| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 18:25
| #1 |
 |  Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Hallo an die freundlichen Helfer hier! Wäre schön, wenn ihr mir - wie so vielen anderen hier - helfen könntet. Ich habe mir diesen Erpressungstrojaner eingefangen. Drohung mit Bundespolizei und Zahlungsaufforderung über 100€. Ich habe einen windows vista 32 bit Rechner. Mit der Kapersky Rettungs-CD habe ich mein Glück schon versucht. Allerdings vergeblich. Beim Scan wurden jede Menge Trojaner gefunden, die ich allerdings beim ersten Mal teiweise nicht gelöscht habe, weil bei "Überspringen" "empfohlen" stand. Beim nächsten Mal habe ich dann gelöscht, was ging. Allerdings kamen dann nicht mehr so viele "Löschangebote", obwohl er wieder viel gefunden hatte. Jedenfalls hat sich nichts geändert. Der Rechner ist gesperrt und ich komme nicht hinein. Was tun? Vielen Dank schon mal im Voraus! |
|
12.06.2013, 18:32
| #2 |
| /// Malware-holic   | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. hi
__________________kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
12.06.2013, 18:41
| #3 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Das ging ja superschnell! Ich kann über mein MacBook isos brennen. Die Texte muss ich dann wohl über Stick hin und her bewegen...
__________________Melde mich! |
|
12.06.2013, 18:42
| #4 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. außer du hast über die cd internet.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 05:42
| #5 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. OTL.TXT Code:
ATTFilter OTL logfile created on: 6/13/2013 1:48:23 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 106.38 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 97.38 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive I: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
Drive J: | 390.62 Gb Total Space | 353.26 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
Drive K: | 443.23 Gb Total Space | 158.00 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/06/01 10:13:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 10:34:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/23 05:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto] -- C:\Program Files\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2008/08/13 12:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 03:34:56 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/03/09 11:29:44 | 002,232,296 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2007/03/07 10:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/20 08:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (yeddef)
DRV - File not found [Kernel | System] -- -- (qjylnhrk)
DRV - File not found [Kernel | System] -- -- (opqcbnrt)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | System] -- -- (awrvtpte)
DRV - File not found [Kernel | System] -- -- (acwsgcfe)
DRV - File not found [Kernel | Auto] -- -- (ACEDRV07)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/15 04:33:23 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/04 17:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/21 05:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/02/16 20:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/10 06:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010/01/10 11:22:24 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/19 16:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 09:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 09:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/05/01 08:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/20 08:50:42 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CGY013.sys -- (CGY013)
DRV - [2007/03/05 04:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 07:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 14:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 14:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 01:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/11 14:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 14:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/06 19:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/10/26 10:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 10:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 10:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 10:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 10:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 10:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 10:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 10:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 11:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bronson_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Bronson_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bronson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Streamer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Surfer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..network.proxy.http: "195.168.126.94"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/04 07:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 10:13:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/01 10:13:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/04 07:55:07 | 000,000,000 | ---D | M]
[2010/09/12 11:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Extensions
[2013/06/02 04:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions
[2010/09/13 13:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/02 04:41:46 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions\foxmarks@kei.com
[2010/10/05 14:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\searchplugins\conduit.xml
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/01 10:13:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\USERS\BRONSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ1H5QI5.DEFAULT\EXTENSIONS\ADMIN@PROXY-LISTEN.DE.XPI
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\Bronson_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\Bronson_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Surfer_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech BT Wizard] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TrayServer] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Bronson_ON_C..\Run: [] File not found
O4 - HKU\Bronson_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Bronson_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Bronson_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Bronson_ON_C..\Run: [gStart] File not found
O4 - HKU\Bronson_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Bronson_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Gast_ON_C..\Run: [] File not found
O4 - HKU\Gast_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Gast_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Gast_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Streamer_ON_C..\Run: [] File not found
O4 - HKU\Streamer_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Streamer_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Streamer_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Surfer_ON_C..\Run: [] File not found
O4 - HKU\Surfer_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Surfer_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Surfer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Surfer_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Bronson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5954/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Bronson_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6fa78f0a-25e3-11e2-804b-001aa01521d9}\Shell - "" = AutoRun
O33 - MountPoints2\{6fa78f0a-25e3-11e2-804b-001aa01521d9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{c502bd93-0cf5-11df-9d8f-001aa01521d9}\Shell\AutoRun\command - "" = L:\Menu.exe
O33 - MountPoints2\{fa188649-d141-11de-88b6-0007617e2816}\Shell\AutoRun\command - "" = L:\videos\player\winopen.exe "\The DaVinci Code.exe"
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK32.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Bronson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe - ()
