|
Plagegeister aller Art und deren Bekämpfung: HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.dWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.05.2010, 06:47 | #1 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hi Leute, bitte ich brauche Hilfe ich drehe bald noch durch von diesem Virus Rootkit Win32.TDSS.d. Ich habe schon viel probiert, mein Kaspaerov hat den Virus gefunden kann ihn aber nicht neutralisieren. Was soll ich machen, tdskiller > wirkungslos kasperaov > wirkungslos Avira AntiVir Rescue System CD > wirkungslos Hijackthis online analyse > wirkungslos AD WARE Tool > wirkungslos Bitte helft mir, ich habe keine Ahnung was ich machen soll. |
11.05.2010, 10:12 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
11.05.2010, 12:17 | #3 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hey, hier mein Logfile mit Malwarebytes
__________________------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4089 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11.05.2010 21:08:07 mbam-log-2010-05-11 (21-08-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 299838 Laufzeit: 1 Stunde(n), 28 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) -------------------------------------------------------------------------- Hier das Logfile von OTL OTL logfile created on: 11.05.2010 21:12:26 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\ionloner\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,24 Gb Total Space | 84,54 Gb Free Space | 29,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,58% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IONLONER-PC Current User Name: ionloner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\ionloner\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Google Earth\client\googleearth.exe (Google) PRC - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe (ArcSoft, Inc.) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\ionloner\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ASKUpgrade) -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- C:\Programme\AskBarDis\bar\bin\AskService.exe () SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (klmdb) -- C:\Windows\System32\drivers\klmdb.sys (Kaspersky Lab, SLA) DRV - (iaStor) -- C:\Windows\system32\drivers\tsk1B4F.tmp (Intel Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.64.21:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..network.proxy.ftp: "172.16.64.21" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "172.16.64.21" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "172.16.64.21" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.16.64.21" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "172.16.64.21" FF - prefs.js..network.proxy.ssl_port: 8080 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.05 19:00:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.05 19:00:15 | 000,000,000 | ---D | M] [2010.05.05 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Extensions [2010.02.11 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.05.11 00:34:18 | 000,000,000 | ---D | M] -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions [2010.05.05 19:08:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.07 13:08:32 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\ionloner\AppData\Roaming\mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.05.08 16:12:03 | 000,000,873 | ---- | M] () -- C:\Users\ionloner\AppData\Roaming\Mozilla\FireFox\Profiles\jkaytggo.default\searchplugins\conduit.xml [2010.05.10 13:46:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.10 13:46:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2007.03.02 23:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 21:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.08 00:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 23:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2010.04.02 02:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.02 02:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.02 02:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.02 02:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.02 02:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [StartServicePHABWLA] C:\Users\ionloner\AppData\Local\PHABWLA\StartService.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.11 01:20:02 | 000,014,639 | RHS- | M] () - E:\autorun.inf -- [ FAT ] O33 - MountPoints2\{29717797-ce57-11de-8e85-001dbaf14fbe}\Shell - "" = AutoRun O33 - MountPoints2\{29717797-ce57-11de-8e85-001dbaf14fbe}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{df3073b6-ff37-11de-81e1-001dbaf14fbe}\Shell - "" = AutoRun O33 - MountPoints2\{df3073b6-ff37-11de-81e1-001dbaf14fbe}\Shell\AutoRun\command - "" = H:\MI.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\MI.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.11 15:53:05 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys [2010.05.11 14:55:19 | 000,000,000 | ---D | C] -- C:\Avenger [2010.05.10 13:45:37 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.05.10 13:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.05.10 13:45:09 | 000,280,592 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.05.10 13:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.05.07 13:08:00 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.05.07 13:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.05.07 09:09:30 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.05.07 09:09:30 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.05.01 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\Malwarebytes [2010.05.01 17:03:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.01 17:03:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.01 17:03:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.01 17:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.01 17:02:42 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.24 08:16:33 | 000,000,000 | ---D | C] -- C:\Users\ionloner\Documents\NeroVision [2010.04.22 17:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.04.22 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Local\Nero_AG [2010.04.20 12:40:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.04.18 19:29:35 | 000,000,000 | ---D | C] -- C:\Programme\IndieVolume [2010.04.18 13:53:04 | 000,000,000 | ---D | C] -- C:\Programme\Winload [2010.04.18 13:52:59 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\SparweltGutschein [2010.04.17 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Local\PHABWLA [2010.04.17 20:57:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.04.16 13:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.16 10:15:09 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\Nero [2010.04.16 09:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Nero [2010.04.16 09:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.04.16 09:51:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero [2010.04.15 21:30:12 | 000,000,000 | ---D | C] -- C:\Programme\TuneUpMedia [2010.04.15 21:30:10 | 000,000,000 | ---D | C] -- C:\Users\ionloner\AppData\Roaming\TuneUpMedia [2010.04.15 21:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia [2010.04.15 21:24:59 | 000,000,000 | ---D | C] -- C:\Programme\Vuze_Remote [2010.04.15 11:23:21 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 11:23:21 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 11:23:20 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2 C:\Users\ionloner\AppData\Roaming\*.tmp files -> C:\Users\ionloner\AppData\Roaming\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.11 21:14:28 | 003,932,160 | -HS- | M] () -- C:\Users\ionloner\ntuser.dat [2010.05.11 20:49:29 | 000,101,305 | ---- | M] () -- C:\Users\ionloner\Desktop\Image085.jpg [2010.05.11 20:48:39 | 000,063,170 | ---- | M] () -- C:\Users\ionloner\Desktop\yukata.jpg [2010.05.11 20:19:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.11 16:04:31 | 000,011,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.11 16:04:31 | 000,011,120 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.11 15:56:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.11 15:55:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.11 15:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.11 15:55:43 | 2389,995,520 | -HS- | M] () -- C:\hiberfil.sys [2010.05.11 15:53:46 | 006,291,456 | -H-- | M] () -- C:\Users\ionloner\AppData\Local\IconCache.db [2010.05.11 15:53:05 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys [2010.05.11 15:40:24 | 000,028,520 | ---- | M] () -- C:\Windows\System32\drivers\ssmdrv.sys [2010.05.11 15:02:48 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.11 15:02:48 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.11 15:02:48 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.11 15:02:48 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.11 15:02:48 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.11 15:01:08 | 