t e m ] - - C : \ W i n d o w s \ S Y S T E M 3 2 \ D R I V E R S \ O M C I . S Y S - - ( O M C I )
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S t a n d a r d R e g i s t r y ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = I n t e r n e t E x p l o r e r = = = = = = = = = = [ / c o l o r ]
I E - H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0
I E - H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y O v e r r i d e " = < l o c a l >
I E - H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , P r e v S e a r c h P a g e = h t t p : / / g o o g l e . i c q . c o m
I E - H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S e a r c h P a g e = h t t p : / / g o o g l e . i c q . c o m
I E - H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = h t t p : / / w w w . g o o g l e . d e /
I E - H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e C a c h e = 1
I E - H K U \ D e l l _ O N _ C \ . . \ U R L S e a r c h H o o k : { 8 5 5 F 3 B 1 6 - 6 D 3 2 - 4 f e 6 - 8 A 5 6 - B B B 6 9 5 9 8 9 0 4 6 } - R e g E r r o r : V a l u e e r r o r . F i l e n o t f o u n d
I E - H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0
I E - H K U \ N e t w o r k S e r v i c e _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i r e F o x = = = = = = = = = = [ / c o l o r ]
F F - p r e f s . j s . . b r o w s e r . s e a r c h . u p d a t e : f a l s e
F F - p r e f s . j s . . b r o w s e r . s e a r c h . d e f a u l t e n g i n e n a m e : " I C Q S e a r c h "
F F - p r e f s . j s . . b r o w s e r . s e a r c h . s e l e c t e d E n g i n e : " G o o g l e "
F F - p r e f s . j s . . b r o w s e r . s e a r c h . u p d a t e : f a l s e
F F - p r e f s . j s . . b r o w s e r . s t a r t u p . h o m e p a g e : " h t t p : / / w w w . g o o g l e . d e / "
F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { 5 9 c 8 1 d f 5 - 4 b 7 a - 4 7 7 b - 9 1 2 d - 4 e 0 f d f 6 4 e 5 f 2 } : 0 . 9 . 8 6 . 1
F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { e 4 a 8 a 9 7 b - f 2 e d - 4 5 0 b - b 1 2 d - e e 0 8 2 b a 2 4 7 8 1 } : 0 . 9 . 1
F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 0 - A B C D E F F E D C B A } : 6 . 0 . 2 0
F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 1 - A B C D E F F E D C B A } : 6 . 0 . 2 1
F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 2 - A B C D E F F E D C B A } : 6 . 0 . 2 2
F F - p r e f s . j s . . k e y w o r d . U R L : " h t t p : / / s e a r c h . i c q . c o m / s e a r c h / a f e _ r e s u l t s . p h p ? c h _ i d = a f e x & q = "
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W i n d o w s \ S y s t e m 3 2 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 5 _ 5 0 2 _ 1 3 5 . d l l ( )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ d i v x . c o m / D i v X B r o w s e r P l u g i n , v e r s i o n = 1 . 0 . 0 : C : \ P r o g r a m F i l e s \ D i v X \ D i v X P l u s W e b P l a y e r \ n p d i v x 3 2 . d l l ( D i v X , I n c . )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ d i v x . c o m / D i v X P l a y e r P l u g i n , v e r s i o n = 1 . 0 . 0 : C : \ H i l f s p r o g g s \ D i v X \ D i v X P l a y e r \ n p D i v x P l a y e r P l u g i n . d l l ( D i v X , I n c )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ G o o g l e . c o m / G o o g l e E a r t h P l u g i n : C : \ P r o g r a m F i l e s \ G o o g l e \ G o o g l e E a r t h \ p l u g i n \ n p g e p l u g i n . d l l ( G o o g l e )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ j a v a . c o m / D T P l u g i n , v e r s i o n = 1 0 . 7 . 2 : C : \ W i n d o w s \ S y s t e m 3 2 \ n p d e p l o y J a v a 1 . d l l ( O r a c l e C o r p o r a t i o n )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ j a v a . c o m / J a v a P l u g i n , v e r s i o n = 1 0 . 9 . 2 : C : \ P r o g r a m F i l e s \ J a v a \ j r e 7 \ b i n \ p l u g i n 2 \ n p j p 2 . d l l ( O r a c l e C o r p o r a t i o n )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / W P F , v e r s i o n = 3 . 5 : C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 3 . 5 \ W i n d o w s P r e s e n t a t i o n F o u n d a t i o n \ N P W P F . d l l ( M i c r o s o f t C o r p o r a t i o n )
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p p l 3 2 6 0 ; v e r s i o n = 6 . 0 . 1 2 . 4 6 : F i l e n o t f o u n d
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p r j p l u g ; v e r s i o n = 1 . 0 . 3 . 4 6 : F i l e n o t f o u n d
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p r p j p l u g ; v e r s i o n = 6 . 0 . 1 2 . 4 6 : F i l e n o t f o u n d
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n s J S R e a l P l a y e r P l u g i n ; v e r s i o n = :
F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ A d o b e R e a d e r : C : \ P r o g r a m F i l e s \ A d o b e \ R e a d e r 1 0 . 0 \ R e a d e r \ A I R \ n p p d f 3 2 . d l l ( A d o b e S y s t e m s I n c . )
F F - H K C U \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : F i l e n o t f o u n d
F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ { A B D E 8 9 2 B - 1 3 A 8 - 4 d 1 b - 8 8 E 6 - 3 6 5 A 6 E 7 5 5 7 5 8 } : C : \ H i l f s p r o g g s \ b r o w s e r r e c o r d
F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ H B L i t e @ H B L i t e . c o m : C : \ P r o g r a m F i l e s \ H B L i t e \ b i n \ 1 1 . 0 . 3 6 3 . 0 \ f i r e f o x \ e x t e n s i o n s [ 2 0 1 1 / 0 5 / 2 4 1 5 : 5 5 : 0 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]
F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ { 3 3 0 4 4 1 1 8 - 6 5 9 7 - 4 D 2 F - A B E A - 7 9 7 4 B B 1 8 5 3 7 9 } : C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7 [ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 8 : 5 7 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]
F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 1 7 . 0 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s \ F i r e F o x \ c o m p o n e n t s [ 2 0 1 2 / 1 1 / 2 5 1 0 : 0 1 : 3 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]
F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 1 7 . 0 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s \ F i r e F o x \ p l u g i n s [ 2 0 1 2 / 1 1 / 2 5 1 0 : 0 1 : 0 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]
F F - H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ e x t e n s i o n s \ \ { 3 3 0 4 4 1 1 8 - 6 5 9 7 - 4 D 2 F - A B E A - 7 9 7 4 B B 1 8 5 3 7 9 } : C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7 [ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 8 : 5 7 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]
[ 2 0 0 8 / 0 8 / 2 6 0 5 : 4 7 : 5 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M o z i l l a \ E x t e n s i o n s
[ 2 0 1 2 / 1 1 / 1 9 1 3 : 2 6 : 4 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 6 f 4 t i k j 2 . d e f a u l t \ e x t e n s i o n s
F i l e n o t f o u n d ( N o n a m e f o u n d ) - -
O 1 H O S T S F i l e : ( [ 2 0 1 1 / 1 1 / 2 5 1 4 : 1 7 : 5 7 | 0 0 0 , 0 0 0 , 7 6 6 | - - - - | M ] ) - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ e t c \ h o s t s
O 1 - H o s t s : : : 1 l o c a l h o s t
O 1 - H o s t s : 1 2 7 . 0 . 0 . 1 l o c a l h o s t
O 2 - B H O : ( X T T B P o s 0 0 C l a s s ) - { 0 5 5 F D 2 6 D - 3 A 8 8 - 4 e 1 5 - 9 6 3 D - D C 8 4 9 3 7 4 4 B 1 D } - R e g E r r o r : V a l u e e r r o r . F i l e n o t f o u n d
O 2 - B H O : ( R e a l P l a y e r D o w n l o a d a n d R e c o r d P l u g i n f o r I n t e r n e t E x p l o r e r ) - { 3 0 4 9 C 3 E 9 - B 4 6 1 - 4 B C 5 - 8 8 7 0 - 4 C 0 9 1 4 6 1 9 2 C A } - R e g E r r o r : V a l u e e r r o r . F i l e n o t f o u n d
O 2 - B H O : ( J a v a ( t m ) P l u g - I n S S V H e l p e r ) - { 7 6 1 4 9 7 B B - D 6 F 0 - 4 6 2 C - B 6 E B - D 4 D A F 1 D 9 2 D 4 3 } - C : \ P r o g r a m F i l e s \ J a v a \ j r e 7 \ b i n \ s s v . d l l ( O r a c l e C o r p o r a t i o n )
O 2 - B H O : ( I E 5 B a r L a u n c h e r B H O C l a s s ) - { 7 8 F 3 A 3 2 3 - 7 9 8 E - 4 A E A - 9 A 5 7 - 8 8 F 4 B 0 5 F D 5 D D } - C : \ P r o g r a m F i l e s \ v S h a r e . t v p l u g i n \ B a r L c h e r . d l l ( V S h a r e I n c . )
O 2 - B H O : ( J a v a ( t m ) P l u g - I n 2 S S V H e l p e r ) - { D B C 8 0 0 4 4 - A 4 4 5 - 4 3 5 b - B C 7 4 - 9 C 2 5 C 1 C 5 8 8 A 9 } - C : \ P r o g r a m F i l e s \ J a v a \ j r e 7 \ b i n \ j p 2 s s v . d l l ( O r a c l e C o r p o r a t i o n )
O 3 - H K L M \ . . \ T o o l b a r : ( V S h a r e T o o l B a r ) - { 7 A C 3 E 1 3 B - 3 B C A - 4 1 5 8 - B 3 3 0 - F 6 6 D B B 0 3 C 1 B 5 } - C : \ P r o g r a m F i l e s \ v S h a r e . t v p l u g i n \ B a r L c h e r . d l l ( V S h a r e I n c . )
O 3 - H K L M \ . . \ T o o l b a r : ( & T e r r a T e c H o m e C i n e m a ) - { A D 6 E 6 5 5 5 - F B 2 C - 4 7 D 4 - 8 3 3 9 - 3 E 2 9 6 5 5 0 9 8 7 7 } - C : \ H i l f s p r o g g s \ T e r r a T e c T V \ T H C D e s k B a n d . d l l ( T e r r a T e c E l e c t r o n i c G m b H )
O 3 - H K U \ D e l l _ O N _ C \ . . \ T o o l b a r \ W e b B r o w s e r : ( I C Q T o o l b a r ) - { 8 5 5 F 3 B 1 6 - 6 D 3 2 - 4 F E 6 - 8 A 5 6 - B B B 6 9 5 9 8 9 0 4 6 } - R e g E r r o r : V a l u e e r r o r . F i l e n o t f o u n d
O 4 - H K L M . . \ R u n : [ a v g n t ] C : \ H i l f s p r o g g s \ A v i r a A n t i V i r 1 0 \ A v i r a \ A n t i V i r D e s k t o p \ a v g n t . e x e ( A v i r a G m b H )
O 4 - H K L M . . \ R u n : [ w i l e n l ] F i l e n o t f o u n d
O 4 - H K U \ D e l l _ O N _ C . . \ R u n : [ A V M U S B F e r n a n s c h l u s s ] C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ A p p s \ 2 . 0 \ 7 K M E 2 V J N . D E Z \ 5 A O K 0 M 5 T . 0 4 C \ f r i t . . t i o n _ 8 4 8 8 8 8 4 c f b c e f d 6 0 _ 0 0 0 2 . 0 0 0 1 _ 3 8 3 3 8 2 c 5 c 6 0 b 7 2 b d \ A V M A u t o S t a r t . e x e ( A V M B e r l i n )
O 4 - H K U \ L o c a l S e r v i c e _ O N _ C . . \ R u n : [ W i n d o w s W e l c o m e C e n t e r ] C : \ W i n d o w s \ S y s t e m 3 2 \ o o b e f l d r . d l l ( M i c r o s o f t C o r p o r a t i o n )
O 4 - H K U \ N e t w o r k S e r v i c e _ O N _ C . . \ R u n : [ W i n d o w s W e l c o m e C e n t e r ] C : \ W i n d o w s \ S y s t e m 3 2 \ o o b e f l d r . d l l ( M i c r o s o f t C o r p o r a t i o n )
O 4 - H K U \ . D E F A U L T . . \ R u n O n c e : [ I C Q L i t e ] C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e ( I C Q L t d . )
O 4 - S t a r t u p : C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k = X : \ I 3 8 6 \ S Y S T E M 3 2 \ R U N D L L 3 2 . E X E ( M i c r o s o f t C o r p o r a t i o n )
O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m : E n a b l e L U A = 0
O 9 - E x t r a B u t t o n : I C Q L i t e - { B 8 6 3 4 5 3 A - 2 6 C 3 - 4 e 1 f - A 5 4 D - A 2 C D 1 9 6 3 4 8 E 9 } - C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e ( I C Q L t d . )
O 9 - E x t r a ' T o o l s ' m e n u i t e m : I C Q L i t e - { B 8 6 3 4 5 3 A - 2 6 C 3 - 4 e 1 f - A 5 4 D - A 2 C D 1 9 6 3 4 8 E 9 } - C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e ( I C Q L t d . )
O 9 - E x t r a B u t t o n : I C Q 6 - { E 5 9 E B 1 2 1 - F 3 3 9 - 4 8 5 1 - A 3 B A - F E 4 9 C 3 5 6 1 7 C 2 } - F i l e n o t f o u n d
O 9 - E x t r a ' T o o l s ' m e n u i t e m : I C Q 6 - { E 5 9 E B 1 2 1 - F 3 3 9 - 4 8 5 1 - A 3 B A - F E 4 9 C 3 5 6 1 7 C 2 } - F i l e n o t f o u n d
O 1 3 - g o p h e r P r e f i x : m i s s i n g
O 1 6 - D P F : { 5 D 6 F 4 5 B 3 - 9 0 4 3 - 4 4 3 D - A 7 9 2 - 1 1 5 4 4 7 4 9 4 D 2 4 } h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / D E - D E / a - U N O 1 / G A M E _ U N O 1 . c a b ( U n o C t r l C l a s s )
O 1 6 - D P F : { 8 A D 9 C 8 4 0 - 0 4 4 E - 1 1 D 1 - B 3 E 9 - 0 0 8 0 5 F 4 9 9 D 9 3 } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b ( J a v a P l u g - i n 1 0 . 9 . 2 )
O 1 6 - D P F : { B 8 B E 5 E 9 3 - A 6 0 C - 4 D 2 6 - A 2 D C - 2 2 0 3 1 3 1 7 5 5 9 2 } h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / Z I n t r o . c a b 5 6 6 4 9 . c a b ( M S N G a m e s - I n s t a l l e r )
O 1 6 - D P F : { B D 3 9 3 C 1 4 - 7 2 A D - 4 7 9 0 - A 0 9 5 - 7 6 5 2 2 9 7 3 D 6 B 8 } h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / B a n k s h o t . c a b 5 7 2 1 3 . c a b ( C B r e a k s h o t C o n t r o l C l a s s )
O 1 6 - D P F : { C 3 F 7 9 A 2 B - B 9 B 4 - 4 A 6 6 - B 0 1 2 - 3 E E 4 6 4 7 5 B 0 7 2 } h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / M e s s e n g e r S t a t s P A C l i e n t . c a b 5 6 9 0 7 . c a b ( M e s s e n g e r S t a t s C l i e n t C l a s s )
O 1 6 - D P F : { C A F E E F A C - 0 0 1 7 - 0 0 0 0 - 0 0 0 5 - A B C D E F F E D C B A } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b ( R e g E r r o r : K e y e r r o r . )
O 1 6 - D P F : { C A F E E F A C - F F F F - F F F F - F F F F - A B C D E F F E D C B A } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b ( J a v a P l u g - i n 1 0 . 9 . 2 )