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 11:25:07 | 000,000,000 | ---D | C] -- C:\Users\Bronson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/06/01 10:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/17 06:37:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/17 06:19:35 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/17 06:19:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/17 06:19:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/17 06:19:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/17 06:19:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/17 06:19:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/17 06:19:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/17 06:19:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/17 06:19:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/16 08:39:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/16 08:39:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/15 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Roxio
[2013/05/15 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Nero
[2013/05/15 16:58:37 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Logitech
[2013/05/15 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\GTek
[2013/05/15 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/05/15 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\SupportSoft
[2013/05/15 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/15 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/15 16:58:07 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\LocalLow
[2013/05/15 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Identities
[2013/05/15 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\VirtualStore
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Verlauf
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Temporary Internet Files
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Videos
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Musik
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Bilder
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Anwendungsdaten
[2013/05/15 16:57:09 | 000,000,000 | --SD | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft
[2013/05/15 16:57:09 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/15 16:57:09 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Temp
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Microsoft Help
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Microsoft
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Media Center Programs
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Macromedia
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local
[2007/07/11 16:24:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Surfer\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/06/12 17:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/12 17:10:55 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/12 17:09:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 17:09:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 12:02:53 | 000,163,052 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\2433f433
[2013/06/11 12:02:53 | 000,163,027 | ---- | M] () -- C:\Users\Bronson\AppData\Local\2433f433
[2013/06/11 12:02:53 | 000,163,009 | ---- | M] () -- C:\ProgramData\2433f433
[2013/06/11 11:38:26 | 000,002,655 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/06/11 11:34:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 19:37:11 | 000,018,432 | ---- | M] () -- C:\Users\Bronson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/02 08:39:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/02 08:39:33 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/02 08:39:33 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/02 08:39:33 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 06:54:46 | 000,378,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 16:57:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/05/15 10:34:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 10:34:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/14 11:50:34 | 000,002,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
========== Files Created - No Company Name ==========
[2013/06/11 12:02:53 | 000,163,052 | ---- | C] () -- C:\Users\Bronson\AppData\Roaming\2433f433
[2013/06/11 12:02:53 | 000,163,027 | ---- | C] () -- C:\Users\Bronson\AppData\Local\2433f433
[2013/06/11 12:02:53 | 000,163,009 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/15 16:58:08 | 000,000,951 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/15 16:58:06 | 000,000,946 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/05/15 16:57:55 | 000,000,917 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013/05/15 16:57:09 | 000,000,258 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/15 16:57:09 | 000,000,240 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/05 06:47:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/06 17:02:24 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll
[2011/07/06 17:02:24 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2010/12/04 09:02:38 | 000,078,214 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/11/04 07:34:03 | 000,214,603 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/08/14 09:02:18 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010/08/14 09:02:18 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/05/24 14:22:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/05/24 14:22:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/24 05:11:33 | 000,001,356 | ---- | C] () -- C:\Users\Bronson\AppData\Local\d3d9caps.dat
[2010/04/19 03:26:22 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/19 03:13:55 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/02/08 16:14:58 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/11 12:49:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 12:49:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/25 05:30:45 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2008/10/24 13:16:13 | 000,000,144 | ---- | C] () -- C:\Users\Bronson\AppData\default.pls
[2008/09/13 07:17:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/11/06 16:00:19 | 000,000,220 | ---- | C] () -- C:\Users\Bronson\AppData\Roaming\wklnhst.dat
[2007/10/31 06:49:44 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AV32UID.DAT
[2007/10/30 14:24:23 | 000,000,549 | ---- | C] () -- C:\Windows\Magix.ini
[2007/10/29 09:48:33 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/16 10:24:46 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/08/16 10:24:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/07/16 16:07:36 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/07/11 16:24:26 | 000,087,608 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\inst.exe
[2007/07/11 16:24:26 | 000,007,887 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.cat
[2007/07/11 16:24:26 | 000,001,144 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.inf
[2007/06/15 11:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/06/14 14:29:32 | 000,026,624 | ---- | C] () -- C:\Users\Surfer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 10:55:45 | 000,018,432 | ---- | C] () -- C:\Users\Bronson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 10:50:08 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/07 23:04:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/07 23:04:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 11:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,126,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,378,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,036 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 18:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 18:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2010/01/10 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\AquaSoft
[2011/12/12 14:07:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Audacity
[2011/03/10 08:08:35 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Awkux
[2013/06/06 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Axar
[2010/02/08 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\BDREBUILDER
[2011/04/05 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/03/01 05:26:23 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DAEMON Tools
[2010/08/14 09:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\dcunningham.net
[2007/12/01 08:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DeepBurner
[2007/12/26 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Doblon
[2009/12/29 07:00:10 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDforger
[2010/10/05 11:00:26 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/07 06:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\elsterformular
[2013/05/07 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Epetys
[2007/10/03 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\FRITZ!