000,019,286 | ---- | M] () -- C:\cleanup.exe [2010.05.11 15:01:06 | 000,000,574 | ---- | M] () -- C:\cleanup.bat [2010.05.11 15:01:05 | 000,135,168 | ---- | M] () -- C:\zip.exe [2010.05.11 13:43:02 | 000,455,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.11 00:47:01 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys [2010.05.11 00:20:02 | 388,705,029 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.05.10 15:59:34 | 000,011,678 | ---- | M] () -- C:\Users\ionloner\Desktop\Dear Madam.docx [2010.05.10 14:09:20 | 000,280,592 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.05.10 14:09:20 | 000,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys [2010.05.10 14:09:18 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.05.10 14:09:18 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.05.10 13:47:24 | 000,604,140 | -HS- | M] () -- C:\Windows\System32\drivers\ISwift3.dat [2010.05.09 11:45:24 | 000,002,039 | ---- | M] () -- C:\Users\ionloner\Desktop\HijackThis.lnk [2010.05.05 19:00:19 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.05.03 00:54:51 | 000,000,233 | ---- | M] () -- C:\Windows\WININIT.INI [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.19 13:20:43 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.17 10:44:34 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI [2010.04.15 21:25:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2 C:\Users\ionloner\AppData\Roaming\*.tmp files -> C:\Users\ionloner\AppData\Roaming\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.11 20:49:15 | 000,101,305 | ---- | C] () -- C:\Users\ionloner\Desktop\Image085.jpg [2010.05.11 20:48:26 | 000,063,170 | ---- | C] () -- C:\Users\ionloner\Desktop\yukata.jpg [2010.05.11 14:53:24 | 000,135,168 | ---- | C] () -- C:\zip.exe [2010.05.11 14:53:24 | 000,019,286 | ---- | C] () -- C:\cleanup.exe [2010.05.11 14:53:24 | 000,000,574 | ---- | C] () -- C:\cleanup.bat [2010.05.10 15:59:33 | 000,011,678 | ---- | C] () -- C:\Users\ionloner\Desktop\Dear Madam.docx [2010.05.10 13:47:24 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat [2010.05.10 13:46:31 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.05.10 13:46:31 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.05.05 19:00:19 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.05.02 14:01:55 | 000,002,039 | ---- | C] () -- C:\Users\ionloner\Desktop\HijackThis.lnk [2010.04.30 02:01:24 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.04.19 13:20:43 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.17 20:56:59 | 388,705,029 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.04.17 10:44:34 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.02.06 22:05:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll [2010.01.16 08:20:23 | 000,028,520 | ---- | C] () -- C:\Windows\System32\drivers\ssmdrv.sys [2009.11.11 09:28:39 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.11.10 23:56:53 | 000,000,233 | ---- | C] () -- C:\Windows\WININIT.INI [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 10:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.04.24 22:54:47 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.03.24 03:53:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll [2009.03.24 03:52:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll < End of report > und der zweite log von olt OTL Extras logfile created on: 11.05.2010 21:12:26 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\ionloner\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,24 Gb Total Space | 84,54 Gb Free Space | 29,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,58% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IONLONER-PC Current User Name: ionloner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy "{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{183372B8-A3C2-063B-5C9E-B5C3E09F7158}" = CCC Help Norwegian "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library "{1A364B62-F80D-4AD7-B067-0BA369719286}" = VAIO Content Metadata Manager Settings "{1D2DF848-BA1C-6D29-8DC6-A8EBC85B2128}" = CCC Help Thai "{1F07C5EC-A79E-9A66-7BE8-352E18A21CC9}" = ATI Catalyst Install Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2176C142-DEE5-8AF0-9257-CA2E65368A52}" = CCC Help Finnish "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{27EA389E-B0D3-E606-A801-C397BC417B00}" = Catalyst Control Center Graphics Previews Common "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{32DD0B80-68A4-2BAD-6D43-D2A6A7732AA2}" = CCC Help Hungarian "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{33F55462-96AF-0D67-AAF3-5ACBDE186FF7}" = CCC Help Dutch "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{359391F9-1A4D-A988-D62D-0F33C59AFDF6}" = CCC Help English "{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components "{36FBD8D7-CEFC-2BFD-9E50-CDEA040D5F47}" = CCC Help Swedish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3C7C4990-D713-E889-63E7-214D35B55B18}" = Catalyst Control Center Graphics Previews Vista "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform "{4C5FC19D-AE05-3F78-4336-90116C43400E}" = CCC Help French "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4E64FCCA-AE91-609C-6646-3BA7B2542C17}" = CCC Help Russian "{4F29AF49-2F30-4E33-416B-E373ACE30B03}" = Catalyst Control Center Core Implementation "{51CBB909-7A5D-1B81-2F79-219231F0C7A6}" = Catalyst Control Center InstallProxy "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0 "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5CCB5E3A-8FA6-E1B8-082E-507493C836CD}" = Catalyst Control Center Localization All "{5D9F5605-4B95-A700-B10E-FC5DBE052D18}" = CCC Help Italian "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{627C5AC0-772C-4661-B696-42E04AEB1872}" = lingDIALOG "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{653C3AFC-E8BB-E745-DEE8-A9EA8ED5D432}" = CCC Help Greek "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6CCAF3C8-8B77-3601-6E9C-E85E9444B0E6}" = CCC Help Chinese Traditional "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7C8744A5-DED2-028E-C0B7-42AAA764E806}" = CCC Help Korean "{7CF4115F-8947-2E35-718E-9AE7907FDD34}" = Catalyst Control Center Graphics Full New "{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B1CF7D7-9D45-6FB7-8B8A-72E804B74ACD}" = CCC Help Danish "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{96AE9B73-23A5-3781-07EE-D873CDF1935A}" = CCC Help Polish "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{97F52122-E41C-C805-3981-E8686E073978}" = CCC Help Chinese Standard "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2 "{99804FF5-11AC-4FC9-B66B-72E9A6B386BC}" = ccc-core-static "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins "{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library "{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding "{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A82C622C-22E2-409E-7113-EB749DEBC9F7}" = CCC Help Portuguese "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA66EAEF-E6F9-BB8A-1463-72BE38F70856}" = CCC Help Japanese "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch "{AEF0D6B2-1087-3D96-624F-B83A5EBD175D}" = Catalyst Control Center Graphics Full Existing "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5 "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{d0cf1a75-38d3-4d7b-a0d6-7d81bea65c0c}" = Nero 9 Trial "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2004393-13BB-E18E-B1BF-19D758AFCD8D}" = CCC Help Spanish "{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0 "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox "{D6FBA785-DF2D-48C5-B238-40ABBD8EB780}" = Langenscheidt Vokabeltrainer 4.0 Englisch "{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD21CAA4-C666-656A-0717-064BFCB850A9}" = ccc-utility "{DDAF9A24-31F2-998B-79F3-F02580284D50}" = CCC Help Turkish "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E9DC3DE6-B510-FF40-F696-CFA52F9916FE}" = CCC Help German "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F29F2FAC-3F7E-4302-689C-C6579A19B3FC}" = CCC Help Czech "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F50D41C8-AC24-3FCD-D3AB-10C2D7CBDFB8}" = Catalyst Control Center Graphics Light "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Ask Toolbar_is1" = Vuze Toolbar "BearShare" = BearShare "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dt icon module" = "DVD Shrink_is1" = DVD Shrink 3.2 "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Grammatiktrainer 4.0 Englisch" = Langenscheidt Grammatiktrainer 4.0 Englisch "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal "LimeWire" = LimeWire 5.4.