O 1 6 - D P F : { E 2 8 8 3 E 8 F - 4 7 2 F - 4 F B 0 - 9 5 2 2 - A C 9 B F 3 7 9 1 6 A 7 } h t t p : / / p l a t f o r m d l . a d o b e . c o m / N O S / g e t P l u s P l u s / 1 . 6 / g p . c a b ( R e g E r r o r : K e y e r r o r . )
O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 1 7 8 . 1
O 2 0 - H K L M W i n l o g o n : S h e l l - ( e x p l o r e r . e x e ) - C : \ W i n d o w s \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n )
O 2 0 - H K L M W i n l o g o n : U s e r I n i t - ( C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e ) - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e ( )
O 3 2 - H K L M C D R o m : A u t o R u n - 1
O 3 2 - A u t o R u n F i l e - [ 2 0 0 6 / 0 9 / 1 8 1 6 : 4 3 : 3 6 | 0 0 0 , 0 0 0 , 0 2 4 | - - - - | M ] ( ) - C : \ a u t o e x e c . b a t - - [ N T F S ]
O 3 2 - A u t o R u n F i l e - [ 2 0 0 6 / 0 3 / 2 4 0 6 : 0 6 : 4 1 | 0 0 0 , 0 0 0 , 0 5 3 | R - - - | M ] ( ) - X : \ A U T O R U N . I N F - - [ C D F S ]
O 3 3 - M o u n t P o i n t s 2 \ { 1 a 0 7 6 5 4 4 - 5 d a 0 - 1 1 d e - 8 8 4 5 - d 2 4 c 8 4 1 c 8 f e 2 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { 1 a 0 7 6 5 4 4 - 5 d a 0 - 1 1 d e - 8 8 4 5 - d 2 4 c 8 4 1 c 8 f e 2 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = F : \ a u t o r u n . e x e
O 3 3 - M o u n t P o i n t s 2 \ { 5 5 8 8 0 4 a 6 - 8 e 3 9 - 1 1 d d - 8 c 9 4 - c c f 6 b 0 c f 2 5 6 d } \ S h e l l \ 1 \ C o m m a n d - " " = H : \ . \ r e c y c l e d \ i n f o . e x e
O 3 3 - M o u n t P o i n t s 2 \ { 5 5 8 8 0 4 a 6 - 8 e 3 9 - 1 1 d d - 8 c 9 4 - c c f 6 b 0 c f 2 5 6 d } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = C : \ W i n d o w s \ s y s t e m 3 2 \ R u n D L L 3 2 . E X E S h e l l 3 2 . D L L , S h e l l E x e c _ R u n D L L H : \ . \ r e c y c l e d \ i n f o . e x e
O 3 3 - M o u n t P o i n t s 2 \ { 6 0 1 e 4 e 0 2 - b 4 0 2 - 1 1 d c - 8 9 6 6 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { 6 0 1 e 4 e 0 2 - b 4 0 2 - 1 1 d c - 8 9 6 6 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = E : \ A u t o r u n . e x e
O 3 3 - M o u n t P o i n t s 2 \ { 6 3 9 1 4 4 6 6 - 1 c f f - 1 1 d e - 8 4 2 d - b a d 6 e b 6 c 8 8 3 3 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { 6 3 9 1 4 4 6 6 - 1 c f f - 1 1 d e - 8 4 2 d - b a d 6 e b 6 c 8 8 3 3 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { 6 9 8 1 2 b 1 c - e 6 0 b - 1 1 d d - b 9 5 b - f 0 1 5 2 a f a 1 a 9 a } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { 6 9 8 1 2 b 1 c - e 6 0 b - 1 1 d d - b 9 5 b - f 0 1 5 2 a f a 1 a 9 a } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { a f 2 4 5 9 c a - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { a f 2 4 5 9 c a - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { a f 2 4 5 9 c b - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { a f 2 4 5 9 c b - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { b 4 8 9 8 c 0 4 - 1 c c 1 - 1 1 e 1 - a 0 9 a - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { b 4 8 9 8 c 0 4 - 1 c c 1 - 1 1 e 1 - a 0 9 a - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ a u t o r u n . e x e
O 3 3 - M o u n t P o i n t s 2 \ { b f a 1 3 2 e 4 - 9 0 8 e - 1 1 d c - b d 6 f - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = E : \ I n s t a l l T o m T o m H O M E . e x e
O 3 3 - M o u n t P o i n t s 2 \ { b f f 1 b 0 e 4 - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { b f f 1 b 0 e 4 - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = F : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { b f f 1 b 0 e a - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { b f f 1 b 0 e a - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { d 9 9 f 8 a 2 b - 5 5 a 9 - 1 1 d d - a 9 d e - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { d 9 9 f 8 a 2 b - 5 5 a 9 - 1 1 d d - a 9 d e - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = E : \ A u t o S t a r t e r . e x e
O 3 3 - M o u n t P o i n t s 2 \ { e e 3 f e d 1 c - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { e e 3 f e d 1 c - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = F : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { e e 3 f e d 1 e - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { e e 3 f e d 1 e - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 0 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 0 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 4 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 4 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 5 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 5 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 6 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 6 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l \ A u t o R u n \ c o m m a n d - " " = G : \ S t a r t V M C L i t e . e x e
O 3 3 - M o u n t P o i n t s 2 \ F \ S h e l l - " " = A u t o R u n
O 3 3 - M o u n t P o i n t s 2 \ F \ S h e l l \ A u t o R u n \ c o m m a n d - " " = F : \ S t a r t V M C L i t e . e x e
O 3 4 - H K L M B o o t E x e c u t e : ( a u t o c h e c k a u t o c h k * ) - F i l e n o t f o u n d
O 3 5 - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % *
O 3 5 - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % *
O 3 7 - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % *
O 3 7 - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % *
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s / F o l d e r s - C r e a t e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ]
[ 2 0 1 2 / 1 2 / 2 2 1 4 : 2 6 : 5 7 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | C ] - - C : \ R E C Y C L E R
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 1 0 : 5 8 | 0 0 0 , 0 5 5 , 2 4 8 | - - - - | C ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ l o a u p d t . j p g
[ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 8 : 5 7 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7
[ 2 0 1 2 / 1 2 / 1 9 1 1 : 0 4 : 4 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ k o c k
[ 2 0 1 2 / 1 2 / 1 9 1 0 : 4 4 : 2 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ x m l d m
[ 2 0 1 2 / 1 2 / 1 9 0 9 : 4 4 : 4 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ D e s k t o p \ I n g - G e o
[ 2 0 1 2 / 1 2 / 1 7 1 7 : 1 7 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s \ C C l e a n e r
[ 2 0 1 2 / 1 2 / 1 1 2 0 : 0 2 : 0 8 | 0 0 0 , 6 9 7 , 2 7 2 | - - - - | C ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r A p p . e x e
[ 2 0 1 2 / 1 2 / 1 1 2 0 : 0 2 : 0 8 | 0 0 0 , 0 7 3 , 6 5 6 | - - - - | C ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r C P L A p p . c p l
[ 2 0 1 2 / 1 2 / 1 0 0 9 : 0 5 : 1 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ k o c k
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 7 : 3 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ D o c u m e n t s \ M e i n G a r m i n
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 7 : 3 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ G A R M I N
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 7 : 0 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ G a r m i n
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 2 : 3 5 | 0 0 0 , 0 1 8 , 4 3 2 | - - - - | C ] ( G A R M I N C o r p . ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ g r m n g e n . s y s
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 2 : 3 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ G a r m i n
[ 2 0 1 2 / 1 2 / 0 8 1 1 : 4 2 : 0 7 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ U A s
[ 2 0 1 2 / 1 2 / 0 3 1 2 : 1 7 : 5 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ T e a m V i e w e r
[ 2 0 1 2 / 1 2 / 0 1 1 1 : 3 8 : 2 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s \ T e a m V i e w e r
[ 2 0 1 2 / 1 2 / 0 1 1 1 : 3 6 : 0 0 | 0 0 5 , 8 3 5 , 5 1 2 | - - - - | C ] ( T e a m V i e w e r G m b H ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ T e a m V i e w e r _ S e t u p _ d e . e x e
[ 2 0 1 2 / 1 1 / 2 5 1 0 : 0 0 : 4 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s \ F i r e F o x
[ 1 C : \ W i n d o w s \ * . t m p f i l e s - > C : \ W i n d o w s \ * . t m p - > ]
[ 1 C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p f i l e s - > C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p - > ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s - M o d i f i e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ]
[ 2 0 1 2 / 1 2 / 2 1 1 4 : 2 6 : 2 9 | 0 0 0 , 0 6 7 , 5 8 4 | - - S - | M ] ( ) - - C : \ W i n d o w s \ b o o t s t a t . d a t
[ 2 0 1 2 / 1 2 / 2 1 1 4 : 2 6 : 0 0 | 0 9 5 , 0 2 3 , 3 2 0 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . p a d
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 4 2 : 0 6 | 0 0 0 , 0 0 3 , 6 4 8 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 2 P - 1 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 4 2 : 0 6 | 0 0 0 , 0 0 3 , 6 4 8 | - H - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 2 P - 0 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 4 2 : 0 2 | 0 0 0 , 0 0 0 , 0 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ b t h s e r v s d p . d a t
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 3 2 : 5 3 | 0 0 0 , 0 0 2 , 5 6 5 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ V P N C l i e n t . l n k
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 1 1 : 4 2 | 0 0 0 , 0 5 5 , 2 4 8 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ l o a u p d t . j p g
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 1 1 : 1 8 | 0 0 0 , 0 0 0 , 0 1 6 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ b l c k d o m . r e s
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 4 6 | 0 0 0 , 0 0 2 , 8 6 5 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . j s
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 4 6 | 0 0 0 , 0 0 0 , 8 9 2 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k
[ 2 0 1 2 / 1 2 / 2 1 0 7 : 3 3 : 5 9 | 0 0 0 , 6 8 5 , 7 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 7 . d a t
[ 2 0 1 2 / 1 2 / 2 1 0 7 : 3 3 : 5 9 | 0 0 0 , 6 4 2 , 7 0 4 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 9 . d a t
[ 2 0 1 2 / 1 2 / 2 1 0 7 : 3 3 : 5 9 | 0 0 0 , 1 4 9 , 9 0 6 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 7 . d a t
[ 2 0 1 2 / 1 2 / 2 1 0 7 : 3 3 : 5 9 | 0 0 0 , 1 2 1 , 7 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 9 . d a t
[ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 9 : 0 5 | 0 0 0 , 2 1 9 , 2 3 2 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ A c r o I E H e l p e 2 4 8 . d l l
[ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 9 : 0 5 | 0 0 0 , 0 0 7 , 1 0 4 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 8 . d l l
[ 2 0 1 2 / 1 2 / 1 9 0 9 : 4 3 : 4 6 | 0 0 0 , 2 1 0 , 5 1 6 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ n v M o d e s . 0 0 1
[ 2 0 1 2 / 1 2 / 1 7 1 4 : 4 5 : 2 7 | 0 0 0 , 0 0 7 , 1 0 4 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 6 . d l l
[ 2 0 1 2 / 1 2 / 1 6 0 6 : 5 3 : 4 3 | 0 0 0 , 0 0 0 , 1 4 0 | - - - - | M ] ( ) - - C : \ W i n d o w s \ L O D E R U N N . I N I
[ 2 0 1 2 / 1 2 / 1 2 1 7 : 2 6 : 2 9 | 0 0 0 , 0 3 4 , 5 6 8 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 1 2 - 1 2 - 2 0 1 2 . g d b
[ 2 0 1 2 / 1 2 / 1 1 2 0 : 0 2 : 0 8 | 0 0 0 , 6 9 7 , 2 7 2 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r A p p . e x e
[ 2 0 1 2 / 1 2 / 1 1 2 0 : 0 2 : 0 8 | 0 0 0 , 0 7 3 , 6 5 6 | - - - - | M ] ( A d o b e S y s t e m s I n c o r p o r a t e d ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r C P L A p p . c p l
[ 2 0 1 2 / 1 2 / 1 1 1 3 : 2 7 : 3 1 | 0 0 1 , 0 1 3 , 3 8 0 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ M u f _ f � r _ J u l e s . p d f
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 5 3 : 4 4 | 0 0 0 , 0 0 6 , 9 4 4 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 0 8 - 1 2 - 2 0 1 2 . g d b
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 1 7 : 0 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ G a r m i n
[ 2 0 1 2 / 1 2 / 0 4 1 4 : 5 2 : 1 1 | 0 0 0 , 3 6 4 , 5 1 2 | - - - - | M ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F N T C A C H E . D A T
[ 2 0 1 2 / 1 2 / 0 3 1 4 : 3 1 : 2 6 | 0 0 0 , 1 7 3 , 5 6 8 | - - - - | M ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ D C B C 2 A 7 1 - 7 0 D 8 - 4 D A N - E H R 8 - E 0 D 6 1 D E A 3 F D F . i n i
[ 2 0 1 2 / 1 2 / 0 3 1 2 : 1 7 : 3 3 | 0 0 5 , 8 3 5 , 5 1 2 | - - - - | M ] ( T e a m V i e w e r G m b H ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ T e a m V i e w e r _ S e t u p _ d e . e x e
[ 2 0 1 2 / 1 2 / 0 3 1 2 : 1 6 : 5 4 | 0 0 0 , 0 0 0 , 9 7 7 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ T e a m V i e w e r 8 . l n k
[ 2 0 1 2 / 1 2 / 0 2 0 9 : 1 0 : 4 5 | 0 0 0 , 2 1 0 , 5 1 6 | - - - - | M ] ( ) - - C : \ P r o g r a m D a t a \ n v M o d e s . d a t
[ 1 C : \ W i n d o w s \ * . t m p f i l e s - > C : \ W i n d o w s \ * . t m p - > ]