[2009/08/15 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GARMIN
[2011/12/12 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GetRightToGo
[2013/06/01 09:10:18 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Heakx
[2011/01/08 08:38:01 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Koepis
[2008/04/01 11:24:58 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MAGIX
[2011/07/03 13:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\mkvtoolnix
[2012/09/06 04:49:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MPEG Streamclip
[2010/04/19 04:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Opera
[2011/07/17 06:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\SourceTec
[2007/11/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Template
[2011/03/10 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\uTorrent
[2013/02/14 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Vso
[2010/01/19 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Yamb
[2007/06/14 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\EPSON
[2009/08/15 07:41:11 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\GARMIN
[2011/03/10 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\uTorrent
[2007/07/11 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Vso
[2011/12/15 04:59:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2007/06/19 09:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Documents
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/08/17 12:11:06 | 000,000,000 | ---D | M] -- C:\ProgramData\ElsterFormular
[2010/01/26 12:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/08/15 07:41:11 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2012/02/04 18:42:28 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2007/10/29 08:32:40 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/02/04 18:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PDVD
[2011/10/27 16:16:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PMS
[2012/02/05 06:47:30 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008/01/24 07:41:58 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2012/03/09 13:39:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2007/07/19 12:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2008/10/20 17:40:39 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/06/20 11:17:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2013/06/12 17:10:55 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2013/05/15 16:58:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/12/14 15:51:16 | 000,000,000 | ---D | M] -- C:\Acronis.Disk.Director.Suite.10.0.0.2117
[2008/08/08 08:28:46 | 000,000,000 | ---D | M] -- C:\ATI
[2009/09/18 12:55:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2008/05/05 14:08:24 | 000,000,000 | ---D | M] -- C:\DELL
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\doctemp
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\Drivers
[2010/06/25 16:05:36 | 000,000,000 | ---D | M] -- C:\fd326dd00d379aee8698796d79ef
[2010/04/18 09:18:11 | 000,000,000 | ---D | M] -- C:\Garmin
[2009/01/31 16:11:12 | 000,000,000 | ---D | M] -- C:\MAGIX
[2008/01/24 10:02:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/11/21 14:22:03 | 000,000,000 | ---D | M] -- C:\NotenBox 7
[2008/09/12 16:36:59 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/06/02 04:40:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/06/11 19:41:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2013/06/10 14:31:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\temp
[2013/05/15 16:57:09 | 000,000,000 | R--D | M] -- C:\Users
[2011/03/22 15:18:31 | 000,000,000 | ---D | M] -- C:\vuescan
[2013/05/16 09:24:08 | 000,000,000 | ---D | M] -- C:\Windows
[2010/07/13 10:03:20 | 000,000,000 | ---D | M] -- C:\WinSV
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\drivers\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 07:12:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 07:12:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007/04/19 07:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\DELL\drivers\R157988\IDE\WinVista\sata_ide\nvstor32.sys
[2007/04/19 07:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys
[2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys
[2007/04/25 11:18:56 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\DELL\drivers\R155142\IDE\WinVista\sataraid\nvstor32.sys
[2007/05/01 08:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Drivers\storage\R155144\nvstor32.sys
[2007/05/01 08:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007/06/15 10:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/06/15 10:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 03:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 05:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006/11/02 04:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\Mein Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\SyncToyData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\StreamTransport:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Mein Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\FixFoto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\EncodeHD Log Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\CDBurnerXP Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A5B56640
< End of report >
bin gerade irritiert. Du sprichst von *beiden Logs*.Ich finde aber nur eines, OTL, das am Ende des Scans aufgegangen ist... |
|
13.06.2013, 12:07
| #6 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. hast du selbst was gelöscht? sehe keinen aktiven starteintrag
__________________ --> Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. |
|
13.06.2013, 12:49
| #7 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Nein. So wie das Logfile ausgegeben wurde, habe ich es gepostet. Anfang und Ende sind ja da. Also kann auch beim Kopieren nichts schiefgegangen sein, oder? Wie gesagt ich habe es vorher schon mit Kaspersky versucht... Der Computer ist auch immer noch gesperrt. Soll ich es noch mal machen? |
|
13.06.2013, 13:03
| #8 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. was heißt gesperrt genau, kommt immer noch das bild der Bundespolizei oder nur ein leerer desktop?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 14:16