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MarketingTools" = VAIO Marketing Tools "MFU Module" = "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "PremElem70" = Adobe Premiere Elements 7.0 "PremElem70Templates" = Adobe Premiere Elements 7.0 Templates "Red Alert" = Red Alert Windows 95 "SurfMusik 3.1a_is1" = SurfMusik 3.1a "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUpMedia" = TuneUp Companion 1.6.4 "Uninstall_is1" = Uninstall 1.0.0.1 "VAIO Help and Support" = "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.1 "Vuze_Remote Toolbar" = Vuze_Remote Toolbar "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich hoffe du kannst mir helfen, das nervt gewaltig beim surfen und der PC is so langsam..... |
11.05.2010, 12:57 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Poste bitte noch das Kaspersky Logfile mit den Funden. Schön wären auch Logs mit GMER und OSAM wenn da tatsächlich ein Rootkit werkelt.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2010, 13:50 | #5 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hi danke für die Hilfe. Leider habe ich Kasperov gelöscht und mir G-Data besorgt, da es ständig abgestürzt ist. So nun die zwei geforderten Logs. Zuerst der GMER gefolgt von OSAM Log GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-05-11 22:35:25 Windows 6.1.7600 Running: f7y08ijk.exe; Driver: C:\Users\ionloner\AppData\Local\Temp\uxriikod.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832243F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8320C634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8320C898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832241DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832246F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83224F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832251A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83284599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832A8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spzm.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E2B000, 0x2D556C, 0xE8000020] .text USBPORT.SYS!DllUnload 92438CA0 5 Bytes JMP 873BD1D8 .text peauth.sys 9F612C9D 28 Bytes [84, 92, 1D, 24, 43, 84, AD, ...] .text peauth.sys 9F612CC1 28 Bytes [84, 92, 1D, 24, 43, 84, AD, ...] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75765E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 857451F8 Device \FileSystem\fastfat \FatCdrom 857911F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433766ab6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x20 0x48 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433766ab6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x20 0x48 0x07 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@malamdockeagcpkpdknkkgeiee 0x64 0x61 0x64 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@lalamdockeagcpkpnjpkbpji 0x64 0x62 0x64 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}@labbnmpmfjppknainpggkjgo 0x64 0x62 0x65 0x65 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: copy of MBR ---- EOF - GMER 1.0.15 ---- Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:46:15 on 11.05.2010 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Boot Execute HKLM\SYSTEM\CurrentControlSet\Control\Session Manager |||||| "BootExecute" C:\Windows\system32\lsdelete.exe File found, but it contains no detailed information Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "PhysX.cpl" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists |||||| "Nero BurnRights 10" "Nero AG" C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl File exists |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "ElbyCDIO Driver" (ElbyCDIO) "Elaborate Bytes AG" C:\Windows\System32\Drivers\ElbyCDIO.sys File exists "G DATA WFP CD" (gdwfpcd) "G DATA Software AG" C:\Windows\System32\drivers\gdwfpcd32.sys File exists "GDBehave" (GDBehave) "G Data Software AG" C:\Windows\System32\drivers\GDBehave.sys File exists "GDMnIcpt" (GDMnIcpt) "G Data Software AG" C:\Windows\system32\drivers\MiniIcpt.sys File exists "HookCentre" (HookCentre) "G Data Software AG" C:\Windows\system32\drivers\HookCentre.sys File exists "PxHelp20" (PxHelp20) "Sonic Solutions" C:\Windows\System32\Drivers\PxHelp20.sys File exists |||||| "regi" (regi) "InterVideo" C:\Windows\System32\drivers\regi.sys File exists |||||| "Sony DMI Call service" (DMICall) "Sony Corporation" C:\Windows\System32\DRIVERS\DMICall.sys File exists |||||| "Sony HDD Protection Filter Driver" (shpf) "Sony Corporation" C:\Windows\System32\DRIVERS\shpf.sys File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked "uxriikod" (uxriikod) C:\Users\ionloner\AppData\Local\Temp\uxriikod.sys Hidden registry entry, rootkit activity | File not found |||||| "VClone" (VClone) "Elaborate Bytes AG" C:\Windows\System32\DRIVERS\VClone.sys File exists |||||| "WimFltr" (WimFltr) "Microsoft Corporation" C:\Windows\System32\DRIVERS\wimfltr.sys File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found |||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll File exists {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" "ACE GmbH" C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll File exists |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists |||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll File exists |||||| {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" "Nero AG" C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" File not found | COM-object registry key not found |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists |||||| {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" "Elaborate Bytes AG" C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found || "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists || "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks || {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists |||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists || {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_11.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars |||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||||| "@btrez.dll,-4015" C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File exists |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists |||| "ICQ6" "ICQ, LLC." C:\Program Files\ICQ6.5\ICQ.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "Ask Toolbar" C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found || {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" "G Data Software AG" C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll File exists |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists |||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists || {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" "G Data Software AG" C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists || {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" "Conduit Ltd." C:\Program Files\Vuze_Remote\tbVuze.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists || {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "LimeWire On Startup.lnk" "Lime Wire, LLC" C:\Program Files\LimeWire\LimeWire.exe Shortcut exists | File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||| "Adobe Gamma Loader.lnk" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Shortcut exists | File exists |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DAEMON Tools Lite" "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File not found |||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists "NSUFloatingUI" "Sony Corporation" "C:\Program Files\Sony\Network Utility\LANUtil.exe" File exists |||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists "StartServicePHABWLA" C:\Users\ionloner\AppData\Local\PHABWLA\StartService.exe File not found |||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists "G Data AntiVirus Tray Application" "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File exists |||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists |||| "ISBMgr.exe" "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" File exists |||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists || "MarketingTools" "Sony Corporation" C:\Program Files\Sony\Marketing Tools\MarketingTools.exe File exists |||| "NBAgent" "Nero AG" "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart File exists || "PDFPrint" "Geek Software GmbH" C:\Program Files\pdf24\pdf24.exe File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists |||| "VirtualCloneDrive" "Elaborate Bytes AG" "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s File exists "VMSwitch" "Sony Corporation" "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe" File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) "Nero AG" C:\Program Files\Nero\Update\NASvc.exe File exists |||||| "Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) "Adobe Systems Incorporated" C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe File exists |||||| "Adobe LM Service" (Adobe LM Service) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File exists |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "ArcSoft Connect Daemon" (ACDaemon) "ArcSoft Inc." C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File