| |
| |||||||
Log-Analyse und Auswertung: Windows Vista Recovery Scam?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.05.2011, 15:11
| #1 |
 |  Windows Vista Recovery Scam? Hallo, Seid heute morgen fährt mein Windows Vista PC nur noch soweit hoch, bis ein Fenster mit Windows Vista Recovery erscheint und mir sagt, das meine Festplatte beschädigt ist und ich das "Advanced Recovery" kaufen muss, um das Problem zu beheben.... Ist das ein Fake? ein Trojaner? Wie kann ich den entfernen? Brauche dringend Hilfe, kann den Desktop nicht mehr benutzen....schreibe von einem anderen PC. Bitte dringend um Hilfe und Erklärung was das vor sich geht. Vielen Dank im Voraus. |
|
26.05.2011, 16:16
| #2 |
| /// Malware-holic   | Windows Vista Recovery Scam? hi, versuch mal bei pc start in den abgesicherten modus mit netzwerk zu kommen, bei pc start meist mit f8
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
27.05.2011, 15:00
| #3 |
| | Windows Vista Recovery Scam? Vielen Dank für die Info.
__________________Die Webseite zum download für OTL ist im Moment nicht erreichbar.... Es ist also ganz klar eine Malware bzw. Trojaner, den ich mir da gefangen habe und nach dem Lesen im Forum bin ich da auch nicht die Einzige, die damit im Moment Probleme hat. Beim heutigen hochfahren, begrüsste mich eine schware Screen und mein AVIRA beklagte den Fund von: tKBeGFnootVpbn.exe, im Directory TR/DLdr.dapato.bm1 Beim erneuten Scan fand sich: TR/FakeAV.aiy Needless to say, meine ganzen Dateien in allen Foldern sind versteck, können aber manuell sichtbar gemacht werden, was mir aber nicht weiterhilft. Komme an keine Programmfunktion.... Hilfe..... |
|
27.05.2011, 15:22
| #4 |
| /// Malware-holic | Windows Vista Recovery Scam? hi. das mit dem nicht laufenden download ligt nicht an der malware. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2011, 18:48
| #5 |
| | Windows Vista Recovery Scam? uff, habe es nun doch geschafft OTL runterzuladen und den Scan im infizierten PC laufen zu lassen, von dem ich auch gerade schreibe... hier kommt der erste Report:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2011 18:35:31 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = F:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,70% Memory free 6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 15,95 Gb Free Space | 3,58% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Drive F: | 1,89 Gb Total Space | 1,11 Gb Free Space | 58,76% Space Free | Partition Type: FAT32 Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Flip Video\FlipShare\FlipShareService.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Programme\Common Files\aol\1203071659\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - F:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=www.tao-yoga.com:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DE5203E1-558B-5B65-C36D-C9C08CEED7EE}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.14 13:40:52 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.25 12:28:03 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.25 12:27:56 | 000,000,000 | -H-D | M] [2008.12.11 10:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Extensions [2011.05.22 15:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions [2011.05.22 15:51:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.27 10:03:39 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.10 10:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renu\AppData\Roaming\mozilla\Firefox\Profiles\qyskswfc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2008.12.11 10:47:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.12.22 05:57:54 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 10:34:01 | 000,003,700 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png [2010.01.16 10:34:01 | 000,001,963 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml [2009.12.22 05:57:54 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.11 08:12:24 | 000,430,929 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 14843 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1203071659\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3092134922-1924448069-2960334642-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Renu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Renu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Version Cue CS2 - hkey= - key= - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {173B3665-EFCE-51D0-B242-E7B6558339A7} - Browser Customizations ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3689DA1F-AFB9-3BB1-2C79-040D649E52BC} - Viewpoint Media Player ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A7B5CF1-E2F4-C40E-6919-0FA6CBF5CAF8} - Viewpoint Media Player ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E53258BD-EE51-8EC4-E849-6712A52C24B9} - ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.26 08:25:54 | 000,000,000 | ---D | C] -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.23 06:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 06:59:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 06:59:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 06:59:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 06:59:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 06:59:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 06:59:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 06:59:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 06:59:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 06:59:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 06:59:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 06:59:48 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 06:59:48 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 06:59:48 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 06:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 06:59:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 06:59:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 06:59:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 06:59:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 06:59:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 