[ 1 C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p f i l e s - > C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p - > ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s C r e a t e d - N o C o m p a n y N a m e = = = = = = = = = = [ / c o l o r ]
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 4 6 | 0 0 0 , 0 0 2 , 8 6 5 | - - - - | C ] ( ) - - C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . j s
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 4 6 | 0 0 0 , 0 0 0 , 8 9 2 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 0 4 : 2 7 | 0 9 5 , 0 2 3 , 3 2 0 | - - - - | C ] ( ) - - C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . p a d
[ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 9 : 0 5 | 0 0 0 , 2 1 9 , 2 3 2 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ A c r o I E H e l p e 2 4 8 . d l l
[ 2 0 1 2 / 1 2 / 2 1 0 4 : 5 9 : 0 5 | 0 0 0 , 0 0 7 , 1 0 4 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 8 . d l l
[ 2 0 1 2 / 1 2 / 1 7 1 4 : 4 5 : 2 7 | 0 0 0 , 0 0 7 , 1 0 4 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 6 . d l l
[ 2 0 1 2 / 1 2 / 1 2 1 7 : 2 6 : 2 9 | 0 0 0 , 0 3 4 , 5 6 8 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 1 2 - 1 2 - 2 0 1 2 . g d b
[ 2 0 1 2 / 1 2 / 1 1 1 3 : 2 7 : 3 0 | 0 0 1 , 0 1 3 , 3 8 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ M u f _ f � r _ J u l e s . p d f
[ 2 0 1 2 / 1 2 / 0 9 0 5 : 5 3 : 4 4 | 0 0 0 , 0 0 6 , 9 4 4 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 0 8 - 1 2 - 2 0 1 2 . g d b
[ 2 0 1 2 / 1 2 / 0 3 1 2 : 1 6 : 5 4 | 0 0 0 , 0 0 0 , 9 7 7 | - - - - | C ] ( ) - - C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t M e n u \ P r o g r a m s \ T e a m V i e w e r 8 . l n k
[ 2 0 1 2 / 1 1 / 2 0 0 7 : 4 8 : 4 1 | 0 0 0 , 0 0 7 , 1 0 4 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 3 5 . d l l
[ 2 0 1 2 / 1 1 / 1 2 0 9 : 3 6 : 3 8 | 0 0 0 , 0 0 7 , 7 2 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 2 8 . d l l
[ 2 0 1 2 / 1 1 / 1 0 1 0 : 2 1 : 4 0 | 0 0 0 , 0 0 0 , 0 1 6 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ b l c k d o m . r e s
[ 2 0 1 2 / 0 9 / 0 5 1 6 : 3 6 : 3 8 | 0 0 0 , 0 0 0 , 1 4 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ L O D E R U N N . I N I
[ 2 0 1 1 / 1 1 / 1 6 1 4 : 0 0 : 1 3 | 0 0 0 , 0 0 0 , 0 4 3 | - - - - | C ] ( ) - - C : \ W i n d o w s \ g s w i n 3 2 . i n i
[ 2 0 1 1 / 0 5 / 1 1 0 3 : 2 0 : 4 4 | 0 0 0 , 0 0 2 , 8 2 8 | - H S - | C ] ( ) - - C : \ P r o g r a m D a t a \ K G y G a A v L . s y s
[ 2 0 1 1 / 0 5 / 1 1 0 3 : 2 0 : 4 4 | 0 0 0 , 0 0 0 , 0 8 8 | R H S - | C ] ( ) - - C : \ P r o g r a m D a t a \ 2 6 4 8 5 E D 7 F A . s y s
[ 2 0 1 0 / 0 7 / 1 6 0 8 : 4 8 : 3 9 | 0 0 0 , 0 0 1 , 4 4 7 | - - - - | C ] ( ) - - C : \ W i n d o w s \ w i n i n i t . i n i
[ 2 0 1 0 / 0 7 / 1 6 0 8 : 3 0 : 0 8 | 0 0 0 , 0 6 9 , 6 3 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ R A U N I N S T . E X E
[ 2 0 1 0 / 0 1 / 0 2 0 7 : 0 7 : 3 3 | 0 0 0 , 0 0 0 , 3 1 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ O D B C . I N I
[ 2 0 0 9 / 0 8 / 2 3 1 3 : 3 6 : 3 9 | 0 0 0 , 0 2 2 , 3 2 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ P n k B s t r K . s y s
[ 2 0 0 9 / 0 8 / 2 3 1 3 : 3 6 : 3 1 | 0 0 0 , 1 0 3 , 7 3 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ P n k B s t r B . e x e
[ 2 0 0 9 / 0 8 / 2 3 1 3 : 3 6 : 2 0 | 0 0 0 , 0 6 6 , 8 7 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ P n k B s t r A . e x e
[ 2 0 0 9 / 0 7 / 0 5 1 4 : 0 0 : 2 9 | 0 0 0 , 2 8 1 , 7 6 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a t k s g t . s y s
[ 2 0 0 9 / 0 7 / 0 5 1 4 : 0 0 : 1 1 | 0 0 0 , 0 2 5 , 8 8 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ l i r s g t . s y s
[ 2 0 0 9 / 0 5 / 2 7 1 4 : 2 7 : 0 6 | 0 0 0 , 1 1 7 , 2 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ E h S t o r A u t h n . d l l
[ 2 0 0 9 / 0 5 / 2 7 1 4 : 2 7 : 0 6 | 0 0 0 , 1 0 7 , 6 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ S t r u c t u r e d Q u e r y S c h e m a . b i n
[ 2 0 0 9 / 0 5 / 2 7 1 4 : 2 6 : 2 4 | 0 0 0 , 0 6 2 , 9 7 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ P r i n t B r m U i . e x e
[ 2 0 0 9 / 0 4 / 2 1 0 5 : 2 9 : 2 5 | 0 0 0 , 2 1 0 , 5 1 6 | - - - - | C ] ( ) - - C : \ P r o g r a m D a t a \ n v M o d e s . d a t
[ 2 0 0 9 / 0 4 / 2 1 0 5 : 2 9 : 2 5 | 0 0 0 , 2 1 0 , 5 1 6 | - - - - | C ] ( ) - - C : \ P r o g r a m D a t a \ n v M o d e s . 0 0 1
[ 2 0 0 9 / 0 3 / 0 5 1 2 : 3 8 : 4 7 | 0 0 0 , 1 6 8 , 4 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ u n r a r . d l l
[ 2 0 0 9 / 0 3 / 0 5 1 2 : 3 8 : 3 9 | 0 0 0 , 0 6 7 , 5 8 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ f f _ v f w . d l l
[ 2 0 0 8 / 1 2 / 0 9 1 0 : 2 3 : 1 3 | 0 0 0 , 0 5 3 , 7 1 2 | R H S - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e
[ 2 0 0 8 / 1 1 / 2 1 1 6 : 4 7 : 5 2 | 0 0 3 , 5 9 6 , 2 8 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ q t - d x 3 3 1 . d l l
[ 2 0 0 8 / 1 1 / 0 5 1 3 : 4 2 : 4 5 | 0 0 0 , 0 6 2 , 4 0 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ I F C . d l l
[ 2 0 0 8 / 1 1 / 0 5 1 3 : 4 1 : 5 6 | 0 0 0 , 4 2 2 , 8 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ P P L . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 3 0 | 0 0 0 , 1 9 7 , 9 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p h y s x c u d a r t _ 2 0 . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 2 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l T r a d i t i o n a l C h i n e s e . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S w e d i s h . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S p a n i s h . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S i m p l i f i e d C h i n e s e . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l P o r t u g e s e . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l K o r e a n . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l J a p a n e s e . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l G e r m a n . d l l
[ 2 0 0 8 / 1 0 / 0 7 0 2 : 1 3 : 2 0 | 0 0 0 , 0 5 8 , 6 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l F r e n c h . d l l
[ 2 0 0 8 / 0 8 / 0 1 2 0 : 0 0 : 5 1 | 0 0 0 , 0 1 8 , 9 0 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ S t r u c t u r e d Q u e r y S c h e m a T r i v i a l . b i n
[ 2 0 0 8 / 0 7 / 1 9 1 1 : 3 5 : 3 5 | 0 0 0 , 0 0 0 , 0 4 1 | - H S - | C ] ( ) - - C : \ P r o g r a m D a t a \ . z r e g l i b
[ 2 0 0 8 / 0 7 / 1 9 1 0 : 3 4 : 4 1 | 0 0 0 , 0 4 3 , 5 2 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ C m d L i n e E x t 0 3 . d l l
[ 2 0 0 8 / 0 7 / 1 1 1 5 : 2 4 : 0 3 | 0 0 0 , 0 0 1 , 1 8 5 | - - - - | C ] ( ) - - C : \ W i n d o w s \ m o z v e r . d a t
[ 2 0 0 8 / 0 6 / 1 8 0 9 : 5 9 : 0 6 | 0 0 0 , 0 8 1 , 1 5 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ m a n a g e - b d e . i n i . e n
[ 2 0 0 8 / 0 4 / 2 7 0 5 : 0 1 : 1 1 | 0 0 0 , 0 0 0 , 5 1 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ W O R D P A D . I N I
[ 2 0 0 8 / 0 3 / 2 5 1 1 : 3 5 : 0 5 | 0 0 0 , 0 0 0 , 0 2 5 | - - - - | C ] ( ) - - C : \ W i n d o w s \ c d p l a y e r . i n i
[ 2 0 0 8 / 0 3 / 2 3 0 4 : 3 4 : 3 5 | 0 0 0 , 0 0 0 , 4 6 6 | R H S - | C ] ( ) - - C : \ P r o g r a m D a t a \ n t u s e r . p o l
[ 2 0 0 8 / 0 1 / 1 4 1 1 : 4 1 : 1 6 | 0 0 0 , 0 3 4 , 3 8 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ s c u n i n . d a t
[ 2 0 0 7 / 1 2 / 2 8 1 9 : 5 0 : 4 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ n s r e g . d a t
[ 2 0 0 7 / 1 2 / 2 6 2 0 : 0 5 : 3 2 | 0 0 0 , 0 0 0 , 0 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ b t h s e r v s d p . d a t
[ 2 0 0 7 / 1 2 / 2 6 1 9 : 3 0 : 5 3 | 0 0 0 , 0 0 1 , 6 5 1 | - - - - | C ] ( ) - - C : \ W i n d o w s \ e R e g . d a t
[ 2 0 0 7 / 1 2 / 2 6 1 8 : 0 6 : 1 8 | 0 0 0 , 0 0 0 , 3 1 9 | - - - - | C ] ( ) - - C : \ W i n d o w s \ g a m e . i n i
[ 2 0 0 7 / 1 2 / 2 4 1 6 : 5 0 : 3 6 | 0 0 0 , 1 7 3 , 5 6 8 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ D C B C 2 A 7 1 - 7 0 D 8 - 4 D A N - E H R 8 - E 0 D 6 1 D E A 3 F D F . i n i
[ 2 0 0 7 / 1 1 / 1 1 1 5 : 4 2 : 3 2 | 0 0 0 , 1 0 6 , 7 8 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ n v M o d e s . d a t
[ 2 0 0 7 / 1 1 / 1 1 1 5 : 4 2 : 3 2 | 0 0 0 , 1 0 6 , 7 8 0 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ n v M o d e s . 0 0 1
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 5 9 : 0 3 | 0 0 0 , 0 1 6 , 4 8 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ r i x d i c o n . d l l
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 9 : 4 6 | 0 0 0 , 0 0 1 , 3 5 6 | - - - - | C ] ( ) - - C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ d 3 d 9 c a p s . d a t
[ 2 0 0 7 / 1 0 / 2 6 0 7 : 2 8 : 1 8 | 0 0 0 , 1 9 7 , 4 0 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ v p n a p i . d l l
[ 2 0 0 6 / 1 1 / 0 2 1 0 : 4 8 : 5 2 | 0 0 0 , 6 8 5 , 7 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 7 . d a t
[ 2 0 0 6 / 1 1 / 0 2 1 0 : 4 8 : 5 2 | 0 0 0 , 2 9 0 , 7 4 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f i 0 0 7 . d a t
[ 2 0 0 6 / 1 1 / 0 2 1 0 : 4 8 : 5 2 | 0 0 0 , 1 4 9 , 9 0 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 7 . d a t
[ 2 0 0 6 / 1 1 / 0 2 1 0 : 4 8 : 5 2 | 0 0 0 , 0 3 6 , 9 1 6 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f d 0 0 7 . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 7 : 5 5 : 5 2 | 0 0 0 , 0 6 7 , 5 8 4 | - - S - | C ] ( ) - - C : \ W i n d o w s \ b o o t s t a t . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 7 : 4 6 : 2 7 | 0 0 0 , 3 6 4 , 5 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ F N T C A C H E . D A T
[ 2 0 0 6 / 1 1 / 0 2 0 7 : 3 4 : 2 0 | 0 0 0 , 0 0 5 , 6 3 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ s y s p r e p M C E . d l l
[ 2 0 0 6 / 1 1 / 0 2 0 5 : 3 3 : 0 1 | 0 0 0 , 6 4 2 , 7 0 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 9 . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 5 : 3 3 : 0 1 | 0 0 0 , 2 8 7 , 4 4 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f i 0 0 9 . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 5 : 3 3 : 0 1 | 0 0 0 , 1 2 1 , 7 1 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 9 . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 5 : 3 3 : 0 1 | 0 0 0 , 0 3 0 , 6 7 4 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f d 0 0 9 . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 5 : 2 3 : 2 1 | 0 0 0 , 2 1 5 , 9 4 3 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ d s s e c . d a t
[ 2 0 0 6 / 1 1 / 0 2 0 3 : 5 8 : 3 0 | 0 0 0 , 0 4 3 , 1 3 1 | - - - - | C ] ( ) - - C : \ W i n d o w s \ m i b . b i n
[ 2 0 0 6 / 1 1 / 0 2 0 3 : 2 7 : 4 6 | 0 0 0 , 0 0 0 , 5 1 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ S P 2 0 7 . I N I
[ 2 0 0 6 / 1 1 / 0 2 0 3 : 1 9 : 0 0 | 0 0 0 , 0 0 0 , 7 4 1 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ N O I S E . D A T
[ 2 0 0 6 / 1 1 / 0 2 0 2 : 4 0 : 2 9 | 0 0 0 , 0 1 3 , 7 5 0 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ p a c e r p r f . i n i
[ 2 0 0 6 / 1 1 / 0 2 0 2 : 2 5 : 3 1 | 0 0 0 , 6 7 3 , 0 8 8 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ m l a n g . d a t
[ 1 9 9 7 / 0 6 / 1 4 0 5 : 5 6 : 0 8 | 0 0 0 , 0 5 6 , 8 3 2 | - - - - | C ] ( ) - - C : \ W i n d o w s \ S y s t e m 3 2 \ i y v u 9 _ 3 2 . d l l
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = L O P C h e c k = = = = = = = = = = [ / c o l o r ]
[ 2 0 1 1 / 0 5 / 2 4 1 5 : 5 5 : 0 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ 2 A C A 5 C C 3 - 0 F 8 3 - 4 5 3 D - A 0 7 9 - 1 0 7 6 F E 1 A 8 B 6 5
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 8 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ A n w e n d u n g s d a t e n
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ A p p l i c a t i o n D a t a
[ 2 0 0 9 / 1 1 / 0 3 1 1 : 2 9 : 3 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ A u t o d e s k
[ 2 0 1 1 / 1 0 / 2 6 1 4 : 1 0 : 3 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ C a n o n I J N e t w o r k T o o l
[ 2 0 1 1 / 0 5 / 1 3 0 0 : 3 7 : 2 9 | 0 0 0 , 0 0 0 , 0 0 0 | - H - D | M ] - - C : \ P r o g r a m D a t a \ C a n o n B J
[ 2 0 1 1 / 1 0 / 2 6 1 4 : 0 8 : 5 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ C a n o n I J M S e t u p
[ 2 0 0 9 / 0 6 / 2 0 0 8 : 4 5 : 5 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ D A E M O N T o o l s L i t e
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ D e s k t o p
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ D o c u m e n t s
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 8 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ D o k u m e n t e
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 8 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ F a v o r i t e n
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ F a v o r i t e s
[ 2 0 1 1 / 0 5 / 2 4 1 5 : 5 6 : 5 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ H B L i t e S A
[ 2 0 1 0 / 0 1 / 3 1 1 6 : 5 7 : 0 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ I n s t a l l a t i o n s