| #9 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Immer noch das Polizeibild und es geht nichts. Ich muss dann über den Taskmanager raus. Hätte ich vielleicht vorher schon mal testen sollen: Ich arbeite über ein Benutzerkonto ohne Administratorrechte - und DAS ist gesperrt (Bundespolizeibild). Gerade habe ich gemerkt, dass ich problemlos über mein Administratorkonto reinkomme. Hätte ich vielleicht den Haken bei "Automatically Load all remaining Users" doch lassen sollen? |
|
13.06.2013, 18:56
| #10 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. ja, diesmal diesen haken lassen und noch mal scannen. sorry für die Umstände :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 19:13
| #11 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Kann ich jetzt nicht auch mit der exe-Datei vom Administrator-Konto aus scannen? |
|
13.06.2013, 19:24
| #12 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. scanne mal wie folgt im admin konto, all users auswählen versuchs erst mal mit script, wenns nicht geht ohne Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 23:43
| #13 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Here we go: OTL.Txt Code:
ATTFilter OTL logfile created on: 13.06.2013 22:55:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Surfer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,55% Memory free 4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 104,07 Gb Free Space | 46,72% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 353,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 6,35 Gb Free Space | 63,50% Space Free | Partition Type: NTFS Drive V: | 443,23 Gb Total Space | 158,00 Gb Free Space | 35,65% Space Free | Partition Type: NTFS Drive W: | 97,66 Gb Total Space | 97,38 Gb Free Space | 99,72% Space Free | Partition Type: NTFS Computer Name: ARBEITSZIMMER | User Name: Surfer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 22:52:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MpCmdRun.exe PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe PRC - [2009.05.21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Programme\dcmsvc\dcmsvc.exe PRC - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.12 09:34:56 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2007.09.20 10:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe PRC - [2007.05.29 18:06:38 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.2\program\soffice.exe PRC - [2007.05.29 15:36:02 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.2\program\soffice.bin PRC - [2007.03.15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe PRC - [2007.02.20 14:58:44 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\LBTWiz.exe PRC - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\SetPoint.exe PRC - [2007.02.08 07:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe PRC - [2006.11.05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 14:58:45 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 22:33:02 | 005,457,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1beca67411be68bc4032f757b5ea6ebb\System.Xml.ni.dll MOD - [2013.01.10 17:47:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Programme\dcmsvc\dcmsvc.exe MOD - [2007.06.13 15:18:54 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.10 20:07:06 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.2\program\libxml2.dll MOD - [2006.11.05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll MOD - [2006.11.05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MOD - [2006.10.26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL ========== Services (SafeList) ========== SRV - [2013.06.13 17:34:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.01 16:13:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.12 09:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) SRV - [2007.03.07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\yeddef.sys -- (yeddef) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qjylnhrk.sys -- (qjylnhrk) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\opqcbnrt.sys -- (opqcbnrt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\awrvtpte.sys -- (awrvtpte) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akpyuahy) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\acwsgcfe.sys -- (acwsgcfe) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2013.06.13 22:47:53 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9054534-1553-4074-AAEA-56261A724C83}\MpKsleb8b63a6.sys -- (MpKsleb8b63a6) DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.12.15 10:33:23 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.12.04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.09.21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011.02.17 02:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010.06.10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2010.01.10 17:22:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.09.19 22:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 15:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.06.13 15:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.05.01 14:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.03.20 14:50:42 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY013.sys -- (CGY013) DRV - [2007.03.05 10:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2007.02.25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007.02.08 07:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2006.11.07 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006.10.26 16:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006.10.26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.10.26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006.10.26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.10.26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.10.26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.10.26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.10.26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes] IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608 IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.11.04 13:55:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.01 16:13:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.01 16:13:04 | 000,000,000 | ---D | M] [2009.02.09 21:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\Extensions [2013.06.13 18:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\Firefox\Profiles\iwxvsxla.default\extensions [2013.06.13 18:53:08 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\firefox\profiles\iwxvsxla.