exists "VAIO Power Management" (VAIO Power Management) "Sony Corporation" C:\Program Files\Sony\VAIO Power Management\SPMService.exe File exists |||||| "Bluetooth Service" (btwdins) "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe File exists |||||| "CamMonitor" (uCamMonitor) "ArcSoft, Inc." C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe File exists |||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists "G Data AntiVirus Proxy" (AVKProxy) "G Data Software AG" C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe File exists "G Data Dateisystem Wächter" (AVKWCtl) "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe File exists "G Data Scanner" (GDScan) "G Data Software AG" C:\Program Files\Common Files\G Data\GDScan\GDScan.exe File exists "G Data Scheduler" (AVKService) "G Data Software AG" C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "ICQ Service" (ICQ Service) C:\Program Files\ICQ6Toolbar\ICQ Service.exe File exists |||||| "IviRegMgr" (IviRegMgr) "InterVideo" C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe File exists |||||| "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists |||||| "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) "Nero AG" C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File exists "NSUService" (NSUService) "Sony Corporation" C:\Program Files\sony\Network Utility\NSUService.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "VAIO Content Folder Watcher" (VCFw) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe File exists |||||| "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) "Sony Corporation" C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe File exists "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe File exists |||||| "VAIO Entertainment Database Service" (VzCdbSvc) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe File exists |||||| "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe File exists |||||| "VAIO Entertainment UPnP Client Adapter" (Vcsw) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe File exists |||||| "VAIO Event Service" (VAIO Event Service) "Sony Corporation" C:\Program Files\sony\VAIO Event Service\VESMgr.exe File exists "VAIO Media plus Content Importer" (SOHCImp) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe File exists "VAIO Media plus Database Manager" (SOHDBSvr) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe File exists "VAIO Media plus Device Searcher" (SOHDs) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe File exists "VAIO Media plus Digital Media Server" (SOHDms) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe File exists "VAIO Media plus Playlist Manager" (SOHPlMgr) "Sony Corporation" C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe File exists Winlogon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "VESWinlogon" "Sony Corporation" C:\Windows\system32\VESWinlogon.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
11.05.2010, 14:49 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Da wurde vermutlich am MBR geschruabt, lass mal bitte CF durchlaufen, das Tool nimmt uns viel Arbeit ab: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d |
12.05.2010, 01:21 | #7 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hey hier ist der Scan mit Comfix, have vorher alles mit dem CCleaner bereinigt! ComboFix 10-05-10.05 - ionloner 12.05.2010 9:47.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3039.1839 [GMT 10:00] ausgeführt von:: c:\users\ionloner\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\ionloner\AppData\Local\Temp\jna885315247853848092.tmp . ((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 )))))))))))))))))))))))))))))) . 2010-05-12 00:05 . 2010-05-12 00:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-12 00:05 . 2010-05-12 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-11 16:19 . 2010-05-11 16:19 -------- d-----w- c:\program files\CCleaner 2010-05-11 12:53 . 2010-05-11 12:53 29992 ----a-w- c:\windows\system32\drivers\GRD.sys 2010-05-11 11:57 . 2010-05-11 11:57 38856 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2010-05-11 11:57 . 2010-05-11 11:57 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2010-05-11 11:57 . 2010-05-11 11:57 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2010-05-11 11:57 . 2010-05-11 11:57 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys 2010-05-11 11:56 . 2010-05-11 12:19 -------- d-----w- c:\programdata\G DATA 2010-05-11 11:56 . 2010-05-11 11:56 -------- d-----w- c:\program files\Common Files\G Data 2010-05-11 11:56 . 2010-05-11 11:56 -------- d-----w- c:\program files\G Data 2010-05-11 11:55 . 2010-05-11 11:55 -------- d-----w- c:\users\ionloner\AppData\Local\Downloaded Installations 2010-05-11 05:53 . 2010-05-11 05:53 36488 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-05-11 04:53 . 2010-05-11 05:01 574 ----a-w- C:\cleanup.bat 2010-05-10 03:45 . 2010-05-11 11:47 -------- d-----w- c:\programdata\Kaspersky Lab 2010-05-07 03:08 . 2010-05-07 03:08 -------- d-----w- c:\program files\DVDVideoSoft 2010-05-07 03:08 . 2010-05-07 03:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-05-06 23:09 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-05-06 23:09 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-05-01 07:04 . 2010-05-01 07:04 -------- d-----w- c:\users\ionloner\AppData\Roaming\Malwarebytes 2010-05-01 07:03 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 07:03 . 2010-05-11 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 07:03 . 2010-05-01 07:03 -------- d-----w- c:\programdata\Malwarebytes 2010-05-01 07:03 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-01 07:02 . 2010-05-01 07:02 -------- d-----w- c:\program files\Trend Micro 2010-04-29 16:01 . 2010-01-28 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-04-22 07:34 . 2010-04-22 07:34 -------- d-----w- c:\programdata\FLEXnet 2010-04-21 14:14 . 2010-04-21 14:14 -------- d-----w- c:\users\ionloner\AppData\Local\Nero_AG 2010-04-20 02:40 . 2010-04-20 02:40 -------- d-----w- c:\program files\Common Files\Skype 2010-04-18 09:29 . 2010-04-20 02:44 -------- d-----w- c:\program files\IndieVolume 2010-04-18 03:53 . 2010-04-18 03:53 -------- d-----w- c:\program files\Winload 2010-04-18 03:52 . 2010-04-18 03:52 -------- d-----w- c:\users\ionloner\AppData\Roaming\SparweltGutschein 2010-04-17 11:15 . 2010-04-18 23:12 -------- d-----w- c:\users\ionloner\AppData\Local\PHABWLA 2010-04-16 03:13 . 2010-04-16 03:14 -------- d-----w- c:\programdata\DivX 2010-04-16 00:15 . 2010-04-21 14:05 -------- d-----w- c:\users\ionloner\AppData\Roaming\Nero 2010-04-15 23:52 . 2010-04-21 14:01 -------- d-----w- c:\program files\Nero 2010-04-15 23:51 . 2010-04-21 14:01 -------- d-----w- c:\programdata\Nero 2010-04-15 23:51 . 2010-04-21 13:53 -------- d-----w- c:\program files\Common Files\Nero 2010-04-15 11:30 . 2010-04-15 11:30 -------- d-----w- c:\program files\TuneUpMedia 2010-04-15 11:30 . 2010-05-07 03:03 -------- d-----w- c:\users\ionloner\AppData\Roaming\TuneUpMedia 2010-04-15 11:30 . 2010-04-15 11:30 -------- d-----w- c:\programdata\TuneUpMedia 2010-04-15 11:24 . 2010-04-15 11:25 -------- d-----w- c:\program files\Vuze_Remote 2010-04-15 01:23 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 01:23 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 01:23 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 01:23 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 01:23 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 01:23 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 06:02 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 06:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 00:11 . 2010-02-10 13:59 -------- d-----w- c:\users\ionloner\AppData\Roaming\LimeWire 2010-05-11 23:34 . 2009-10-22 16:20 -------- d-----w- c:\users\ionloner\AppData\Roaming\Skype 2010-05-11 15:14 . 2010-03-04 08:32 -------- d-----w- c:\users\ionloner\AppData\Roaming\vlc 2010-05-11 14:03 . 2009-10-22 16:22 -------- d-----w- c:\users\ionloner\AppData\Roaming\skypePM 2010-05-11 05:53 . 2010-05-11 05:53 312344 ----a-w- c:\windows\system32\drivers\tsk1B4F.tmp 2010-05-11 05:02 . 2009-08-18 03:52 643866 ----a-w- c:\windows\system32\perfh007.dat 2010-05-11 05:02 . 2009-08-18 03:52 126394 ----a-w- c:\windows\system32\perfc007.dat 2010-05-10 14:47 . 2009-03-23 17:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-05-10 10:46 . 2010-01-31 01:32 -------- d-----w- c:\users\ionloner\AppData\Roaming\dvdcss 2010-05-10 02:18 . 2009-10-23 14:05 -------- d-----w- c:\users\ionloner\AppData\Roaming\.pknowledge 2010-05-07 03:08 . 2010-05-07 03:08 52224 ----a-w- c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-05-07 03:08 . 2010-05-07 03:08 101376 ----a-w- c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll 2010-05-06 00:36 . 2010-01-15 22:51 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-02 14:49 . 2009-04-24 12:39 -------- d-----w- c:\programdata\Symantec 2010-05-02 14:46 . 