[ 2 0 1 2 / 1 0 / 0 9 0 4 : 2 5 : 5 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ I n t e n i u m
[ 2 0 1 0 / 0 1 / 3 1 1 6 : 4 9 : 3 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ N o k i a
[ 2 0 0 9 / 1 0 / 2 1 1 2 : 4 6 : 0 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ P C S u i t e
[ 2 0 0 8 / 0 3 / 1 2 1 4 : 4 2 : 3 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ p i x e l S t o r m
[ 2 0 1 1 / 0 4 / 0 7 0 7 : 1 5 : 4 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ P o p C a p G a m e s
[ 2 0 1 0 / 0 1 / 0 4 0 9 : 2 4 : 1 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ P r e E m p t i v e S o l u t i o n s
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ S t a r t M e n u
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 8 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ S t a r t m e n �
[ 2 0 1 2 / 0 9 / 1 9 0 6 : 5 7 : 0 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ T E M P
[ 2 0 0 6 / 1 1 / 0 2 0 8 : 0 0 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ T e m p l a t e s
[ 2 0 0 8 / 1 1 / 1 8 1 5 : 1 4 : 3 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ T e r r a T e c
[ 2 0 0 7 / 1 1 / 1 1 1 4 : 4 8 : 0 5 | 0 0 0 , 0 0 0 , 0 0 0 | - H S D | M ] - - C : \ P r o g r a m D a t a \ V o r l a g e n
[ 2 0 0 8 / 1 2 / 0 1 0 6 : 5 6 : 1 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ W i n d o w s S e a r c h
[ 2 0 1 1 / 1 1 / 2 5 1 4 : 3 7 : 0 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ P r o g r a m D a t a \ { 8 3 C 3 B 2 F D - 3 7 E A - 4 C 0 6 - A 2 2 8 - E 9 B 5 E 3 2 F F 0 B 1 }
[ 2 0 1 2 / 1 2 / 2 1 1 1 : 4 2 : 0 3 | 0 0 0 , 0 3 2 , 6 0 8 | - - - - | M ] ( ) - - C : \ W i n d o w s \ T a s k s \ S C H E D L G U . T X T
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = P u r i t y C h e c k = = = = = = = = = = [ / c o l o r ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = A l t e r n a t e D a t a S t r e a m s = = = = = = = = = = [ / c o l o r ]
@ A l t e r n a t e D a t a S t r e a m - 2 4 b y t e s - > C : \ W i n d o w s : C 6 D 3 D E 2 E 1 5 9 5 B 9 6 E
@ A l t e r n a t e D a t a S t r e a m - 1 1 2 b y t e s - > C : \ P r o g r a m D a t a \ T E M P : B 6 0 6 B A 3 4
< E n d o f r e p o r t >
Code:
ATTFilter ��O T L E x t r a s l o g f i l e c r e a t e d o n : 1 2 / 2 2 / 2 0 1 2 2 : 2 7 : 1 0 P M - R u n
O T L P E b y O l d T i m e r - V e r s i o n 3 . 1 . 4 8 . 0 F o l d e r = X : \ P r o g r a m s \ O T L P E
W i n d o w s V i s t a ( T M ) U l t i m a t e S e r v i c e P a c k 2 ( V e r s i o n = 6 . 0 . 6 0 0 2 ) - T y p e = S y s t e m
I n t e r n e t E x p l o r e r ( V e r s i o n = 9 . 0 . 8 1 1 2 . 1 6 4 2 1 )
L o c a l e : 0 0 0 0 0 4 0 7 | C o u n t r y : D e u t s c h l a n d | L a n g u a g e : D E U | D a t e F o r m a t : d d . M M . y y y y
2 . 0 0 G b T o t a l P h y s i c a l M e m o r y | 2 . 0 0 G b A v a i l a b l e P h y s i c a l M e m o r y | 8 2 . 0 0 % M e m o r y f r e e
2 . 0 0 G b P a g i n g F i l e | 2 . 0 0 G b A v a i l a b l e i n P a g i n g F i l e | 9 5 . 0 0 % P a g i n g F i l e f r e e
P a g i n g f i l e l o c a t i o n ( s ) : ? : \ p a g e f i l e . s y s [ b i n a r y d a t a ]
% S y s t e m D r i v e % = C : | % S y s t e m R o o t % = C : \ W i n d o w s | % P r o g r a m F i l e s % = C : \ P r o g r a m F i l e s
D r i v e C : | 1 8 4 . 2 2 G b T o t a l S p a c e | 3 6 . 4 7 G b F r e e S p a c e | 1 9 . 8 0 % S p a c e F r e e | P a r t i t i o n T y p e : N T F S
D r i v e X : | 4 3 6 . 5 9 M b T o t a l S p a c e | 0 . 0 0 M b F r e e S p a c e | 0 . 0 0 % S p a c e F r e e | P a r t i t i o n T y p e : C D F S
C o m p u t e r N a m e : R E A T O G O | U s e r N a m e : S Y S T E M
B o o t M o d e : N o r m a l | S c a n M o d e : A l l u s e r s
C o m p a n y N a m e W h i t e l i s t : O f f | S k i p M i c r o s o f t F i l e s : O f f | N o C o m p a n y N a m e W h i t e l i s t : O n | F i l e A g e = 3 0 D a y s
U s i n g C o n t r o l S e t : C o n t r o l S e t 0 0 1
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = E x t r a R e g i s t r y ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e A s s o c i a t i o n s = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ < e x t e n s i o n > ]
. c p l [ @ = c p l f i l e ] - - C : \ W i n d o w s \ S y s t e m 3 2 \ c o n t r o l . e x e ( M i c r o s o f t C o r p o r a t i o n )
. h l p [ @ = h l p f i l e ] - - C : \ W i n d o w s \ w i n h l p 3 2 . e x e ( M i c r o s o f t C o r p o r a t i o n )
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S h e l l S p a w n i n g = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ < k e y > \ s h e l l \ [ c o m m a n d ] \ c o m m a n d ]
b a t f i l e [ o p e n ] - - " % 1 " % *
c m d f i l e [ o p e n ] - - " % 1 " % *
c o m f i l e [ o p e n ] - - " % 1 " % *
c p l f i l e [ c p l o p e n ] - - % S y s t e m R o o t % \ S y s t e m 3 2 \ c o n t r o l . e x e " % 1 " , % * ( M i c r o s o f t C o r p o r a t i o n )
e x e f i l e [ o p e n ] - - " % 1 " % *
h e l p f i l e [ o p e n ] - - R e g E r r o r : K e y e r r o r .
h l p f i l e [ o p e n ] - - % S y s t e m R o o t % \ w i n h l p 3 2 . e x e % 1 ( M i c r o s o f t C o r p o r a t i o n )
i n f f i l e [ i n s t a l l ] - - % S y s t e m R o o t % \ S y s t e m 3 2 \ I n f D e f a u l t I n s t a l l . e x e " % 1 " ( M i c r o s o f t C o r p o r a t i o n )
p i f f i l e [ o p e n ] - - " % 1 " % *
r e g f i l e [ m e r g e ] - - R e g E r r o r : K e y e r r o r .
s c r f i l e [ c o n f i g ] - - " % 1 "
s c r f i l e [ i n s t a l l ] - - r u n d l l 3 2 . e x e d e s k . c p l , I n s t a l l S c r e e n S a v e r % l
s c r f i l e [ o p e n ] - - " % 1 " / S
t x t f i l e [ e d i t ] - - R e g E r r o r : K e y e r r o r .
U n k n o w n [ o p e n a s ] - - % S y s t e m R o o t % \ s y s t e m 3 2 \ r u n d l l 3 2 . e x e % S y s t e m R o o t % \ s y s t e m 3 2 \ s h e l l 3 2 . d l l , O p e n A s _ R u n D L L % 1
D i r e c t o r y [ c m d ] - - c m d . e x e / s / k p u s h d " % V " ( M i c r o s o f t C o r p o r a t i o n )
D i r e c t o r y [ f i n d ] - - % S y s t e m R o o t % \ E x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n )
F o l d e r [ o p e n ] - - % S y s t e m R o o t % \ E x p l o r e r . e x e / s e p a r a t e , / i d l i s t , % I , % L ( M i c r o s o f t C o r p o r a t i o n )
F o l d e r [ e x p l o r e ] - - % S y s t e m R o o t % \ E x p l o r e r . e x e / s e p a r a t e , / e , / i d l i s t , % I , % L ( M i c r o s o f t C o r p o r a t i o n )
D r i v e [ f i n d ] - - % S y s t e m R o o t % \ E x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n )
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S e c u r i t y C e n t e r S e t t i n g s = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y C e n t e r ]
" c v a l " = 0
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y C e n t e r \ M o n i t o r i n g ]
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y C e n t e r \ S v c ]
" A n t i V i r u s O v e r r i d e " = 0
" A n t i S p y w a r e O v e r r i d e " = 0
" F i r e w a l l O v e r r i d e " = 0
" V i s t a S p 1 " = R e g E r r o r : U n k n o w n r e g i s t r y d a t a t y p e - - F i l e n o t f o u n d
" V i s t a S p 2 " = R e g E r r o r : U n k n o w n r e g i s t r y d a t a t y p e - - F i l e n o t f o u n d
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i r e w a l l S e t t i n g s = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ D o m a i n P r o f i l e ]
" D i s a b l e N o t i f i c a t i o n s " = 0
" E n a b l e F i r e w a l l " = 1
[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ S t a n d a r d P r o f i l e ]
" D i s a b l e N o t i f i c a t i o n s " = 0
" E n a b l e F i r e w a l l " = 1
[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ P u b l i c P r o f i l e ]
" D i s a b l e N o t i f i c a t i o n s " = 0
" E n a b l e F i r e w a l l " = 0
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = A u t h o r i z e d A p p l i c a t i o n s L i s t = = = = = = = = = = [ / c o l o r ]
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = H K E Y _ L O C A L _ M A C H I N E U n i n s t a l l L i s t = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l ]
" _ { C E 2 D A 1 1 A - 9 1 7 F - 4 C F 5 - A B 5 5 - 7 5 5 E C 1 1 5 D D 1 0 } " = C o r e l D R A W ( R ) G r a p h i c s S u i t e X 4 - W i n d o w s S h e l l E x t e n s i o n
" { 0 0 2 D 9 D 5 E - 2 9 B A - 3 E 6 D - 9 B C 4 - 3 D 7 D 6 D B C 7 3 5 C } " = M i c r o s o f t V i s u a l C + + 2 0 0 8 A T L U p d a t e k b 9 7 3 9 2 4 - x 8 6 9 . 0 . 3 0 7 2 9 . 4 1 4 8
" { 0 2 8 E D 9 C 4 - 2 5 E E - 4 D E E - 9 C F 4 - 9 1 0 3 4 B C 8 9 B 1 8 } " = M i c r o s o f t S Q L S e r v e r 2 0 0 5 E x p r e s s E d i t i o n ( S Q L E X P R E S S )
" { 0 4 8 2 9 8 C 9 - A 4 D 3 - 4 9 0 B - 9 F F 9 - A B 0 2 3 A 9 2 3 8 F 3 } " = S t e a m ( T M )
" { 0 4 8 5 8 9 1 5 - 9 F 4 9 - 4 B 2 A - A E D 4 - D C 4 9 A 7 D E 6 A 7 B } " = B a t t l e f i e l d 2 ( T M )
" { 0 7 6 2 9 2 0 7 - F A A 0 - 4 F 1 A - 8 0 9 2 - B F 5 0 8 5 B E 5 1 1 F } " = U n t e r s t � t z u n g s d a t e i e n f � r d a s M i c r o s o f t S Q L S e r v e r - S e t u p ( E n g l i s c h )
" { 0 8 6 a 7 d 8 c - 0 a 3 8 - 4 c 7 f - 8 1 9 a - 6 2 0 2 7 5 5 5 0 d 5 c } " = N e r o B u r n i n g R O M H e l p
" { 0 D E 8 5 2 7 A - F E 3 E - 4 F C A - A 0 2 3 - D 5 7 E F 0 B 7 9 6 C 9 } _ i s 1 " = P l a n t s v s . Z o m b i e s 1 . 0 . 4 . 7 9 2 4 ( b y S c a r )
" { 1 1 1 1 7 0 6 F - 6 6 6 A - 4 0 3 7 - 7 7 7 7 - 2 1 1 3 2 8 7 6 4 D 1 0 } " = J a v a F X 2 . 1 . 1
" { 1 1 9 9 F A D 5 - 9 5 4 6 - 4 4 f 3 - 8 1 C F - F F D B 8 0 4 0 B 7 B F } _ C a n o n _ i P 4 6 0 0 _ s e r i e s " = C a n o n i P 4 6 0 0 s e r i e s P r i n t e r D r i v e r
" { 1 1 9 9 F A D 5 - 9 5 4 6 - 4 4 f 3 - 8 1 C F - F F D B 8 0 4 0 B 7 B F } _ C a n o n _ M G 5 2 0 0 _ s e r i e s " = C a n o n M G 5 2 0 0 s e r i e s M P D r i v e r s
" { 1 5 9 0 9 8 A F - 4 E B 8 - 4 C 1 0 - B 0 C 6 - 2 4 C D A 3 2 B 4 5 F 9 } " = M i c r o s o f t S Q L S e r v e r C o m p a c t 3 . 5 D E U
" { 1 8 3 8 C 5 A 2 - A B 3 2 - 4 1 4 5 - 8 5 C 1 - B B 9 B 8 D F A 2 4 C D } " = Q u i c k T i m e
" { 1 8 E 1 F D 7 2 - 6 0 F A - 3 E 1 0 - A 6 6 B - 6 4 0 9 7 0 B 5 5 5 9 F } " = V i s u a l S t u d i o T o o l s f o r t h e O f f i c e s y s t e m 3 . 0 R u n t i m e L a n g u a g e P a c k - D E U
" { 1 C 3 A D B 5 F - 7 5 0 E - 4 4 5 3 - A C 9 8 - B 7 5 C 5 3 2 3 8 4 5 C } " = M i c r o s o f t S Q L S e r v e r C o m p a c t 3 . 5 f o r D e v i c e s D E U
" { 2 1 2 7 4 8 B B - 0 D A 5 - 4 6 D E - 8 2 A 1 - 4 0 3 7 3 6 D C 9 F 2 7 } " = M S V C 8 0 _ x 8 6
" { 2 6 A 2 4 A E 4 - 0 3 9 D - 4 C A 4 - 8 7 B 4 - 2 F 8 3 2 1 7 0 0 7 F F } " = J a v a 7 U p d a t e 9
" { 3 8 8 E 4 B 0 9 - 3 E 7 1 - 4 6 4 9 - 8 9 2 1 - F 4 4 A 3 A 2 9 5 4 A 7 } " = M i c r o s o f t V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e R u n t i m e
" { 3 9 2 4 C 3 E 7 - C 4 4 0 - 4 B 2 3 - 9 7 4 0 - 9 A 9 E C 0 5 4 5 F 2 1 } " = C r y s t a l R e p o r t s B a s i c G e r m a n L a n g u a g e P a c k f o r V i s u a l S t u d i o 2 0 0 8
" { 3 C 3 9 0 1 C 5 - 3 4 5 5 - 3 E 0 A - A 2 1 4 - 0 B 0 9 3 A 5 0 7 0 A 6 } " = M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e
" { 3 F C 7 C B B C 4 C 1 E 1 1 D C A 1 A 7 5 2 E A 5 5 D 8 9 5 9 3 } " = D i v X V e r s i o n C h e c k e r
" { 4 0 6 F B 8 A 4 - F 5 3 9 - 4 8 A 9 - 8 0 9 C - F 9 4 7 0 6 F 9 C 9 F 6 } _ i s 1 " = S . T . A . L . K . E . R . - C a l l o f P r i p y a t [ v 1 . 6 . 0 2 ]
" { 4 1 4 A 3 7 3 B - 5 9 D F - 4 1 0 2 - 9 4 C A - 9 F E 9 A 7 4 C B D D A } " = G a r m i n T r i p a n d W a y p o i n t M a n a g e r v 5
" { 4 4 5 1 7 4 E A - 3 D 3 A - 3 0 8 E - 8 4 A D - 4 4 6 1 2 7 E 7 1 4 4 1 } " = M i c r o s o f t V i s u a l S t u d i o 2 0 0 8 P r o f e s s i o n a l E d i t i o n - D E U
" { 4 4 D 4 A F 7 5 - 6 8 7 0 - 4 1 F 5 - 9 1 8 1 - 6 6 2 E A 0 5 5 0 7 E 1 } " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5
" { 4 A 0 3 7 0 6 F - 6 6 6 A - 4 0 3 7 - 7 7 7 7 - 5 F 2 7 4 8 7 6 4 D 1 0 } " = J a v a A u t o U p d a t e r
" { 4 A C D C 4 1 3 - A F 1 3 - 3 9 3 4 - 8 D 8 A - 1 F 8 C E F 7 0 D 1 A 5 } " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8 L a n g u a g e P a c k - D E U
" { 4 B 6 E 1 E A 9 - 4 7 0 4 - 4 7 5 0 - 8 6 8 A - A E B 3 9 8 1 6 8 D A 6 } " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5 L a n g u a g e P a c k - D E U
" { 4 C 9 1 1 A 6 1 - 3 9 E A - 4 1 C C - A B 3 C - F E 3 B F F D B 5 F 7 8 } " = N o k i a S o f t w a r e U p d a t e r
" { 4 E 3 A 8 1 7 A - 8 0 3 3 - 3 D 7 E - B C A 9 - 1 0 2 E F F 3 F D 9 C A } " = M i c r o s o f t D e v i c e E m u l a t o r V e r s i o n 3 . 0 - D E U
" { 5 5 4 5 E E E 1 - F A 3 6 - 4 F 7 6 - B 6 B E - 5 6 9 6 E 7 F 4 E 2 D 6 } " = V B A ( 2 6 2 7 . 0 1 )
" { 5 5 4 5 E E E 4 - F A 3 6 - 4 F 7 6 - B 6 B E - 5 6 9 6 E 7 F 4 E 2 D 6 } " = V B A ( 2 7 0 1 . 0 1 )
" { 5 6 C 0 4 9 B E - 7 9 E 9 - 4 5 0 2 - B E A 7 - 9 7 5 4 A 3 E 6 0 F 9 B } " = n e r o x m l
" { 5 7 8 3 F 2 D 7 - 7 0 0 4 - 0 4 0 7 - 0 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } " = A u t o C A D A r c h i t e c t u r e 2 0 0 9 - D e u t s c h