06:59:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 06:59:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 06:59:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 06:59:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 06:59:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 06:59:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 06:59:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 06:59:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 06:59:46 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 06:59:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 06:59:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 06:59:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 06:59:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 06:59:46 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 06:59:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 06:59:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 06:59:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 06:59:46 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 06:59:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.22 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\Renu\Documents\Magnet-therapie [2011.05.20 07:55:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.20 07:54:55 | 000,000,000 | -H-D | C] -- C:\Programme\iPod [2011.05.20 07:54:50 | 000,000,000 | -H-D | C] -- C:\Programme\iTunes [2011.05.20 07:52:22 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour [2011.05.19 20:59:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.05.19 20:59:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.19 20:59:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.27 18:30:17 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.27 18:25:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.27 18:25:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.27 18:21:00 | 000,001,096 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.27 14:51:43 | 000,001,092 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.27 14:44:00 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.05.27 14:43:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.27 14:43:36 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2011.05.26 16:12:52 | 000,052,224 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2011.05.26 15:31:11 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~27778808r [2011.05.26 15:31:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~27778808 [2011.05.26 09:07:40 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl [2011.05.26 08:47:12 | 001,515,704 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.26 08:47:11 | 003,629,384 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.26 08:47:11 | 001,085,394 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.26 08:47:11 | 000,979,640 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.26 08:40:16 | 000,052,597 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.05.26 08:40:16 | 000,052,597 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.05.26 08:39:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.05.26 08:37:44 | 000,000,392 | -H-- | M] () -- C:\ProgramData\27778808 [2011.05.26 08:25:55 | 000,000,599 | ---- | M] () -- C:\Users\Renu\Desktop\Windows Vista Recovery.lnk [2011.05.24 19:36:23 | 000,062,372 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.smp [2011.05.24 19:16:42 | 000,600,058 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.smr [2011.05.24 16:38:30 | 000,017,019 | ---- | M] () -- C:\Users\Renu\Documents\newsletter-5-11.bak [2011.05.24 15:11:36 | 000,001,005 | ---- | M] () -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.05.24 12:21:25 | 000,000,069 | -H-- | M] () -- C:\Windows\NeroDigital.ini [2011.05.24 12:21:24 | 000,132,608 | ---- | M] () -- C:\Users\Renu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.23 07:52:39 | 000,074,461 | ---- | M] () -- C:\Users\Renu\Documents\NACHWEIS-2006-seite 1.pdf [2011.05.23 07:52:35 | 000,246,081 | ---- | M] () -- C:\Users\Renu\Documents\Kursnachweis-german.pdf [2011.05.23 06:59:56 | 000,008,798 | -H-- | M] () -- C:\Windows\System32\icrav03.rat [2011.05.23 06:59:56 | 000,001,988 | -H-- | M] () -- C:\Windows\System32\ticrf.rat [2011.05.23 06:59:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 06:59:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 06:59:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 06:59:49 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 06:59:49 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 06:59:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 06:59:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 06:59:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 06:59:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 06:59:48 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 06:59:48 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 06:59:48 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 06:59:48 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 06:59:48 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 06:59:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 06:59:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 06:59:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 06:59:48 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 06:59:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.05.23 06:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 06:59:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 06:59:47 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 06:59:47 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 06:59:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 06:59:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 06:59:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 06:59:47 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 06:59:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 06:59:47 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 06:59:46 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 06:59:46 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 06:59:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 