2010-02-02 01:03 -------- d-----w- c:\program files\iTunes 2010-05-02 14:46 . 2010-02-02 01:00 -------- d-----w- c:\program files\Common Files\Apple 2010-05-02 14:44 . 2010-03-04 08:19 -------- d-----w- c:\program files\Graboid 2010-05-02 14:42 . 2009-11-08 20:52 -------- d-----w- c:\program files\TechSmith 2010-04-30 15:54 . 2009-04-24 12:25 -------- d-----w- c:\program files\Google 2010-04-29 14:16 . 2010-02-06 03:01 -------- d-----w- c:\program files\Common Files\fluxDVD 2010-04-29 14:15 . 2009-12-27 02:28 -------- d-----w- c:\programdata\Norton 2010-04-27 12:10 . 2009-10-22 12:34 -------- d-----w- c:\users\ionloner\AppData\Roaming\ICQ 2010-04-21 14:13 . 2009-11-10 19:53 -------- d-----w- c:\users\ionloner\AppData\Roaming\Azureus 2010-04-21 08:00 . 2010-01-27 07:39 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-18 15:05 . 2010-04-18 15:05 0 ----a-w- c:\users\ionloner\AppData\Roaming\nigA788.tmp 2010-04-18 14:48 . 2010-04-18 14:48 0 ----a-w- c:\users\ionloner\AppData\Roaming\nig583F.tmp 2010-04-18 03:52 . 2010-04-18 03:52 5550 ----a-r- c:\users\ionloner\AppData\Roaming\Microsoft\Installer\{5943B7F7-678B-477E-9AEE-6E4C6962322B}\_6FEFF9B68218417F98F549.exe 2010-04-17 00:45 . 2009-04-24 12:32 -------- d-----w- c:\programdata\Microsoft Help 2010-04-15 11:42 . 2009-11-10 19:54 178 ----a-w- c:\users\ionloner\AppData\Roaming\Azureus\restart.bat 2010-04-15 11:25 . 2009-11-10 19:53 -------- d-----w- c:\program files\Vuze 2010-04-13 13:05 . 2010-04-13 13:05 10686001 ----a-w- c:\users\ionloner\AppData\Roaming\Azureus\plugins\azump\mplayer.exe 2010-04-06 21:17 . 2009-03-23 10:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-06 21:16 . 2009-10-23 16:47 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe 2010-02-23 07:56 . 2010-04-01 22:38 977920 ----a-w- c:\windows\system32\wininet.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224] [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}] 2010-03-17 05:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2010-03-17 05:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2010-03-09 01:06 2355224 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224] [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-05 26102056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304] "VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-08-24 538472] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-21 1833504] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-21 7596576] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-04-24 26112] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-21 207504] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-03-31 963144] c:\users\ionloner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-17 503808] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-6 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-08-04 07:58 98304 ------w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 135664] R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-09 29736] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-06-17 83240] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400] R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] R4 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys [2010-05-11 36488] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-05-11 33480] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-08-26 23712] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-10 691696] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-05-11 61512] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-05-11 40904] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-05-11 29992] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-26 176128] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-04-07 1146440] S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2010-03-31 410696] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-03-15 1279816] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-06-11 303104] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2009-08-21 133664] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-06 415592] S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264] S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-04-22 339016] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-05-11 38856] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-08 4231680] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - mfeavfk *Deregistered* - mfebopk *Deregistered* - mferkdk *Deregistered* - mfesmfk *Deregistered* - MPFP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] yksvcs REG_MULTI_SZ yksvc . Inhalt des "geplante Tasks" Ordners 2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 11:04] 2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 11:04] . . ------- Zusätzlicher Suchlauf ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT uInternet Settings,ProxyServer = 172.16.64.21:8080 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax FF - ProfilePath - c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13 FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll FF - component: c:\users\ionloner\AppData\Roaming\Mozilla\Firefox\Profiles\jkaytggo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStor] "ImagePath"="system32\drivers\tsk1B4F.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-309949491-1789916084-3723748198-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F833615-E2C7-9501-7C12-C6CC78C1508C}*] "malamdockeagcpkpdknkkgeiee"=hex:64,61,64,65,65,70,65,6c,00,61 "lalamdockeagcpkpnjpkbpji"=hex:64,62,64,65,66,70,64,6d,6f,61,6e,66,61,69,6f,6a, 6b,64,6a,6d,67,6a,69,67,6c,66,63,6e,6a,69,70,66,65,6d,63,70,66,64,64,6b,00,\ "labbnmpmfjppknainpggkjgo"=hex:64,62,65,65,66,6f,68,67,68,6b,6c,67,6f,6a,69,6d, 6a,64,65,65,64,65,6f,64,68,65,65,70,66,6c,6a,6c,6a,6a,6f,61,68,63,62,62,00,\ [HKEY_USERS\S-1-5-21-309949491-1789916084-3723748198-1000\Software\SecuROM\License information*] "datasecu"=hex:b8,65,06,cd,ff,3a,14,28,eb,b3,7b,46,44,a4,d9,71,65,b8,aa,0f,74, 84,7a,ac,c6,3e,4e,43,26,26,a7,cb,74,2a,28,b0,90,90,6a,73,6d,28,42,b7,d4,d3,\ "rkeysecu"=hex:a2,cf,6b,9e,a0,ba,34,e0,41,e2,e8,8c,29,a1,7e,87 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(6984) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\sony\VAIO Event Service\VESMgr.exe c:\windows\system32\DllHost.exe c:\windows\system32\taskhost.exe c:\program files\sony\VAIO Event Service\VESMgrSub.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-12 10:18:12 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-12 00:18 ComboFix2.txt 2010-05-11 23:24 Vor Suchlauf: 20 Verzeichnis(se), 111.776.587.776 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 111.717.056.512 Bytes frei - - End Of File - - D9B2C7F6E23711C8159244319D569F63 |
12.05.2010, 04:35 | #8 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Hi, ich habe jetzt nochmal nen Virenscan mit D-Data durchlaufen lassen. Das logfile findest du folgend. Da sind zwei weitere Viren gefunden worden... Virenprüfung mit G Data AntiVirus Version 21.0.2.1 (22.04.2010) Virensignaturen vom Startzeit: 12.05.2010 12:51:26 Engine(s): Engine A, Engine B Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 12.05.2010 13:10:58 156336 Dateien überprüft 2 infizierte Dateien gefunden 0 verdächtige Dateien gefunden – Archiv: Nero v9.4.26.0 Reloaded.rar Pfad: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker Status: Virus gefunden Virus: Win32:Malware-gen (Engine-B) Objekt: Nero v9.4.26.0 Reloaded.exe\winsys.exe In Archiv: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded.rar Status: Virus gefunden Virus: Win32:Malware-gen (Engine-B) – Archiv: Nero v9.4.26.0 Reloaded.exe Pfad: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded Status: Virus gefunden Virus: Win32:Malware-gen (Engine-B) Objekt: winsys.exe In Archiv: C:\Users\ionloner\Downloads\Nero v9.4.26.0 Reloaded + Working Keymaker\Nero v9.4.26.0 Reloaded\Nero v9.4.26.0 Reloaded.exe Status: Virus gefunden Virus: Win32:Malware-gen (Engine-B) – Der Zugriff auf die folgenden Dateien wurde verweigert: C:\Windows\bthservsdp.dat C:\System Volume