" { 5 7 8 3 F 2 D 7 - 8 0 0 4 - 0 4 0 7 - 0 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } " = A u t o C A D A r c h i t e c t u r e 2 0 1 0 - D e u t s c h
" { 5 7 8 3 F 2 D 7 - 8 0 0 4 - 0 4 0 7 - 1 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } " = A u t o C A D A r c h i t e c t u r e 2 0 1 0 L a n g u a g e P a c k - D e u t s c h
" { 5 D A 8 F 6 C D - C 7 0 E - 3 9 D 8 - 8 4 3 0 - 3 D 9 8 0 8 D 6 B D 1 7 } " = M i c r o s o f t V i s u a l C + + 2 0 0 8 R e d i s t r i b u t a b l e - x 8 6 9 . 0 . 3 0 4 1 1
" { 5 D B 1 6 1 C 0 - 7 C 9 C - 4 1 D 7 - 8 D A 1 - C B 1 1 2 F 6 0 9 4 6 B } " = M i c r o s o f t V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e R u n t i m e L a n g u a g e P a c k
" { 5 E E 7 D 2 5 9 - D 1 3 7 - 4 4 3 8 - 9 A 5 F - 4 2 F 4 3 2 E C 0 4 2 1 } " = V C 8 0 C R T R e d i s t - 8 . 0 . 5 0 7 2 7 . 4 0 5 3
" { 6 0 D E 4 0 3 3 - 9 5 0 3 - 4 8 D 1 - A 4 8 3 - 7 8 4 6 B D 2 1 7 C A 9 } " = I C Q 6
" { 6 3 B 9 B A B 5 - F 3 6 A - 4 A 3 B - 9 E 5 C - 6 8 A 7 F 2 1 2 B F B 9 } " = T e r r a T e c H o m e C i n e m a
" { 6 4 c 5 b 8 8 7 - b 5 e e - 4 2 b 8 - 8 5 9 6 - 7 8 9 0 5 a 6 b 5 f 1 f } " = M i c r o s o f t W i n d o w s S D K f o r V i s u a l S t u d i o 2 0 0 8 S D K R e f e r e n c e A s s e m b l i e s a n d I n t e l l i S e n s e
" { 6 7 5 3 B 4 0 C - 0 F B D - 3 B E D - 8 A 9 D - 0 A C A C 2 D C D 8 5 D } " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8
" { 6 8 A 3 5 0 4 3 - C 5 5 A - 4 2 3 7 - 8 8 C 9 - 3 7 E E 1 C 6 3 E D 7 1 } " = M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e P a c k a g e
" { 6 9 F D F B B 6 - 3 5 1 D - 4 B 8 C - 8 9 D 8 - 8 6 7 D C 9 D 0 A 2 A 4 } " = W i n d o w s M e d i a P l a y e r F i r e f o x P l u g i n
" { 6 C 5 3 1 0 6 0 - 8 4 F B - 4 F 9 6 - 8 F 3 3 - 2 9 D F 0 2 0 6 3 2 E B } " = M i c r o s o f t . N E T C o m p a c t F r a m e w o r k 1 . 0 S P 3 D e v e l o p e r
" { 6 D 3 2 4 5 B 1 - 8 D B 8 - 4 A 2 3 - 9 C D 2 - 2 C 9 0 F 4 0 A B A F 6 } " = M S V C 8 0 _ x 8 6 _ v 2
" { 6 E 0 3 5 2 E E - 6 F 0 D - 4 F B C - B 1 B 8 - 4 F F 0 3 2 C 7 8 B E 0 } " = P C C o n n e c t i v i t y S o l u t i o n
" { 7 2 1 B 5 C F 0 - D 2 2 0 - 4 9 5 5 - B B 6 F - E B C F B 1 0 9 6 D E 7 } " = W i n d o w s M o b i l e 5 . 0 S D K R 2 f o r P o c k e t P C
" { 7 2 9 9 0 5 2 b - 0 2 a 4 - 4 6 2 7 - 8 1 f 2 - 1 8 1 8 d a 5 d 5 5 0 d } " = M i c r o s o f t V i s u a l C + + 2 0 0 5 R e d i s t r i b u t a b l e
" { 7 2 C C B E A 1 - 8 D 5 7 - 4 9 8 1 - A 3 3 7 - 8 1 0 1 9 F 2 8 C 5 B A } " = M i c r o s o f t . N E T C o m p a c t F r a m e w o r k 3 . 5
" { 7 7 0 6 5 7 D 0 - A 1 2 3 - 3 C 0 7 - 8 E 4 4 - 1 C 8 3 E C 8 9 5 1 1 8 } " = M i c r o s o f t V i s u a l C + + 2 0 0 5 A T L U p d a t e k b 9 7 3 9 2 3 - x 8 6 8 . 0 . 5 0 7 2 7 . 4 0 5 3
" { 7 7 7 C 0 6 F 9 - 8 4 6 2 - 4 2 8 9 - 9 0 2 6 - 0 4 6 2 9 0 6 E 1 7 7 F } " = X P S L i g h t F X S D K
" { 7 B 6 3 B 2 9 2 2 B 1 7 4 1 3 5 A F C 0 E 1 3 7 7 D D 8 1 E C 2 } " =
" { 7 F 0 C 4 4 5 7 - 8 E 6 4 - 4 9 1 B - 8 D 7 B - 9 9 1 5 0 4 3 6 5 D 1 E } " = Q u i c k S e t
" { 7 F B 1 2 6 7 0 - 0 F 9 3 - 4 E 1 E - B 2 F 5 - 4 F 3 3 9 1 9 9 A 0 3 A } " = M i c r o s o f t S Q L S e r v e r N a t i v e C l i e n t
" { 8 3 7 b 3 4 e 3 - 7 c 3 0 - 4 9 3 c - 8 f 6 a - 2 b 0 f 0 4 e 2 9 1 2 c } " = M i c r o s o f t V i s u a l C + + 2 0 0 5 R e d i s t r i b u t a b l e
" { 8 4 2 F A F 7 C - 5 0 E F - 4 4 6 3 - 9 B 8 F - 6 2 2 2 E 1 3 8 4 D 7 D } " = M i c r o s o f t W i n d o w s S D K f o r V i s u a l S t u d i o 2 0 0 8 H e a d e r s a n d L i b r a r i e s
" { 8 4 9 A 3 2 C 3 - E 7 5 A - 4 7 9 1 - 9 B 1 1 - E 5 6 8 B A 3 5 2 5 A 4 } " = M i c r o s o f t S Q L S e r v e r V S S W r i t e r
" { 8 7 1 D F 2 B E - 4 1 D 2 - 4 3 3 4 - A C 3 3 - 8 3 9 A F 1 6 F C 8 F E } " = C i s c o S y s t e m s V P N C l i e n t 5 . 0 . 0 2 . 0 0 9 0
" { 8 7 9 5 C B E D - 5 5 E 2 - 4 6 9 3 - 9 F 1 4 - 8 4 E C 4 4 6 9 3 5 B E } " = S p e e c h R e d i s t
" { 8 A A B 4 1 7 6 - A 7 4 7 - 4 9 3 A - A 4 2 C - B 6 3 C F A D F D 8 E 3 } " = N V I D I A P h y s X
" { 8 D 5 2 E 0 F 9 - 1 7 A 0 - 4 9 3 B - 8 6 9 2 - 9 3 7 3 8 1 D D B 6 2 B } " = S i m C i t y 2 0 0 0
" { 8 F B 5 3 8 5 0 - 2 4 6 A - 3 5 0 7 - 8 A D E - 0 0 6 0 0 9 3 F F E A 6 } " = V i s u a l S t u d i o T o o l s f o r t h e O f f i c e s y s t e m 3 . 0 R u n t i m e
" { 9 0 1 2 0 0 0 0 - 0 0 1 5 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e A c c e s s M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 5 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 6 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e E x c e l M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 6 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 8 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P o w e r P o i n t M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 8 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 9 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P u b l i s h e r M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 9 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e O u t l o o k M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 B - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e W o r d M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 B - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P r o o f ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 9 2 8 D 7 B 9 9 - 2 B E A - 4 9 F 9 - 8 3 B 8 - 2 0 F A 5 7 8 6 0 6 4 3 } " = M i c r o s o f t O f f i c e P r o o f i n g T o o l s 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 9 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P r o o f ( E n g l i s h ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 9 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 1 F F 9 6 0 2 6 - A 0 4 A - 4 C 3 E - B 5 0 A - B B 7 0 2 2 6 5 4 D 0 F } " = M i c r o s o f t O f f i c e P r o o f i n g T o o l s 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 C - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P r o o f ( F r e n c h ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 C - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 7 1 F 0 5 5 E 8 - E 2 C 6 - 4 2 1 4 - B B 3 D - B F E 0 3 5 6 1 B 8 9 E } " = M i c r o s o f t O f f i c e P r o o f i n g T o o l s 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 1 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P r o o f ( I t a l i a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 1 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { A 2 3 B F C 9 5 - 4 A 7 3 - 4 1 0 F - 9 2 4 8 - 4 C 2 B 4 8 E 3 8 C 4 9 } " = M i c r o s o f t O f f i c e P r o o f i n g T o o l s 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e V i s u a l W e b D e v e l o p e r 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e V i s u a l W e b D e v e l o p e r M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ V i s u a l W e b D e v e l o p e r _ { 2 7 3 3 A A 8 7 - 2 6 F C - 4 1 B 0 - 9 D 2 F - 3 0 9 2 3 4 5 B C 3 7 0 } " = M i c r o s o f t O f f i c e S h a r e P o i n t D e s i g n e r 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 2 C - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e P r o o f i n g ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 3 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e E n t e r p r i s e 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 3 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 6 E 1 0 7 E B 7 - 8 B 5 5 - 4 8 B F - A C C B - 1 9 9 F 8 6 A 2 C D 9 3 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 4 4 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e I n f o P a t h M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 4 4 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e S h a r e d M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { A 6 3 5 3 E 8 F - 5 B 8 D - 4 7 C C - 8 7 3 7 - D F F 0 3 2 E D 3 9 7 3 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ V i s u a l W e b D e v e l o p e r _ { A 6 3 5 3 E 8 F - 5 B 8 D - 4 7 C C - 8 7 3 7 - D F F 0 3 2 E D 3 9 7 3 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 A 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e O n e N o t e M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 A 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 0 1 2 0 0 0 0 - 0 0 B A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } " = M i c r o s o f t O f f i c e G r o o v e M U I ( G e r m a n ) 2 0 0 7
" { 9 0 1 2 0 0 0 0 - 0 0 B A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } " = M i c r o s o f t O f f i c e 2 0 0 7 S e r v i c e P a c k 3 ( S P 3 )
" { 9 9 F 0 C 3 C C - 8 D F 0 - 3 6 1 1 - B 1 9 0 - C F 4 D 1 A F 0 E 0 5 3 } " = M i c r o s o f t W i n d o w s S D K f o r V i s u a l S t u d i o 2 0 0 8 . N E T F r a m e w o r k T o o l s
" { 9 A 2 5 3 0 2 D - 3 0 C 0 - 3 9 D 9 - B D 6 F - 2 1 E 6 E C 1 6 0 4 7 5 } " = M i c r o s o f t V i s u a l C + + 2 0 0 8 R e d i s t r i b u t a b l e - x 8 6 9 . 0 . 3 0 7 2 9 . 1 7
" { 9 A 3 3 B 8 3 D - F F C 4 - 4 4 C F - B E E F - 6 3 2 D E C E F 2 F C D } " = M i c r o s o f t S Q L S e r v e r D a t a b a s e P u b l i s h i n g W i z a r d 1 . 2
" { A 6 F 6 7 2 5 C - 1 2 C 3 - 4 2 B 5 - 9 6 4 7 - 8 6 6 8 E 1 B E E 2 D 2 } " = M i c r o s o f t S Q L S e r v e r 2 0 0 5 M o b i l e [ D E U ] D e v e l o p e r T o o l s
" { A 8 F 2 0 8 9 B - 1 F 7 9 - 4 B F 6 - B 3 8 5 - A 2 C 2 B 0 B 9 A 7 4 D } " = I m a g X p r e s s
" { A A 4 6 7 9 5 9 - A 1 D 6 - 4 F 4 5 - 9 0 C D - 1 1 D C 5 7 7 3 3 F 3 2 } " = C r y s t a l R e p o r t s B a s i c f o r V i s u a l S t u d i o 2 0 0 8
" { A A 5 9 D D E 4 - B 6 7 2 - 4 6 2 1 - A 0 1 6 - 4 C 2 4 8 2 0 4 9 5 7 A } " = S k y p e "! 5 . 5
" { A C 7 6 B A 8 6 - 7 A D 7 - 1 0 3 1 - 7 B 4 4 - A A 1 0 0 0 0 0 0 0 0 1 } " = A d o b e R e a d e r X ( 1 0 . 1 . 4 ) - D e u t s c h
" { B 1 0 6 0 3 4 6 - 9 3 8 8 - 4 C 5 B - A A 5 2 - 1 7 6 C 3 9 8 1 9 E 4 3 } " = M i c r o s o f t . N E T C o m p a c t F r a m e w o r k 2 . 0 S P 2
" { B 1 3 A 7 C 4 1 5 8 1 B 4 1 1 2 9 0 F B C 0 3 9 5 6 9 4 E 2 A 9 } " = D i v X C o n v e r t e r
" { B 2 6 8 E 9 A 1 - 0 4 A 9 - 4 0 D 0 - 9 8 6 6 - 8 4 6 B E 2 B 7 4 B A 7 } " = M i c r o s o f t W i n d o w s S D K f o r V i s u a l S t u d i o 2 0 0 8 W i n 3 2 T o o l s
" { B 5 7 6 1 8 1 1 - 2 8 F 3 - 4 2 5 7 - B 5 3 7 - 8 1 5 C 5 E E F 4 7 2 C } " = V o d a f o n e M o b i l e C o n n e c t L i t e
" { B 7 4 F 0 4 2 E - E 1 B 9 - 4 A 5 B - 8 D 4 6 - 3 8 7 B B 1 7 2 F 0 A 4 } " = A p p l e S o f t w a r e U p d a t e
" { B B A A A D 8 2 - 6 2 4 2 - 4 2 0 F - 8 6 D 4 - B D 7 2 B B 5 E 6 C 8 6 } " = T o o l s f � r M i c r o s o f t S Q L S e r v e r 2 0 0 5 E x p r e s s E d i t i o n
" { B B E 4 5 D 3 7 - 2 D 2 E - 4 2 6 F - 8 E F 6 - 5 0 7 5 C E 4 D 3 8 2 B } " = M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e L a n g u a g e P a c k - D E U
" { B E 0 6 1 1 4 F - 5 5 9 D - 1 1 E 0 - B 5 A 1 - 0 0 1 D 0 9 2 6 B 1 B F } " = G o o g l e E a r t h
" { C 5 0 E F 3 6 5 - 2 8 9 8 - 4 8 9 A - B 6 C 7 - 3 0 D A A 4 6 6 E 9 A 2 } " = N o k i a C o n n e c t i v i t y C a b l e D r i v e r
" { C A A 3 7 6 A F - 0 D E 8 - 4 F C A - 9 4 2 E - C 6 A C 5 7 9 B 9 4 B 3 } " = M i c r o s o f t W i n d o w s S D K f o r V i s u a l S t u d i o 2 0 0 8 T o o l s
" { C E 2 C D D 6 2 - 0 1 2 4 - 3 6 C A - 8 4 D 3 - 9 F 4 D C F 5 C 5 B D 9 } " = M i c r o s o f t . N E T F r a m e w o r k 3 . 5 S P 1
" { C E 2 D A 1 1 A - 9 1 7 F - 4 C F 5 - A B 5 5 - 7 5 5 E C 1 1 5 D D 1 0 } " = C o r e l D R A W ( R ) G r a p h i c s S u i t e X 4 - W i n d o w s S h e l l E x t e n s i o n
" { D 0 A 0 5 7 9 4 - 4 8 C 2 - 4 4 2 4 - A 1 5 A - 9 F 2 0 F C F D D 3 7 4 } " = C a l l o f D u t y ( R ) 2
" { D 4 5 E C 2 5 9 - 4 A 1 9 - 4 6 5 6 - B 5 8 8 - C 2 C 3 6 0 D D 1 8 E A } " = H a l f - L i f e ( R ) 2
" { D 7 8 6 5 3 C 3 - A 8 F F - 4 1 5 F - 9 2 E 6 - D 7 7 4 E 6 3 4 F F 2 D } " = D e l l R e s o u r c e C D
" { D A 7 F 4 8 E F - 5 F 5 6 - 4 5 F E - 9 1 6 9 - 3 B 8 1 5 9 A 7 A 3 2 3 } " = W i n d o w s M o b i l e 5 . 0 S D K R 2 f o r S m a r t p h o n e
" { D F 5 A 0 3 C C - D 5 A A - 4 3 D 8 - B 9 4 8 - D 9 9 0 3 F 2 A F 9 4 A } " = C o u n t e r - S t r i k e ( T M )
" { E 3 2 2 6 0 E 7 - 0 B 1 0 - 4 3 C 7 - 9 B 7 7 - A B 9 F 4 1 8 4 6 7 6 D } " = M i c r o s o f t S Q L S e r v e r C o m p a c t 3 . 5 D e s i g n T o o l s D E U
" { f 4 0 4 1 d c e - 3 f e 1 - 4 e 1 8 - 8 a 9 e - 9 d e 6 5 2 3 1 e e 3 6 } " = N e r o C o n t r o l C e n t e r
" { F 7 5 0 C 9 8 6 - 5 3 1 0 - 3 A 5 A - 9 5 F 8 - 4 E C 7 1 C 8 A C 0 1 C } " = M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e D E U L a n g u a g e P a c k
" { F F 2 9 5 2 7 A - 4 4 C D - 3 4 2 2 - 9 4 5 E - 9 8 1 A 1 3 5 8 4 0 0 0 } " = V C R u n t i m e s M S I
" 5 0 4 2 4 4 7 3 3 D 1 8 C 8 F 6 3 F F 5 8 4 A E B 2 9 0 E 3 9 0 4 E 7 9 1 6 9 3 " = W i n d o w s - T r e i b e r p a k e t - N o k i a p c c s m c f d ( 0 8 / 2 2 / 2 0 0 8 7 . 0 . 0 . 0 )
" 7 - Z i p " = 7 - Z i p 4 . 6 4
" A d o b e F l a s h P l a y e r P l u g i n " = A d o b e F l a s h P l a y e r 1 1 P l u g i n