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.06.01 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.06.01 16:13:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.06.01 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.01 16:13:52 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [] File not found O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Bronson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5954/mcfscan.cab (McFreeScan Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887CE4E6-BA6A-45F8-B1AD-D6FA1D05E390}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B42096DF-58CE-4304-8E81-75AB29F28A74}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK32.EXE - (WinZip Computing, S.L.) MsConfig - StartUpFolder: C:^Users^Bronson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\Programme\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe - () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 22:52:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe [2013.06.13 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2013.06.13 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Surfer\AppData\Local\Macromedia [2013.06.13 16:43:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.06.01 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2007.07.11 22:24:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Surfer\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013.06.13 22:52:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe [2013.06.13 22:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 22:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 22:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 20:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.13 19:00:36 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.11 18:02:53 | 000,163,009 | ---- | M] () -- C:\ProgramData\2433f433 [2013.06.02 14:39:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 14:39:33 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 14:39:33 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 14:39:33 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.17 12:54:46 | 000,378,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.11 18:02:53 | 000,163,009 | ---- | C] () -- C:\ProgramData\2433f433 [2012.02.05 12:47:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.07.06 23:02:24 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll [2011.07.06 23:02:24 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini [2010.08.14 15:02:18 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi [2010.08.14 15:02:18 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik [2007.11.25 12:53:20 | 000,000,231 | ---- | C] () -- C:\Users\Surfer\Goya.ini [2007.07.16 22:07:36 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.11 22:24:26 | 000,087,608 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\inst.exe [2007.07.11 22:24:26 | 000,007,887 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.cat [2007.07.11 22:24:26 | 000,001,144 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.inf [2007.06.14 20:29:32 | 000,026,624 | ---- | C] () -- C:\Users\Surfer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.01.10 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\AquaSoft [2011.12.12 20:07:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Audacity [2011.03.10 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Awkux [2013.06.06 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Axar [2010.02.08 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\BDREBUILDER [2011.04.05 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2008.03.01 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DAEMON Tools [2010.08.14 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\dcunningham.net [2007.12.01 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DeepBurner [2007.12.27 02:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Doblon [2009.12.29 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDforger [2010.10.05 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.07 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\elsterformular [2013.05.08 01:37:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Epetys [2007.10.03 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\FRITZ! [2009.08.15 15:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GARMIN [2011.12.12 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GetRightToGo [2013.06.01 15:10:18 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Heakx [2011.01.08 14:38:01 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Koepis [2008.04.01 17:24:58 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MAGIX [2011.07.03 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\mkvtoolnix [2012.09.06 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MPEG Streamclip [2010.04.19 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Opera [2011.07.17 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\SourceTec [2007.11.06 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Template [2011.03.10 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\uTorrent [2013.02.14 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Vso [2010.01.19 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Yamb [2007.06.14 21:25:32 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\EPSON [2009.08.15 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\GARMIN [2011.03.10 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\uTorrent [2007.07.11 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Vso ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.05.15 22:58:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.12.14 21:51:16 | 000,000,000 | ---D | M] -- C:\Acronis.Disk.Director.Suite.10.0.0.2117 [2008.08.08 14:28:46 | 000,000,000 | ---D | M] -- C:\ATI [2009.09.18 18:55:19 | 000,000,000 | -HSD | M] -- C:\Boot [2013.06.13 22:46:36 | 000,000,000 | ---D | M] -- C:\DELL [2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\doctemp [2007.06.14 16:44:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\Drivers [2010.06.25 22:05:36 | 000,000,000 | ---D | M] -- C:\fd326dd00d379aee8698796d79ef [2010.04.18 15:18:11 | 000,000,000 | ---D | M] -- C:\Garmin [2009.01.31 22:11:12 | 000,000,000 | ---D | M] -- C:\MAGIX [2008.01.24 16:02:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.11.21 