Information\{0a20337d-42ee-11df-957f-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{256b3a67-5d5a-11df-9a0e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{261dc963-3874-11df-8d76-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{26afadad-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{26afade6-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{26afae2d-4792-11df-b051-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{3624fcb7-589c-11df-ad67-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{38e266c3-46cf-11df-a177-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{38e268f7-46cf-11df-a177-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{62680068-5cb9-11df-abae-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{726d6459-4e4d-11df-9536-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{973ce566-40e9-11df-b2f0-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{99f96382-49b8-11df-bb96-002433766ab6}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{b6ca0e5f-4156-11df-b90e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{baab9023-5963-11df-bad7-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c825ae33-5cf4-11df-aa6e-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{cdb10dc2-5cc1-11df-bd1c-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{d831a3d4-3ef7-11df-93cf-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{e6e721dd-55e3-11df-9850-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{e6e721e1-55e3-11df-9850-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{eb3e9800-5966-11df-b57a-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{fcaec9d0-3ddd-11df-aa38-001dbaf14fbe}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02e79b21e3b4fa57bfd053c8bac88a50_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\030ecfe055c3755c17440e2c289f0742_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0345db3f5cc62d5395112d8251e9e503_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03fefbd82ff7bceddaaf669551bbdc97_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05580fb288fa6ef2479f608798c04f6d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05a2b432772600aa5d3e9f5f5ce304dd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\061bb72256d0f727e3ef1b22c57850b4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074ac26539bc5ef6b2ba682ef44998d9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07a890e6fa46adf8866a83ab265be7da_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b1c5f55e04e23a8089e7a1159c4334_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b2a6e42683d165e6bda5b78952df66_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0888519d947c54ba7fce16a83ccb3472_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09394c505df6c1d1e3d6604e5631331f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0baadb79f140e7671f1c99301d0b36b8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09db22bd55f6979d0af25e4376abc62e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dd1f107a2674f443d77999e98348ad8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dd365257c636acd183bce85e7fd20af_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e03c703a3f1d54b80dc4d2387038348_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f6154589cf077e0f0aa586bbddfd83d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10aa583c09a6833ff887c6f0ef4f9228_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1245dffb27bdef38a9937c295b2276fe_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12e95e7de0faf9078b8438bbdfe93984_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12c9d9a5be67852be1a2a5ba388531db_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\148359fba601204ec709e9bee821de44_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\175775e46d1a402e0d449de41d1cd1f7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\17f164eb5124efab42a8fc56694633bf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18eb025e06d30d708bf6a8d008bda56c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\190b8b57b8b988bd411e86403dcb6c05_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a19c26baa3bd07e738094da4f6b1b39_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a091ed8380613c5c3d468bb79e6d9a1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a77f9957b8bb44fbed59174c3af4b74_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b6e6aeaa0040f5ed8d5da136aa48fc1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1aa6aa4ec9ef1f7f9ecb948e31b6dcb7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b7ec8a9d42d2bf3629ab0738fbbaa78_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b8d94ed6c32317fb7a180d0e68bd4f7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d09b4e7472d8a3b2cb8b232c9051200_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21e9940102905a0431c3e374e68fcfaa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\204481b1a77b0c78f84a7bb13d3ebc97_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\223af610e8f0c72766db17ceff5414dd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\232a6f9df7b0c995c7a54386df6c8cdf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2355e00100c531a7bac408edff2e22ae_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25a040418ab342defb85f655ad534b18_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29f7d3c637b310efa288012e5ca6bd45_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2aefe305f84a78a5711efd4814dd0eb7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a5c5e1863ecc6d78898b0d8486b3cf0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d93615a8ea24cd42a62b1ac2691c3b7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c56497a359f383e8ca1d3766becba01_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ef0dbbd742b21a5f528357fab532cc1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\308670d25565bebf6f19995ab54e4452_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32bcdc77a8117f8b060d37e4a527c1bd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3441a4bd58aa23af0fbef9ec6da5da7d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\349742e57f0ab2d98361338ed408e664_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\351d1d0cc3c644347be08e2a3b7deb29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3551ffcab650ceab5506385ec68b2c2c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35eef1fb6d9fc82b90917200846c3f12_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35f9600185d2dd3672c280953089762c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37a79866b3866562a11a4c6f01455542_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36328d73441db6ebb79ea86965a654df_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3820fabad724abdf1068d33d82b7fc5e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38cfafb942ffcef04700fd859ae76747_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39330feaa2efd209127183e88bf81a24_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39849f07ac53dd4669ac4c533f75df06_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3987952e89593b6ade810f4077aaf640_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b078e1432af8a43c3928cfca4e4d4d1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cafa187406df742eb8ab5479bfe4542_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d78fb0e3cfae341c2935e35c6a96d0b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dd59ed566e097c268e3709d8daa07da_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3df58f1726ae4f4b4e88a785175d46bb_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e7eafb715e00559926636986af4117c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f3abf4a706821c864d3274cdc1431b9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\402903aade98cac9ccb605e82a8ed173_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\433cdf4c38fad8e17ed77d0e53b8ca8c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42d536f94a0a862c006fa553011fe2b5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44d02de2d08fa1efdf49af943183e209_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44f5468e61cbc917fc656b6170ec70f1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45764064b989e05a9e95c5d32251d6df_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\466e485dcded1802eac76bbea8ef67e7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46b922c60e4f7455ec623c0b4f5007f8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\469ae4ac1e0c7f8ea2f90ab7a95e627b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47b060a93272d9df21dcd3509494298b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\492ca2707cdec1541e703f2040f85ead_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49c5a05d8a3f9f0b96022d01d043e31f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d3865adb7338ed14f196aad29f81e77_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dce8e58a19e418473361503bf7ae865_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e29d3ab8c4233cdd3d675e777867cf0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4fbc9f9fb985cf1b9fa17ec838b600c1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51026ff0ad747a342fd4de2dc5723a4a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51499014507615140577ae1841c7c9ee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5224594d6554a9ad912db6bbb464768d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52393ded82e668ca5af8a62061bd7cdd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52e4c637fc874b084ae6cfa7a0dc4371_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\532c38305df6f345a6cb28749ac80437_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\537ec112976fff32c2ba3048cdcefa89_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5467f41219d1becd982a03ff6ed137cb_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\54ee22b9ca08f77389fda4d830fcae9e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5524b25564b236b51b1ab41ff47f534c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55db3f18cfd314da9e133f535d291f27_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56d633765a1ed3130a7871986cac6da6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56d9d790164a9de7e93f16c19ac83939_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5770008e71d6168272a2109ff5958fa7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5932f4d0326c673b3590a2b09183881b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57de35005660fa4b38ec5f4533978543_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5948b5bedbc2c4909105663b802c8499_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5abb294b56b4c999329415410ab35ca7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b53c3a2043a394bd73bd68ba1b1cf5f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1bcb2b4dddc1f8436c2c93a437ef57_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5df56965bb591fd7429951bbccf32bc6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e7a5f685a2bb2965f3dcac4c476c897_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5eeaa81f230d8d8052f37a6d68e42d2a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ee142a2726d32a0f0f305e3f67b453b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5eeee22e334afd5cfe5f97e3d5e762f1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f7232c3938968f502719a6d8e3e5b09_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f7b8ac4b45472282ace4403cfd3e5ca_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\620adc2c4c3e3a7360fdd7fa74f0d09b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63a5e283d6367dd76f9ca668dbe037b2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\657dfbe12e570012a4772a5146f2f16a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67fbf8242d3ff6f33e82bc77d5eb2603_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6af9433ed31c5b30fc5c0e063d087ae7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d6a6822053d84dca65e1ca1f1d4a009_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e7b7a9b95cd28a694651e4a117aa2ea_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f2bdb2fb73e65f8b0f1c19205235173_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70251eed2c94c807dfdab687b391d5c4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f9df112c3657d7f75eb146343b1458c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70664d08d3790754c90869e65613f673_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70e07f6dc6ead3af97b83c10e61ddea4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70f8a9a2dc833c3139064d854af04f31_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7112a264bf3b4560578f63e22438beaa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73b0228df8756c908a59c9738d97cadd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73bba28119dc7d3f413ffbd5b1dcecd2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74afbae5192f952f97bf2e37194a2259_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\751c1c4fb7e289499ca67740e351a9a9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75429b4bec16fd0a8d65ee1480b5e0d5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76433555994b2d76c36f56d41ef50871_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\773814cca9670a95ef18e5e7f6d909f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79540a31443aa3ca7a2c0eab21d4953b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\790035c2435f5686c5fa4225b4f60ff5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79e8c6579b5859a29e1ccfe19a60e073_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a83383e3c170b859e73773bd80f842a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bb19e53d6272f2be01c8a5269889472_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bee4e0877d06420c387fe45eeeb6352_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d8a37c1e43750b9c55210759e0ee6c5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e5600963d03c3df2dfbfeb9bee56a0f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8089ac81fd80fd56a90f4a37a0aa3a16_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\80b08af678b0a7afd12303482d82f8e8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\823c38d8e17e69b9fc4433666b8e6cc0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8317d557e8f60762a0769e533a0b2e5c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\841528944846589960783f529968b396_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85c08b2ebfa2409174395a16b2494067_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85d93cb1e14e6fbbbaeb952901af6138_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8619bfaa37dce489ccfad021633c3ed4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85df7a5623af066f4f21de31613fb1b1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\864586065d2e122aa2e2fe7acc4f63f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8670c0c5f9eacc961c10d5c23c6b693e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\897d122873fd85dee12772a730ee9f2e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89de8b824edec0993a03c89cf4073170_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b8c91c48b21b7f426a3b207f865c8ce_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bc21f7c6497d793f6bc0c21b76b77e3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bf4e9a6fba83217809e23911d67e341_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c95711a3d37416da687111e0f8bded6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d20731599ed8500abab3e3adb535704_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d41425aee275cc829a25a01cf839a78_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d965d142d82ba0959263343afb688c3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\911d8111e9c644d1e1ce1261e065c3c5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\916eb15e67045089e460540191260432_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9211f2f71bbb295e8dda0d18965489b5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9313fc527213e76ea2e3f49b05aa4d48_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\946e758fdfa9112d23dcac9f88b8366a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94a88be861d0a8f8b50cf20f78145b93_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94f8682c9d2f9078555a22e224a238cf_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95c985d9bf2cbbb69be97b228a95e292_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9724d5371bbaad0c489b744d41a7c5b4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\972fe357bd0668ab9665bce6600ef37a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97b6185dec0ac9fa4c33c7a7028bb139_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97e9abf1bdde962ad5d2d9603c2c1415_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9983f0a442d5e3febbbb398724099cf6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b1428533aba67f23de6f6ae23a0e949_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f140a4aa2fcde315ba35219237e0484_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b551568e0c3a72655f4c3d6369c7849_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f472ea51823cad251d9cd82b468a68a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f82af78f3e58a064c2157b4fde52f8b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0047a27e1995b60ab8ac4b974bbdb1f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a07c06164bcd55a125f65eb690336091_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0e96ec44d779514f7c28bf364cbb7d1_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0eaea84a9d6f54a8fda09f24ca907f8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1ba29d3ee62b408f3f6f91e195c1c0d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3e43af5bb5085eadd3c11d7befa3ca4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3e95262771d72ee196352d69833d778_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4e4864b175d3994f015f485ac63aae7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5fa6f95d71e4b21d561edfccca90800_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a69314d20cad77e39573c8c036b60fc4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6bb310b709de96f64eb84455a8693ee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7675fe710ae029d6b31b2ef332fa38f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6dfa787e7e9a143d2a7c62d530af32a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa8ddc6b15785109ef1e8973f016713a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa99043171d85605f009c33e17514c99_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaab9ee74d7e0e4baa356139d5e81056_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae3b9ff1509c50d4978d6619909ae639_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae7df7846d7e4acfb070e681def107d0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae619d8d82be29508ac12ef801983586_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae9a98912fc0ff1cf7fca2452b8c44c2