" A g e o f E m p i r e s 2 . 0 " = M i c r o s o f t A g e o f E m p i r e s I I
" A g e o f E m p i r e s I I : T h e C o n q u e r o r s E x p a n s i o n 1 . 0 " = M i c r o s o f t A g e o f E m p i r e s I I : T h e C o n q u e r o r s E x p a n s i o n
" A k a m a i " = A k a m a i N e t S e s s i o n I n t e r f a c e S e r v i c e
" A N N O 1 6 0 2 " = A n n o 1 6 0 2
" A u t o C A D A r c h i t e c t u r e 2 0 0 9 - D e u t s c h " = A u t o C A D A r c h i t e c t u r e 2 0 0 9 - D e u t s c h
" A v i r a A n t i V i r D e s k t o p " = A v i r a A n t i V i r P e r s o n a l - F r e e A n t i v i r u s
" C a n o n M G 5 2 0 0 s e r i e s B e n u t z e r r e g i s t r i e r u n g " = C a n o n M G 5 2 0 0 s e r i e s B e n u t z e r r e g i s t r i e r u n g
" C a n o n _ I J _ N e t w o r k _ S c a n _ U T I L I T Y " = C a n o n I J N e t w o r k S c a n U t i l i t y
" C a n o n _ I J _ N e t w o r k _ U T I L I T Y " = C a n o n I J N e t w o r k T o o l
" C a n o n M y P r i n t e r " = C a n o n M y P r i n t e r
" C C l e a n e r " = C C l e a n e r
" C o s s a c k s I I " = C o s s a c k s I I
" C o u n t e r - S t r i k e : S o u r c e " = C o u n t e r - S t r i k e : S o u r c e
" D A E M O N T o o l s T o o l b a r " = D A E M O N T o o l s T o o l b a r
" D i v X S e t u p . d i v x . c o m " = D i v X - S e t u p
" D u k e N u k e m 3 D H R P " = D u k e N u k e m 3 D H R P V 4 . 0 ( 3 2 1 )
" E a r t h w o r m J i m _ i s 1 " = E a r t h w o r m J i m
" E N T E R P R I S E " = M i c r o s o f t O f f i c e E n t e r p r i s e 2 0 0 7
" G T A 2 " = G T A 2
" I C Q L i t e " = I C Q 5 . 1
" I C Q - T o o l s _ i s 1 " = m e h r I C Q S t a t u s s y m b o l e
" I c y T o w e r _ i s 1 " = I c y T o w e r v 1 . 3
" I n s t a l l S h i e l d _ { 8 A 1 5 B 7 D 9 - 9 0 8 A - 4 E F 9 - B A 8 4 - 5 A E D E 6 1 7 4 3 E E } " = C a l l o f D u t y ( R ) 4 - M o d e r n W a r f a r e ( T M ) 1 . 6 P a t c h
" I n s t a l l S h i e l d _ { 9 3 1 C 3 7 F C - 5 9 4 D - 4 3 A 9 - B 1 0 F - A 2 F 2 B 1 F 0 3 4 9 8 } " = C a l l o f D u t y ( R ) 4 - M o d e r n W a r f a r e ( T M ) 1 . 7 P a t c h
" I n s t a l l S h i e l d _ { D 0 A 0 5 7 9 4 - 4 8 C 2 - 4 4 2 4 - A 1 5 A - 9 F 2 0 F C F D D 3 7 4 } " = C a l l o f D u t y ( R ) 2
" K L i t e C o d e c P a c k _ i s 1 " = K - L i t e C o d e c P a c k 4 . 7 . 0 ( F u l l )
" L i t t l e F i g h t e r 2 " = L i t t l e F i g h t e r 2 v e r s i o n 2 . 0 a
" M C - L o a d P r e i n s t a l l e r " = M C - L o a d P r e i n s t a l l e r
" M e d i a N a v i g a t i o n . C D L a b e l P r i n t " = C D - L a b e l P r i n t
" M i c r o s o f t . N E T F r a m e w o r k 3 . 5 S P 1 " = M i c r o s o f t . N E T F r a m e w o r k 3 . 5 S P 1
" M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e " = M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e
" M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e D E U L a n g u a g e P a c k " = M i c r o s o f t . N E T F r a m e w o r k 4 C l i e n t P r o f i l e D E U L a n g u a g e P a c k
" M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5 " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5
" M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5 L a n g u a g e P a c k - D E U " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 5 L a n g u a g e P a c k - D E U
" M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8 " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8
" M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8 L a n g u a g e P a c k - D E U " = M i c r o s o f t D o c u m e n t E x p l o r e r 2 0 0 8 L a n g u a g e P a c k - D E U
" M i c r o s o f t S Q L S e r v e r 2 0 0 5 " = M i c r o s o f t S Q L S e r v e r 2 0 0 5
" M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e L a n g u a g e P a c k - D E U " = M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e L a n g u a g e P a c k - D E U
" M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e P a c k a g e " = M i c r o s o f t V i s u a l J # 2 . 0 R e d i s t r i b u t a b l e P a c k a g e
" M i c r o s o f t V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e R u n t i m e " = V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e S e c o n d E d i t i o n R u n t i m e
" M i c r o s o f t V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e R u n t i m e L a n g u a g e P a c k " = M i c r o s o f t V i s u a l S t u d i o 2 0 0 5 T o o l s f o r O f f i c e R u n t i m e L a n g u a g e P a c k
" M i c r o s o f t V i s u a l S t u d i o 2 0 0 8 P r o f e s s i o n a l E d i t i o n - D E U " = M i c r o s o f t V i s u a l S t u d i o 2 0 0 8 P r o f e s s i o n a l E d i t i o n - D E U
" M o z i l l a F i r e f o x 1 7 . 0 ( x 8 6 d e ) " = M o z i l l a F i r e f o x 1 7 . 0 ( x 8 6 d e )
" M o z i l l a M a i n t e n a n c e S e r v i c e " = M o z i l l a M a i n t e n a n c e S e r v i c e
" M P N a v i g a t o r E X 4 . 0 " = C a n o n M P N a v i g a t o r E X 4 . 0
" N V I D I A D r i v e r s " = N V I D I A D r i v e r s
" R e a l P l a y e r 6 . 0 " = R e a l P l a y e r
" S h o c k w a v e " = S h o c k w a v e
" S t a r c r a f t " = S t a r c r a f t
" S t e a m A p p 3 0 0 " = D a y o f D e f e a t : S o u r c e
" S t e a m A p p 4 4 0 " = T e a m F o r t r e s s 2
" S t e a m A p p 6 3 0 " = A l i e n S w a r m
" S u r f e r 7 " = S u r f e r 7
" T e a m s p e a k 2 R C 2 _ i s 1 " = T e a m S p e a k 2 R C 2
" T e a m S p e a k 3 C l i e n t " = T e a m S p e a k 3 C l i e n t
" T e a m V i e w e r 8 " = T e a m V i e w e r 8
" V i r t u a l C l o n e D r i v e " = V i r t u a l C l o n e D r i v e
" V i s u a l S t u d i o T o o l s f o r t h e O f f i c e s y s t e m 3 . 0 R u n t i m e " = V i s u a l S t u d i o T o o l s f o r t h e O f f i c e s y s t e m 3 . 0 R u n t i m e
" V i s u a l S t u d i o T o o l s f o r t h e O f f i c e s y s t e m 3 . 0 R u n t i m e L a n g u a g e P a c k - D E U " = V i s u a l S t u d i o - T o o l s f � r O f f i c e S y s t e m 3 . 0 R u n t i m e L a n g u a g e P a c k - D E U
" V i s u a l W e b D e v e l o p e r " = M i c r o s o f t V i s u a l S t u d i o W e b A u t h o r i n g C o m p o n e n t
" v S h a r e . t v p l u g i n " = v S h a r e . t v p l u g i n 1 . 3
" W i n R A R a r c h i v e r " = W i n R A R A r c h i v i e r e r
" X T T B 0 0 0 0 1 . X T T B 0 0 0 0 1 T o o l b a r " = I C Q T o o l b a r
" Y T d e t e c t " = Y a h o o ! D e t e c t
[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = H K E Y _ U S E R S U n i n s t a l l L i s t = = = = = = = = = = [ / c o l o r ]
[ H K E Y _ U S E R S \ D e l l _ O N _ C \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l ]
" A k a m a i " = A k a m a i N e t S e s s i o n I n t e r f a c e
" f 0 1 8 c f 2 1 c 0 4 5 2 c 6 4 " = A V M F R I T Z ! B o x U S B - F e r n a n s c h l u s s
< E n d o f r e p o r t >
|
|
22.12.2012, 22:07
| #2 |
| /// TB-Ausbilder  | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Gut gemacht bisher, nur hilft uns ein verstümmeltes Logfile leider nichts, du wirst eine Möglichkeit finden muss, das korrekt dargestellt hier einzufügen, dann helfe ich dir sehr gerne.
__________________
__________________ |
|
22.12.2012, 22:30
| #3 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Super, ryder, ich freu mich, dass du mir helfen willst.
__________________Ich hab es jetzt nochmal versuch und ich denke, es hat geklappt. Extras.txt Code:
ATTFilter OTL Extras logfile created on: 12/22/2012 2:27:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.22 Gb Total Space | 36.47 Gb Free Space | 19.80% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009 - Deutsch
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777C06F9-8462-4289-9026-0462906E177F}" = XPS LightFX SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8D52E0F9-17A0-493B-8692-937381DDB62B}" = SimCity 2000
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ANNO1602" = Anno 1602
"AutoCAD Architecture 2009 - Deutsch" = AutoCAD Architecture 2009 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Cossacks II" = Cossacks II
"Counter-Strike: Source" = Counter-Strike: Source
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"Earthworm Jim_is1" = Earthworm Jim
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GTA2" = GTA2
"ICQLite" = ICQ 5.1
"ICQ-Tools_is1" = mehr ICQ Statussymbole
"Icy Tower_is1" = Icy Tower v1.3
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Little Fighter 2" = Little Fighter 2 version 2.0a
"MC-Load Preinstaller" = MC-Load Preinstaller
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Starcraft" = Starcraft
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Surfer 7" = Surfer 7
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR Archivierer
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Dell_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
< End of report >
Code:
ATTFilter OTL logfile created on: 12/22/2012 2:27:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.22 Gb Total Space | 36.47 Gb Free Space | 19.80% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/12/21 11:04:23 | 000,212,480 | ---- | M] () [On_Demand] -- C:\Users\Dell\wgsdgsdgdsgsd.dll -- (Winmgmt)
SRV - [2012/11/29 08:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/25 10:01:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/12 13:09:00 | 004,539,712 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/08 12:04:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 00:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 07:41:40 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/31 12:33:22 | 000,085,096 | ---- | M] (Autodesk) [Disabled] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/30 10:24:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/27 03:26:36 | 000,657,408 | ---- | M] (Nokia) [Disabled] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 18:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Hilfsproggs\MS Visual Studio 2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/10/26 07:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/27 02:32:06 | 000,386,592 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (vpnva)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/07/02 14:54:50 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/07/02 14:54:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/07/08 12:04:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/10/27 16:12:24 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/06 05:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 05:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 05:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 05:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/06/20 08:40:22 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/01/30 02:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/28 22:32:42 | 000,032,288 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2008/10/28 22:32:36 | 000,070,048 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/05 05:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/10/26 07:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/26 01:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/31 06:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 11:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/05 05:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/20 00:57:00 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)
DRV - [2001/08/22 02:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Dell_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKU\Dell_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Hilfsproggs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Hilfsproggs\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions [2011/05/24 15:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007 [2012/12/21 04:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\FireFox\components [2012/11/25 10:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\FireFox\plugins [2012/11/25 10:01:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007 [2012/12/21 04:58:57 | 000,000,000 | ---D | M]
[2008/08/26 05:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions
[2012/11/19 13:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\extensions
File not found (No name found) --
O1 HOSTS File: ([2011/11/25 14:17:57 | 000,000,766 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Hilfsproggs\TerraTec TV\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\Dell_ON_C\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avgnt] C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [wilenl] File not found
O4 - HKU\Dell_ON_C..\Run: [AVMUSBFernanschluss] C:\Users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ICQ Lite] C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O4 - Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Dell\AppData\Roaming\appConf32.exe) - C:\Users\Dell\AppData\Roaming\appConf32.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\1\Command - "" = H:\.\recycled\info.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\.\recycled\info.exe