20:22:03 | 000,000,000 | ---D | M] -- C:\NotenBox 7 [2008.09.12 22:36:59 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.02 10:40:54 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.12 01:41:50 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.06.14 16:44:15 | 000,000,000 | -HSD | M] -- C:\Programme [2013.06.13 16:43:31 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.06.13 22:58:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\temp [2013.05.15 22:57:09 | 000,000,000 | R--D | M] -- C:\Users [2011.03.22 21:18:31 | 000,000,000 | ---D | M] -- C:\vuescan [2013.05.16 15:24:08 | 000,000,000 | ---D | M] -- C:\Windows [2010.07.13 16:03:20 | 000,000,000 | ---D | M] -- C:\WinSV < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:01:49 | 000,032,604 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.15 14:41:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys [2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\drivers\atapi.sys [2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.15 13:12:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.15 13:12:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys [2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.04.19 13:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\DELL\drivers\R157988\IDE\WinVista\sata_ide\nvstor32.sys [2007.04.19 13:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys [2007.04.25 17:18:56 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\DELL\drivers\R155142\IDE\WinVista\sataraid\nvstor32.sys [2007.05.01 14:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Drivers\storage\R155144\nvstor32.sys [2007.05.01 14:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.06.15 16:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.06.15 16:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.01.10 17:22:24 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll < %USERPROFILE%\*.* > [2007.11.25 12:53:20 | 000,000,231 | ---- | M] () -- C:\Users\Surfer\Goya.ini [2013.06.13 23:14:16 | 001,310,720 | -HS- | M] () -- C:\Users\Surfer\ntuser.dat [2013.06.13 13:53:02 | 000,001,024 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG [2013.06.13 23:14:16 | 000,262,144 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG1 [2007.06.14 20:25:59 | 000,000,000 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG2 [2013.06.13 18:58:46 | 000,065,536 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.06.13 18:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2007.06.14 21:33:17 | 000,524,288 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2007.06.14 20:26:00 | 000,000,020 | -HS- | M] () -- C:\Users\Surfer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\PcSetup:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\Mein Garmin:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\MAGIX Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\ConvertXtoDVD:Roxio EMC Stream @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A5B56640 < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.06.2013 22:55:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Surfer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,55% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 104,07 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 353,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,35 Gb Free Space | 63,50% Space Free | Partition Type: NTFS
Drive V: | 443,23 Gb Total Space | 158,00 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive W: | 97,66 Gb Total Space | 97,38 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
Computer Name: ARBEITSZIMMER | User Name: Surfer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028B900C-C36F-430F-B169-85DBA56EDE43}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{03F50809-DA43-4CBC-A20A-AA6A2033F24E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E298EB7-E098-458A-9755-8F39967FD1FC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{2F24DB94-1843-4898-B7B2-8F2E6C6B80A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{30ADB73F-D74C-4B36-805C-6B16864581EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4859D2C9-3564-4DA7-A3E3-A5B49289E137}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{6116DAC2-3FD7-43B2-B265-3D597E69C6B8}" = lport=19376 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{6A289C59-C127-47B3-B630-6F8FE829E0EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6B1DDFBF-3CCA-4249-AD92-A8F08A319A32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7400C14E-116B-4BD1-A071-66479F2F70B0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A9006DA4-3F9F-4572-9C02-F5388B4E4959}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{ABD2C371-D9D8-4E0B-94EA-100FE733FF91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B6504A18-222F-48A7-99BD-16C7BA734D82}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE581EEC-DBC8-4B0B-AA04-6DC656A328C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CBCD9127-6224-40FF-9A98-9CA45E0E320C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DBFD2407-2823-4401-9919-515DFD75AC45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DFC6B5B1-1F46-444D-B198-23D1B7C148E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F27CA33D-7B22-4CC7-9823-BDDC2D11A3B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F322D7BF-592C-4383-9843-E5282FF45A8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F4007769-7878-4137-9BB3-53E85ABDD43B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F62E8070-A32D-473E-A339-722F1477E826}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008B3223-18E4-407C-B346-C2AEF9157F5A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{02D49743-E068-4FD2-8712-4A0745419841}" = dir=in | app=f:\setup\hpznui01.exe |