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aeaf2a8531c5429b12472047477362f4_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b04977ec47aa9f739101d2e6a010b446_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1b68d7cabc2e5ce19d8b9589b54d284_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b05ac433c5605eedb7930cf0472963d7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b21f3a1c2e6356feb38e39c2fef07ff6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b85024676e547ddcf5790c16cf544cec_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6d7cc01f6c3ec798c86f406b2062d5e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8bedf680bb43ae6a9c36fee023a0b89_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b98c55a039544ba88ea651951c369771_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9ebd0c580352922aa234ba714d8f7f3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba3463a4841b886215feb213b7e068a3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba6504ee635fd37b039e8f5339bdb8f9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba616a192475ace7e03f5a9f14cd1041_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba84ce7d2d3d1b50d384a18f10e7afa5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bac9eebbfc7796864283e233f4f1604b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb88c241c1612c83b3859912e90ad5af_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc0f940aba5ca7bb53182eb358b2038b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bca409afc2f2425c4b7b93beb7cca8b9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c04a8780d350b84050bb8f1bd085f6a9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0b8ea240fd82d9594da499b35ccbd3b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c31217892cff52e4eefc71c90f4dc0ea_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c36981eec6cb9990f4824e85475cd30c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c433dd94512b2d29a8bdf5b2e9968ea9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c68e59d449fbdefbaa3c90ad65f71e6b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca242c968fd41895777efb0d4b31bd84_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7967d68158e8596120a820d803c59fc_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\caba79b199c045579c30dc60de28a615_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb92d2b07c5d1368ac086fe48e7bbf22_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbf3ceee611208e2d208278f1c38997a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc9878bbad6578c9519956eccd03f5d0_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccb9fa58a0724a90a3b3439c49c799c3_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdb703b4cf4637d555fd9503154b5cd7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce1dc2aa1ccc398f37f0e9f42c9d5b35_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce4845ba9da57992585d22259dbb6474_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cefda84f3c4b560cec5796854bc315e5_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf77d0e9a1b175d3d5cc05edf169489e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d035b98abd494115add13ae36c282f43_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d06c4a3ab81471dec8da2cbe49043479_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1740132238264bb00901d62db8f8379_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2dac2bb1e866e7969a5174e7a709069_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1c7a17c2d52e4c89601812dac332cfe_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d300926d995cb66304d30683d366a029_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d4c8b3fd57be4da24cbb7c950f1ad6db_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc71d964f617a9eec0c5081b1798a570_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcc17e78cb7834663d6da8064deef6a7_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dda25ea98e4ba7a47acd07ebab94c92d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddbd1cfdeaaf1fb42a4a027b306e034a_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de37600298f086c10bf0f78cabaecb52_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df5ad78b028b1de7cf4a6a7196ffbab6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de8aa63c99c15342d445d66494b9cb29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df69339a475bdd668861a3c27437577c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1432fcac86ba51f9d96e1deb04f576f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1afe6dfe02be8abbff401fbf2916989_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e3923190e3eb3517ccf96c8d25ca296f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e4f62897fc1947ccccdf78201f4149ab_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e48ff4b585f5aaeaa794ee33783d0373_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e56127b48e305cc6b6b92ee4d97a915c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e65064556e6ffe5d6d696242b225fe29_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e65a5f1a3e29fd32ea728eaa5de742f6_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e69e594e09ed6ff272db1d4b4ae33e8c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6b6f7d083d06354a68cecb043b8ef0f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7b68481809de1e335d2a74b812143dc_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e801a2609c66f05998646ccac3a4be6e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e921a5b3c10d999cd7f0aba45b70debd_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebbccc5f12a438959e64271ef043c007_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebfd5d7526554f29a96f906b09c541de_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec3f8e37631d3ae72c1ec91e64efaaee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee92c65881292f7c96be09fb19c3ecec_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eebf3e440b35063191be32d6ae28aad9_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f141e1b209b67a13e969f3cdf25e4bed_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1fa2af2161768cb617a8c5764ae3e8f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f288f75873d721aa960fca1414cfeb4b_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2ef25215d6e4a9d5c0bc1dac851b56d_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f322f1564998a0cbd7dc14ec7381f89f_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f33227dd8c33ae4b2a1e9f919d57b5aa_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4d656deb1f402122993f58c8b312aee_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f5c5d3edbebc66782f75ff7d96849e75_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6201f0bd6c10146abefe93f043dd993_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6f45b031426d50d1882938276197738_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f726593fb6f8de7f3339e5b2c8de0dc8_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f796eb7203da48fa9ec81d8c48fadd75_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8128e9d3fc6277e4eed4793135249ff_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f99c33f7072581a35ebd84b1e6b66e04_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0d5991a674b785614af1e0562f14e2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbbd6b548d384e50b3bae555be96d4b2_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd01358dfe6ecac8fcdde5e5c3976e33_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdf7f10a4d6b8bdfb930accb59b98432_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdcfb3470916d8f66f0f60cf617b203c_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff090e776e52f60e03ffb738efb74170_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff1247ae9d9ad5cd3d27c061a0497802_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fffa9b2e273de7c036ecb8d596592d4e_3597a0f8-f238-44c9-a08d-d31a2c0eb5b0 + Die folgenden Dateien sind Passwortgeschützt: C:\Users\ionloner\Documents\Azureus Downloads\Lost S06E12 HDTV XviD-2HD\Lost S06E12 HDTV XviD-2HD.rar C:\Users\ionloner\Downloads\www.torrent.to - Adobe Photoshop CS3 Extended-Version (Deutsch).rar |
12.05.2010, 04:42 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.dZitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2010, 05:45 | #10 |
| HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Trotzdem vielen Dank Arne, du hast mir sehr geholfen. Ps. Ich habe den besagten Ordner gelöscht und hoffe das jetzt alles gut ist.. Vielen Dank nochmal |
12.05.2010, 05:55 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d Wenn das tatsächlich von Deinem Sohn stammt, solltest Du ihn mal gehörig auf die Finger kloppen Wenn Ihr so einen Mist über Tauschbörsen auch noch mitverbreitet, habt Ihr schnell richtigen Ärger am Hals.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu HILFE bitte ich drehe durch !!!!!!! .... Virus Rootkit Win32.TDSS.d |
ahnung, analyse, antivir, brauche, brauche hilfe, gefunde, helft, leute, neu, online, probiert, rescue, rootkit, system, tool, virus, virus gefunden, was soll ich machen, win |