O33 - MountPoints2\{601e4e02-b402-11dc-8966-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{601e4e02-b402-11dc-8966-001c23067766}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{63914466-1cff-11de-842d-bad6eb6c8833}\Shell - "" = AutoRun
O33 - MountPoints2\{63914466-1cff-11de-842d-bad6eb6c8833}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{69812b1c-e60b-11dd-b95b-f0152afa1a9a}\Shell - "" = AutoRun
O33 - MountPoints2\{69812b1c-e60b-11dd-b95b-f0152afa1a9a}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{af2459ca-b4df-11dd-bb0a-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{af2459ca-b4df-11dd-bb0a-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{af2459cb-b4df-11dd-bb0a-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{af2459cb-b4df-11dd-bb0a-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{b4898c04-1cc1-11e1-a09a-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{b4898c04-1cc1-11e1-a09a-001c23067766}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{bfa132e4-908e-11dc-bd6f-001c23067766}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{bff1b0e4-d8b4-11dc-aee8-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{bff1b0e4-d8b4-11dc-aee8-001c23067766}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{bff1b0ea-d8b4-11dc-aee8-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{bff1b0ea-d8b4-11dc-aee8-001c23067766}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{d99f8a2b-55a9-11dd-a9de-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{d99f8a2b-55a9-11dd-a9de-001c26f41b48}\Shell\AutoRun\command - "" = E:\AutoStarter.exe
O33 - MountPoints2\{ee3fed1c-faf8-11dc-92f5-c1375d3927c5}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3fed1c-faf8-11dc-92f5-c1375d3927c5}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{ee3fed1e-faf8-11dc-92f5-c1375d3927c5}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3fed1e-faf8-11dc-92f5-c1375d3927c5}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f9278540-b476-11dd-8c8f-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{f9278540-b476-11dd-8c8f-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f9278544-b476-11dd-8c8f-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{f9278544-b476-11dd-8c8f-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f993e4f5-8aed-11dd-9ebb-0013e88022f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f993e4f5-8aed-11dd-9ebb-0013e88022f3}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f993e4f6-8aed-11dd-9ebb-0013e88022f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f993e4f6-8aed-11dd-9ebb-0013e88022f3}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/12/22 14:26:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/21 11:10:58 | 000,055,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Dell\AppData\Roaming\loaupdt.jpg
[2012/12/21 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\17001.007
[2012/12/19 11:04:43 | 000,000,000 | ---D | C] -- C:\kock
[2012/12/19 10:44:25 | 000,000,000 | ---D | C] -- C:\xmldm
[2012/12/19 09:44:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Ing-Geo
[2012/12/17 17:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/11 20:02:08 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 20:02:08 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/10 09:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\kock
[2012/12/09 05:17:39 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Mein Garmin
[2012/12/09 05:17:36 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\GARMIN
[2012/12/09 05:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/12/09 05:12:35 | 000,018,432 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmngen.sys
[2012/12/09 05:12:35 | 000,000,000 | ---D | C] -- C:\Garmin
[2012/12/08 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\UAs
[2012/12/03 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\TeamViewer
[2012/12/01 11:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/12/01 11:36:00 | 005,835,512 | ---- | C] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012/11/25 10:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\FireFox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dell\AppData\Roaming\*.tmp files -> C:\Users\Dell\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/21 14:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 14:26:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/21 11:42:06 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 11:42:06 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 11:42:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/21 11:32:53 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012/12/21 11:11:42 | 000,055,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Dell\AppData\Roaming\loaupdt.jpg
[2012/12/21 11:11:18 | 000,000,016 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012/12/21 11:04:46 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 07:33:59 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/12/21 07:33:59 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/21 07:33:59 | 000,149,906 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/12/21 07:33:59 | 000,121,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/21 04:59:05 | 000,219,232 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\AcroIEHelpe248.dll
[2012/12/21 04:59:05 | 000,007,104 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
[2012/12/19 09:43:46 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/17 14:45:27 | 000,007,104 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
[2012/12/16 06:53:43 | 000,000,140 | ---- | M] () -- C:\Windows\LODERUNN.INI
[2012/12/12 17:26:29 | 000,034,568 | ---- | M] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-12-12-2012.gdb
[2012/12/11 20:02:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 20:02:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/11 13:27:31 | 001,013,380 | ---- | M] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012/12/09 05:53:44 | 000,006,944 | ---- | M] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-08-12-2012.gdb
[2012/12/09 05:17:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/12/04 14:52:11 | 000,364,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/03 14:31:26 | 000,173,568 | ---- | M] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/03 12:17:33 | 005,835,512 | ---- | M] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012/12/03 12:16:54 | 000,000,977 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/02 09:10:45 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dell\AppData\Roaming\*.tmp files -> C:\Users\Dell\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/21 11:04:46 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 11:04:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/21 04:59:05 | 000,219,232 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\AcroIEHelpe248.dll
[2012/12/21 04:59:05 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
[2012/12/17 14:45:27 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
[2012/12/12 17:26:29 | 000,034,568 | ---- | C] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-12-12-2012.gdb
[2012/12/11 13:27:30 | 001,013,380 | ---- | C] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012/12/09 05:53:44 | 000,006,944 | ---- | C] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-08-12-2012.gdb
[2012/12/03 12:16:54 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/11/20 07:48:41 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe235.dll
[2012/11/12 09:36:38 | 000,007,720 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe228.dll
[2012/11/10 10:21:40 | 000,000,016 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012/09/05 16:36:38 | 000,000,140 | ---- | C] () -- C:\Windows\LODERUNN.INI
[2011/11/16 14:00:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/05/11 03:20:44 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/11 03:20:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\26485ED7FA.sys
[2010/07/16 08:48:39 | 000,001,447 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/16 08:30:08 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010/01/02 07:07:33 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/23 13:36:39 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/23 13:36:31 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/23 13:36:20 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/07/05 14:00:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/07/05 14:00:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/05/27 14:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 14:27:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 14:26:24 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/04/21 05:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/21 05:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/05 12:38:47 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/05 12:38:39 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/09 10:23:13 | 000,053,712 | RHS- | C] () -- C:\Users\Dell\AppData\Roaming\appConf32.exe
[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/01 20:00:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 11:35:35 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/07/19 10:34:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/07/11 15:24:03 | 000,001,185 | ---- | C] () -- C:\Windows\mozver.dat
[2008/06/18 09:59:06 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/04/27 05:01:11 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/03/25 11:35:05 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/03/23 04:34:35 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/14 11:41:16 | 000,034,382 | ---- | C] () -- C:\Windows\scunin.dat
[2007/12/28 19:50:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/26 20:05:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/26 19:30:53 | 000,001,651 | ---- | C] () -- C:\Windows\eReg.dat
[2007/12/26 18:06:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/24 16:50:36 | 000,173,568 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/11 15:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.dat
[2007/11/11 15:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.001
[2007/11/11 14:59:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/11/11 14:49:46 | 000,001,356 | ---- | C] () -- C:\Users\Dell\AppData\Local\d3d9caps.dat
[2007/10/26 07:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 10:48:52 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:48:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:48:52 | 000,149,906 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:48:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,364,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/14 05:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2011/05/24 15:55:01 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/11/03 11:29:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/10/26 14:10:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2011/05/13 00:37:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/10/26 14:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2009/06/20 08:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/05/24 15:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\HBLiteSA
[2010/01/31 16:57:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2012/10/09 04:25:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2010/01/31 16:49:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2009/10/21 12:46:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008/03/12 14:42:31 | 000,000,000 | ---D | M] -- C:\ProgramData\pixelStorm
[2011/04/07 07:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/01/04 09:24:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/09/19 06:57:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/11/18 15:14:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/12/01 06:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/11/25 14:37:02 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/12/21 11:42:03 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:C6D3DE2E1595B96E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
< End of report >
|
|
22.12.2012, 22:44
| #4 | |||
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Da hat sich ganz schön was angesammelt. Schritt 1: Fix mit OTLpe Fragen:
Schritt 2: Normal Booten Schritt 3: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 4: Temporäre Dateien löschen mit TFC Schritt 5: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.12.2012, 23:00
| #5 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Ja, mein PC ist extrem vollgemuellt. Er hat schon einige Jahre auf dem Ruecken und waeren nicht etliche Programme drauf, die ich jetzt nicht mehr bekommen wuerde, waere er schon laengst formatiert worden. Ist eigentlich die einzige Moeglichkeit den wieder halbwegs fit zu bekommen. Danke, sah soweit schon mal gut aus. Aber das solltest lieber du als Profi ueberpruefen. Das erzeugte Log Code:
ATTFilter ========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt deleted successfully.