"{0D48027F-7E33-43AF-B5F9-41C28FA549F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{168579CC-356F-4E8A-86BF-EF06BFD8E702}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{17392DEA-ACAC-43B4-9216-824B7D3840A3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1C967666-2D7E-41D4-ABF0-4B3E936E7281}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{1CAC0A75-8C80-4803-8558-91FE804790F1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1DDDC8B5-E0C6-49C1-A35B-C16E40AD03BE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1E6D0FA7-E2D3-4852-AC0E-4BF37ECB5078}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{25C8456C-080E-4BF9-A69E-86577A9EC0CC}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{265A53D2-8BF9-4401-BDC1-C05145A29D03}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2943BF62-CB7E-424F-806C-9E35D49EAEAE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2B66A715-C3CB-42EF-A27B-293BB0D56F70}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3AB9984B-7741-4E77-B28A-B81191AA465A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C90B9D4-0546-47C5-9F6C-6F13F2E47F8E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4046FD5C-850F-477A-B246-CCB9F4EFF221}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{437790E8-89B8-4359-B8A5-FB79C54E3C22}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{4FD14736-3BC5-41A6-A8D5-010A513213D0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{54C94183-A635-4A8E-A50D-341A30F4BC2E}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{590FFB55-7850-4072-9314-B9704D18AC8D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5A2324AF-0C65-4C76-B394-2DF4269BFD90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5AA7A9FF-F896-45E6-87B5-3A93FB988867}" = protocol=6 | dir=out | app=system |
"{5AEF9540-FD22-438D-8542-F692EC4A99CE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5D0A9031-3E74-4F56-9DFC-56970708E663}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{61DCF139-C9E4-424F-9FFF-C833FDCA4230}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{67074754-771B-4401-B5BD-7C969157EF44}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{75264807-E53D-476B-9CEC-477014D549C2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{75738018-D318-4BAD-AAFF-6C73910EECCF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{76715CAD-2F57-4B29-B903-419F7A8E65CB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7DC8D83C-1541-4462-B1CF-CE471E0B4A3A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{8108F398-F395-4626-9392-B57CE2290A64}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{84FEB347-82AD-44A3-8C33-C34B0CF77447}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{904503E4-169B-4374-8268-5979AA5E7758}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{992635D8-39C2-4CE1-9645-C65CDCA4C64C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{9C6BFD56-C172-4917-AE31-6E4B589CA720}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A51EDBD5-C64A-426A-8D1E-B6FE4D0932D5}" = protocol=6 | dir=out | app=system |
"{BB3B47B7-2DC3-4C9E-9B53-3EC5637075E7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{BDFCD91D-B0A0-42DF-ADF3-C1300B416D64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C63AC76F-EB15-49DE-B54C-CB1A23E3B3D9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{DD16587F-9991-4A80-A6BF-46A58D49C5AC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{DDFA94E5-D2BE-4370-BADA-ABFEEB4CCE78}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{E9BCF793-4FA3-4A4D-A1E4-DA526BC9F666}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{EB30A4BC-6191-4D58-937E-A3BB50A2B013}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F335E70D-B78B-4C21-B1B0-B9DED4BF23AC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{FC45ADE9-1196-44FB-B3F8-CDB7F89F2AF7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FEFC9BE7-3EAB-42EC-AED1-2084A6853803}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{0047DBA1-8DE7-48D4-B230-0C58DFBD574A}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe |
"TCP Query User{199151DE-A5C0-4836-BDD0-ADD7AA1B347C}C:\program files\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\media player classic\mplayerc.exe |
"TCP Query User{28967162-AB10-4540-B552-1EFB4DE716B2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{342FC930-7D38-4207-8ADB-D8EA955E8F9A}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe |
"TCP Query User{3D089629-FDCD-4906-BAC3-795299E76ACB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{56CB539F-E896-46ED-ABD1-D332812D4220}C:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{601DDA69-0F3A-45BE-813C-426920D2D3E7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{63808629-C8D4-4D58-B268-8DE6221A4268}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{64293E84-0795-446B-9EF4-D01FDB39E24D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{814DD0EC-F766-4AFF-9207-D5D3EB2DB27C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{86EF3E1B-894F-4C5B-BF80-551E697B966F}C:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{93D91A41-8DB8-4A4A-A563-9322DB9AEA30}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{B3222697-B8C7-42DD-ABF7-215A66869A1E}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{B7AC91E7-0BDB-4DEA-A426-EB2A74026485}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{BBFB7AC2-3491-450F-8A2C-626A39C6DEA3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{DA38AB85-3BCC-400C-A898-D09E429B0F02}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DA9F8C95-7C2E-4520-A2B1-7091B0791A1D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{E897DAF6-846A-4925-86C1-F32AC046C5C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0D84ECFB-7246-4DE4-BEE6-EE3CC73BB742}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe |
"UDP Query User{1460E5EE-1738-4CDE-B19A-D02EF898D881}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1FA5D712-2FAD-40D8-B8BB-789B7367C23D}C:\program files\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\media player classic\mplayerc.exe |
"UDP Query User{38DC34CA-4561-49DA-8B96-29F287C3744C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{3C5C223B-C733-40FB-889C-B7D6EE38B9A0}C:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{3FB29413-8FC8-478C-A1B9-C498254935FE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5C2901CA-64D5-4CAD-B2A4-F08ED67748E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{607788EA-CD41-4DC0-A915-F4D567977064}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{6959C338-C75B-40B5-ABB4-BE608D67229E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7673EC5C-F9CF-45DC-AD3C-80B3ED917625}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7BE8591A-5C79-4F45-999E-E654DCBEFA30}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9D2A509B-A230-4AEF-9BE7-2472C7F91537}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{B78C7574-91CD-4AED-A400-CC6BEE762D91}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B79EB157-650E-4BE4-A0B7-510C8CBD435C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CD9F492F-9EDB-4097-B496-93865BD1A244}C:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{EADA1059-1C92-4177-A341-7035CC32126C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ECF02F69-9D93-4603-B39A-EC3584B3EEEE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F03EFB37-9C3E-4915-A6AD-5C44F015BC90}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{030A939C-9D2B-4095-A4FD-6B12FCB3C978}" = DISC TITLE PRINTER
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{0F693D04-8FD8-0D7A-109B-C9BE06EEE6B7}" = ccc-core-static
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3000D7AB-27E6-319E-7B9A-686F1880C64C}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3168528D-D485-2178-0993-348B450F83D2}" = Catalyst Control Center Graphics Full New
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{458825D3-272D-1BE0-A066-A270A65A4C41}" = Catalyst Control Center Core Implementation
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B4C42B-A110-4236-95C8-AA4B137C16AC}" = EPSON CopyFactory
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FFD817C-5D4F-E4CF-8B50-0CCAD44989DF}" = CCC Help German
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67637C64-743D-4C45-A1E1-D5FB4E1C0250}" = AVCHDCoder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{704DC225-2E14-EF16-2EF6-2B642B119A22}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9624BF70-FDBE-0767-58BF-A151BDF9D396}" = Catalyst Control Center Graphics Light
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B92288B-5DC5-74A2-5E76-C4DE4864B76E}" = Warner Bros. Digital Copy Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8 Demo
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D4948A0D-402F-4966-AE08-76574503E9A4}" = UltraEdit 14.20
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB6BAC4C-0592-8773-5EC6-77B59CDDB260}" = Catalyst Control Center Graphics Previews Vista
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{E7C6F560-316B-AC49-EF05-95ED32C0B6D9}" = Skins
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F41857B5-0762-D5D9-2118-0DC14EED2773}" = Catalyst Control Center Graphics Full Existing
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Privacy Cleaner_is1" = Advanced Privacy Cleaner 1.1
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"AVMFBox" = FRITZ!Box
"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dcmsvc_is1" = dcmsvc 1.0
"dlancockpit" = devolo dLAN Cockpit
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"FixFoto_is1" = FixFoto 2.91
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4.10
"Free YouTube Download_is1" = Free YouTube Download 2.10
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.60
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MIDI to MP3 Converter" = MIDI to MP3 Converter 2.4 build 775
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NotenBox7_is1" = AWIN NotenBox 7
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.15.1748" = Opera 12.15
"Photo To Sketch_is1" = Photo To Sketch 3.51
"PhotoFiltre" = PhotoFiltre
"PS3 Media Server" = PS3 Media Server
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealAlt_is1" = Real Alternative 2.0.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinZD_is1" = WinZD 2012-08
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZTestHL_is1" = ZTestHL 7.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2013 08:33:09 | Computer Name = Arbeitszimmer | Source = Windows Search Service | ID = 3013
Description =
Error - 16.05.2013 08:33:09 | Computer Name = Arbeitszimmer | Source = Windows Search Service | ID = 3013
Description =
Error - 17.05.2013 17:19:09 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 17.05.2013 22:11:09 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 01.06.2013 19:05:41 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 03.06.2013 20:21:11 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 04.06.2013 12:46:43 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 07.06.2013 10:25:48 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 10.06.2013 17:40:06 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
Error - 13.06.2013 12:58:43 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description =
[ OSession Events ]
Error - 11.02.2010 17:08:00 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 153
seconds with 120 seconds of active time. This session ended with a crash.
Error - 20.09.2011 13:19:23 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3738
seconds with 1560 seconds of active time. This session ended with a crash.
Error - 20.09.2011 13:19:39 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.01.2012 19:31:11 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.06.2013 13:59:13 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 11.06.2013 11:25:23 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 11.06.2013 12:13:52 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 11.06.2013 12:21:35 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 11.06.2013 12:35:04 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 11.06.2013 17:48:12 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 12.06.2013 09:49:33 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 12.06.2013 17:10:19 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 13.06.2013 11:19:53 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
Error - 13.06.2013 16:48:32 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
14.06.2013, 12:56
| #14 |
| /// Malware-holic | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
File not found
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 09:05
| #15 |
| | Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. Erst Mal: Vielen Dank, die Sperrung ist weg!!! Grandios! Kurz vor dem Fix hat sich windows-update gemeldet. Ich habe es auf später verschoben, aber es sich dann bei dem Neustart reingemischt. Vielleicht liegt es daran, dass das Textdokument nicht erstellt wurde. Ein mit Datum und Uhrzeit benannter Ordner ist am entsprechenden Ort, aber der ist leer. Bei den Programmen ist mir bisher nichts Ungewöhnliches aufgefallen. Ich habe aber auch noch nicht so viel gemacht. |
|
| Themen zu Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. |
| 32 bit, andere, anderen, bundespolizei, compu, computer, computer gesperrt, drohung, empfohlen, gefunde, gelöscht, gesperrt, helfer, kapersky, menge, nicht mehr, nichts, rojaner gefunden, scan, schön, trojaner gefunden, versuch, vista, vista 32, windows, windows vista, zahlungsaufforderung |
Linear-Darstellung