C:\Users\Dell\wgsdgsdgdsgsd.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a076544-5da0-11de-8845-d24c841c8fe2}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
File H:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
C:\Windows\System32\shell32.dll moved successfully.
C:\Users\Dell\AppData\Roaming\17001.007\components folder moved successfully.
C:\Users\Dell\AppData\Roaming\17001.007 folder moved successfully.
C:\kock folder moved successfully.
C:\xmldm folder moved successfully.
C:\Users\Dell\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.js not found.
File C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
ADS C:\Windows:C6D3DE2E1595B96E deleted successfully.
ADS C:\ProgramData\TEMP:B606BA34 deleted successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 12222012_225316
|
|
22.12.2012, 23:04
| #6 |
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Ja gut soweit, nur hat mein Fix leider auch ne Datei verschoben, die nicht hätte verschoben werden sollte ... hm das müssen wir noch reparieren, wenn du normal booten kannst.
__________________ --> WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt |
|
22.12.2012, 23:09
| #7 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Da ist das Problem, er bootet nicht normal. :/ Beim Hochfahren zeigt er mir mehrere Fehlermeldungen. Unter anderm startet der explorer nicht, das Aufgabenplanungsmodul,... Haben wir noch eine Chance? P.S.: Der Bildschirm bleibt zum Ende hin schwarz und es kommen immer wieder die Fehlermeldungen vom Aufgabenplanungsmodul und das er es nicht starten konnte. |
|
22.12.2012, 23:11
| #8 |
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Ja, da ist mir leider was zwischen rein gerutscht was nicht sollte. Boote noch mal von deiner CD. Finde auf der Festplatte den Ordner c:\OTL_ und suche in den moved files die Datei C:\Windows\System32\shell32.dll und kopiere sie wieder an die korrekte Stelle. Schaffst du das?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.12.2012, 23:16
| #9 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Ich versuche mich dran. Gib mir ein paar Minuten.  |
|
22.12.2012, 23:17
| #10 |
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Dann bleib ich solange noch wach
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.12.2012, 23:30
| #11 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Astrein! Hat funktioniert. System bootet normal und ich bin wieder in meinem "geliebten Windows Vista". ^^ Ich hoffe, die Folgepunkte, die du mir oben gelistet hast, schaffe ich alleine. Oder kommt noch was "komplexeres"? Ich danke dir recht herzlich, ryder, und wünsch dir eine gute Nacht. |
|
22.12.2012, 23:31
| #12 |
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Nö das solltest du hinkriegen. Ich schau mir dann morgen dein Combofix-log an und dann killen wir den Rest der Bösewichter. Viel Spass
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.12.2012, 00:28
| #13 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Hier noch die beiden Logs meines überladenen PCs: AdwCleaner[S1] Code:
ATTFilter # AdwCleaner v2.101 - Datei am 22/12/2012 um 23:35:20 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Benutzer : Dell - DELL-XPS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Dell\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\HBLite
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Ordner Gelöscht : C:\ProgramData\HBLiteSA
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\hblitesa
Schlüssel Gelöscht : HKCU\Software\MediaHoldings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16450
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://google.icq.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Page] = hxxp://google.icq.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0 (de)
Profilname : default [Profil par défaut]
Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
Profilname : OhneShit
Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\xlblvqdc.OhneShit\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7016 octets] - [22/12/2012 23:35:20]
########## EOF - C:\AdwCleaner[S1].txt - [7076 octets] ##########
ComboFix Code:
ATTFilter ComboFix 12-12-22.02 - Dell 22.12.2012 23:56:16.1.2 - x86
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\26485ED7FA.sys
c:\users\Dell\AppData\Roaming\AcroIEHelpe.txt
c:\users\Dell\AppData\Roaming\AcroIEHelpe248.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe228.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe235.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
c:\users\Dell\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-22 bis 2012-12-22 ))))))))))))))))))))))))))))))
.
.
2012-12-23 03:53 . 2012-12-23 03:53 -------- d-----w- C:\_OTL
2012-12-22 22:27 . 2012-12-22 22:27 -------- d-----w- c:\users\Dell\AppData\Roaming\kock
2012-12-17 22:17 . 2012-12-17 22:17 -------- d-----w- c:\program files\CCleaner
2012-12-12 01:02 . 2012-12-12 01:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:02 . 2012-12-12 01:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-09 10:17 . 2012-12-09 10:48 -------- d-----w- c:\users\Dell\AppData\Roaming\GARMIN
2012-12-09 10:12 . 2012-12-09 10:16 -------- d-----w- C:\Garmin
2012-12-09 10:12 . 2007-03-08 22:18 8320 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2012-12-09 10:12 . 2007-03-08 22:18 18432 ----a-w- c:\windows\system32\drivers\grmngen.sys
2012-12-08 16:42 . 2012-12-12 00:52 -------- d-----w- c:\users\Dell\AppData\Roaming\UAs
2012-12-03 17:17 . 2012-12-03 17:54 -------- d-----w- c:\users\Dell\AppData\Roaming\TeamViewer
2012-12-01 16:38 . 2012-12-03 17:16 -------- d-----w- c:\program files\TeamViewer
2012-11-25 15:00 . 2012-11-30 21:53 -------- d-----w- c:\program files\FireFox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 18:00 . 2012-12-20 18:41 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E2F381F-B7AD-4034-939F-7BBD198D7286}\mpengine.dll
2012-09-24 22:16 . 2012-11-10 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVMUSBFernanschluss"="c:\users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-02-17 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\hilfsp~1\ICQ\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2012-7-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-17 05:58 3303000 ----a-w- c:\users\Dell\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15 3144800 ----a-w- c:\hilfsproggs\ICQ\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-03-02 17:52 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12 13605408 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-01-30 07:12 96800 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-01-30 07:12 735776 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 21:42 1354736 ----a-w- c:\spiele\Valve\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 16:34 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21 94208 ----a-w- c:\hilfsproggs\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-wilenl - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CloneCDTray - c:\hilfsproggs\FrostWire\CloneCD\CloneCDTray.exe
MSConfigStartUp-DAEMON Tools - c:\hilfsproggs\DAEMON Tools\daemon.exe
MSConfigStartUp-HBLiteSA - c:\program files\HBLite\bin\11.0.363.0\HBLiteSA.exe
MSConfigStartUp-iTunesHelper - c:\hilfsproggs\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-PCMService - c:\program files\Dell\MediaDirect\PCMService.exe
AddRemove-GTA2 - c:\windows\IsUn0407.exe
AddRemove-Surfer 7 - c:\hilfsproggs\Uniprogramme\Serfer7\Uninst.isu
AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-23 00:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,4c,44,d0,69,fc,9a,f5,c8,40,f1,db,a0,b5,5d,04,a6,9c,62,0d,93,df,c6,
fe,73,7c,9c,e4,43,21,98,fe,a3,d8,80,1c,4f,e5,83,f9,23,30,b4,f1,f8,b6,54,56,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,5f,d1,d3,b3,6e,a5,11,07,72,79,84,da,83,fb,36,46,43,cf,3e,13,
17,2a,3e,64,7a,21,cb,ad,62,e1,1c,af,1c,48,c1,b3,59,dd,6c,d3,b9,ad,00,31,e3,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23 00:11:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-22 23:10
.
Vor Suchlauf: 17 Verzeichnis(se), 44.754.051.072 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 44.571.623.424 Bytes frei
.
- - End Of File - - 2223E0226C233C2AC7B665CC2C491EF5
Wie geht's weiter? Die verseuchten, verschobenen Dateien löschen? |
|
23.12.2012, 11:06
| #14 | ||
| /// TB-Ausbilder | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Einen Rest haben wir noch: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.12.2012, 11:43
| #15 |
| | WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Er hat mir beim selbstsändigen Neustart einen "Fehler" mit dem Registrierungsschlüssel von USB-Fernanschluss (eine Fritzbox-Sache) angezeigt. Abgesehen davon, dass das eh nichts wichtiges mehr für mich ist, habe ich schon gelesen, dass das Problem nach einem erneuten Neustart nicht mehr auftreten sollte. Hier ist der (das? ^^) Log: Code:
ATTFilter ComboFix 12-12-22.02 - Dell 23.12.2012 11:23:39.1.2 - x86
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dell\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FireFox\plugin-container.exe
c:\program files\FireFox\uninstall\helper.exe
c:\program files\FireFox\updater.exe
c:\users\Dell\AppData\Roaming\appconf32.exe
c:\users\Dell\AppData\Roaming\kock
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!user32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-23 bis 2012-12-23 ))))))))))))))))))))))))))))))
.
.
2012-12-23 10:33 . 2012-12-23 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 03:53 . 2012-12-23 03:53 -------- d-----w- C:\_OTL
2012-12-23 00:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF113B60-8951-4495-8F15-275F3920D8B7}\mpengine.dll
2012-12-23 00:16 . 2012-12-23 00:16 -------- d-----w- c:\program files\Common Files\Skype
2012-12-23 00:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-12-22 23:58 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 23:58 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 23:57 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-22 23:56 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-22 23:56 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-22 23:56 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-22 23:56 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-22 23:56 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-22 23:53 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-12-17 22:17 . 2012-12-17 22:17 -------- d-----w- c:\program files\CCleaner
2012-12-12 01:02 . 2012-12-12 01:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:02 . 2012-12-12 01:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-09 10:17 . 2012-12-09 10:48 -------- d-----w- c:\users\Dell\AppData\Roaming\GARMIN
2012-12-09 10:12 . 2012-12-09 10:16 -------- d-----w- C:\Garmin
2012-12-09 10:12 . 2007-03-08 22:18 8320 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2012-12-09 10:12 . 2007-03-08 22:18 18432 ----a-w- c:\windows\system32\drivers\grmngen.sys
2012-12-08 16:42 . 2012-12-12 00:52 -------- d-----w- c:\users\Dell\AppData\Roaming\UAs
2012-12-03 17:17 . 2012-12-03 17:54 -------- d-----w- c:\users\Dell\AppData\Roaming\TeamViewer
2012-12-01 16:38 . 2012-12-03 17:16 -------- d-----w- c:\program files\TeamViewer
2012-11-25 15:00 . 2012-12-23 10:32 -------- d-----w- c:\program files\FireFox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 22:16 . 2012-11-10 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVMUSBFernanschluss"="c:\users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-02-17 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\hilfsp~1\ICQ\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2012-7-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-17 05:58 3303000 ----a-w- c:\users\Dell\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15 3144800 ----a-w- c:\hilfsproggs\ICQ\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-03-02 17:52 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12 13605408 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-01-30 07:12 96800 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-01-30 07:12 735776 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 21:42 1354736 ----a-w- c:\spiele\Valve\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 16:34 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21 94208 ----a-w- c:\hilfsproggs\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Mozilla Firefox 17.0 (x86 de) - c:\program files\FireFox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-23 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,4c,44,d0,69,fc,9a,f5,c8,40,f1,db,a0,b5,5d,04,a6,9c,62,0d,93,df,c6,
fe,73,7c,9c,e4,43,21,98,fe,a3,d8,80,1c,4f,e5,83,f9,23,30,b4,f1,f8,b6,54,56,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,5f,d1,d3,b3,6e,a5,11,07,72,79,84,da,83,fb,36,46,43,cf,3e,13,
17,2a,3e,64,7a,21,cb,ad,62,e1,1c,af,1c,48,c1,b3,59,dd,6c,d3,b9,ad,00,31,e3,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23 11:39:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-23 10:39
ComboFix2.txt 2012-12-22 23:11
.
Vor Suchlauf: 20 Verzeichnis(se), 42.978.107.392 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 42.712.551.424 Bytes frei
.
- - End Of File - - 6C62CEC46295927B0BB90D92FEE62F79
|
|
| Themen zu WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt |
| abgesicherten, abgesicherter, abgesicherter modus möglich, auslesen, bildschirm, dateien, desktop, erkannt, erstell, erstellt, falsch, gesuch, gesucht, interne, internet, kein abgesicherter modus möglich, leerzeichen, logfiles, modus, nicht erkannt, nichts, schwarzer bildschirm, verschickt, version, vista, warum, überall |
Linear-Darstellung