06:59:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 06:59:46 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 06:59:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 06:59:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 06:59:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 06:59:46 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 06:59:46 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 06:59:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.30 17:14:39 | 000,000,454 | -H-- | M] () -- C:\Windows\BRWMARK.INI [2011.04.30 17:14:39 | 000,000,052 | -H-- | M] () -- C:\Windows\brpp2ka.ini [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.26 15:31:11 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~27778808r [2011.05.26 15:31:11 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~27778808 [2011.05.26 08:25:55 | 000,000,599 | ---- | C] () -- C:\Users\Renu\Desktop\Windows Vista Recovery.lnk [2011.05.26 08:25:48 | 000,000,392 | -H-- | C] () -- C:\ProgramData\27778808 [2011.05.24 19:36:23 | 000,017,019 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.bak [2011.05.24 16:38:30 | 000,600,058 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.smr [2011.05.24 16:38:30 | 000,062,372 | ---- | C] () -- C:\Users\Renu\Documents\newsletter-5-11.smp [2011.05.24 15:11:36 | 000,001,005 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.05.23 07:51:12 | 000,074,461 | ---- | C] () -- C:\Users\Renu\Documents\NACHWEIS-2006-seite 1.pdf [2011.05.23 07:45:38 | 000,246,081 | ---- | C] () -- C:\Users\Renu\Documents\Kursnachweis-german.pdf [2011.05.23 06:59:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.05.22 20:26:11 | 000,055,777 | ---- | C] () -- C:\Users\Renu\Documents\PUBÉté2011.pdf [2011.05.22 11:46:10 | 002,232,320 | ---- | C] () -- C:\Users\Renu\Documents\Poema_de_Victor_Hugo.pps [2011.05.11 07:19:50 | 000,156,585 | ---- | C] () -- C:\Users\Renu\Documents\Poster-taoyoga-bonn.pdf [2011.05.04 18:02:06 | 000,978,944 | ---- | C] () -- C:\Users\Renu\Documents\Namens-schild.indd [2010.10.06 07:07:40 | 000,052,597 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2010.10.06 07:04:24 | 000,052,597 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2010.08.27 13:47:40 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2010.06.14 14:21:56 | 000,000,141 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\default.rss [2010.06.02 18:30:12 | 000,004,767 | -H-- | C] () -- C:\Windows\Irremote.ini [2010.01.08 09:56:44 | 000,000,037 | -H-- | C] () -- C:\Windows\cdplayer.ini [2009.10.11 20:27:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.11 20:27:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.01 19:39:32 | 000,000,454 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2009.07.01 19:39:32 | 000,000,030 | -H-- | C] () -- C:\Windows\System32\brss01a.ini [2009.07.01 18:29:13 | 000,000,146 | -H-- | C] () -- C:\Windows\BRVIDEO.INI [2009.07.01 18:29:13 | 000,000,052 | -H-- | C] () -- C:\Windows\brpp2ka.ini [2009.07.01 18:29:13 | 000,000,040 | -H-- | C] () -- C:\Windows\BRDIAG.INI [2009.07.01 18:29:13 | 000,000,023 | -H-- | C] () -- C:\Windows\Brownie.ini [2009.07.01 18:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\bw5150d.ini [2009.07.01 18:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini [2009.07.01 18:29:12 | 000,077,824 | -H-- | C] () -- C:\Windows\System32\BROSNMP.DLL [2009.07.01 18:29:12 | 000,026,624 | -H-- | C] () -- C:\Windows\System32\BRGSRC32.DLL [2009.07.01 18:29:12 | 000,015,108 | -H-- | C] () -- C:\Windows\HL-5150D.INI [2009.07.01 18:29:12 | 000,004,608 | -H-- | C] () -- C:\Windows\System32\BRGSRC16.DLL [2009.01.10 11:15:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.12.28 12:30:18 | 000,004,096 | ---- | C] () -- C:\Users\Renu\AppData\Local\keyfile3.drm [2008.11.28 11:15:50 | 011,206,656 | RH-- | C] () -- C:\Windows\System32\zhhp_res.dll [2008.11.28 11:15:50 | 000,749,568 | RH-- | C] () -- C:\Windows\System32\agissi.dll [2008.11.28 11:15:50 | 000,348,160 | RH-- | C] () -- C:\Windows\System32\zshp2600.exe [2008.11.28 11:15:50 | 000,299,008 | RH-- | C] () -- C:\Windows\System32\zhhp2600.exe [2008.11.19 17:02:43 | 000,037,888 | -H-- | C] () -- C:\Windows\System32\setupnt.dll [2008.09.13 09:54:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.12 12:43:42 | 000,000,000 | ---- | C] () -- C:\Users\Renu\AppData\Roaming\Default.PLS [2008.08.12 07:36:08 | 000,002,241 | -H-- | C] () -- C:\Windows\panose.bin [2008.07.26 08:25:02 | 000,025,624 | -H-- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.05.26 11:24:14 | 000,039,095 | -H-- | C] () -- C:\Windows\Iccsigs.dat [2008.05.26 11:24:14 | 000,000,156 | -H-- | C] () -- C:\Windows\KPCMS.INI [2008.05.26 11:23:52 | 000,210,944 | -H-- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2008.05.26 11:23:51 | 000,042,483 | -H-- | C] () -- C:\Windows\ICCCODES.DAT [2008.02.22 11:28:36 | 000,000,175 | -H-- | C] () -- C:\Windows\homeDVD-Fotos3.INI [2008.02.22 10:01:52 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll [2008.02.22 10:01:44 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\cpuinf32.dll [2008.02.22 09:58:27 | 000,000,186 | -H-- | C] () -- C:\Windows\magix.ini [2008.02.21 09:16:38 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.02.19 08:33:34 | 000,446,352 | -H-- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll [2008.02.16 13:08:53 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\FileOps.exe [2008.02.15 12:34:12 | 000,000,335 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.02.15 09:52:05 | 000,132,608 | ---- | C] () -- C:\Users\Renu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.14 18:16:52 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI [2008.02.14 15:43:13 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html [2008.02.14 13:14:17 | 000,000,461 | -H-- | C] () -- C:\Windows\SUPERLEX.INI [2008.02.14 12:23:46 | 000,000,092 | ---- | C] () -- C:\Users\Renu\AppData\Local\fusioncache.dat [2008.02.14 12:07:33 | 000,003,636 | -H-- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.14 16:31:58 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.14 16:31:57 | 000,000,887 | -H-- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 14:02:18 | 000,000,381 | -H-- | C] () -- C:\Windows\WISO.INI [2008.01.14 13:05:44 | 000,299,008 | -H-- | C] () -- C:\Windows\System32\midas.dll [2008.01.14 13:05:44 | 000,120,320 | -H-- | C] () -- C:\Windows\System32\UnzDll.dll [2008.01.14 11:59:00 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 17:49:10 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2007.12.12 15:45:55 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe [2007.05.11 16:12:54 | 000,057,126 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini [2006.11.02 17:33:31 | 003,629,384 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 001,085,394 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,413,016 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,515,704 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,979,640 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 18:53:42 | 000,005,702 | -H-- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010.11.06 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoft [2010.08.27 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.03 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\GHISLER [2008.08.22 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Leadertech [2010.07.01 08:44:48 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\mresreg [2008.02.20 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Opera [2009.02.09 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Software4u [2010.10.08 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\SuperMailer [2011.05.27 14:42:34 | 000,032,558 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.27 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Adobe [2008.02.15 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\AdobeUM [2009.05.26 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\AOL [2010.05.25 09:04:39 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Apple Computer [2010.04.04 17:53:47 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Avira [2009.07.05 09:03:16 | 000,000,000 | R--D | M] -- C:\Users\Renu\AppData\Roaming\Brother [2010.08.27 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\CyberLink [2010.11.06 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoft [2010.08.27 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.03 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\GHISLER [2008.06.03 08:01:37 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Google [2008.02.14 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Identities [2008.08.22 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Leadertech [2010.02.20 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Media Center Programs [2010.08.27 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Media Player Classic [2008.12.26 12:44:30 | 000,000,000 | --SD | M] -- C:\Users\Renu\AppData\Roaming\Microsoft [2008.12.11 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Mozilla [2010.07.01 08:44:48 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\mresreg [2010.06.09 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Nero [2008.02.20 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Opera [2010.02.01 11:31:13 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Real [2011.05.25 08:31:11 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Skype [2009.06.24 07:12:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\skypePM [2009.02.09 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Software4u [2010.10.08 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\SuperMailer [2008.02.25 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Renu\AppData\Roaming\Talkback < %APPDATA%\*.exe /s > [2008.04.01 15:04:46 | 012,458,408 | ---- | M] (Adobe Systems Inc ) -- C:\Users\Renu\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcrobatUpd708_all_incr.exe [2008.04.01 15:07:50 | 008,734,056 | ---- | M] (Adobe Systems Inc ) -- C:\Users\Renu\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcrobatUpd709_all_incr.exe [2010.02.01 11:31:17 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Renu\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.09.15 05:10:22 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Renu\AppData\Roaming\Real\Update\setup3.12\setup.exe [2011.01.27 13:14:23 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\\AppData\Roaming\Real\Update\setup3.13\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.16 09:29:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.16 09:29:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.16 09:29:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.16 09:29:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 23:30:08 | 000,007,216 | -H-- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.03 15:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.03 15:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | -H-- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 12:23:20 | 000,115,744 | -H-- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.03.03 16:06:04 | 000,279,440 | -H-- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\System32\drivers\vsdatant.sys [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.23 06:59:48 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2011.05.23 06:59:48 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
27.05.2011, 18:52
| #6 |
| | Windows Vista Recovery Scam? und hier kommt der zweite LogOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.05.2011 18:35:31 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,70% Memory free
6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 15,95 Gb Free Space | 3,58% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Drive F: | 1,89 Gb Total Space | 1,11 Gb Free Space | 58,76% Space Free | Partition Type: FAT32
Computer Name: | User Name:| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3092134922-1924448069-2960334642-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BACFA6-7566-4F39-93ED-43036992CF7F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{066EF2C6-466A-404F-96CB-ADA2439F81A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B0CA4FE-8230-4206-85BA-8769BE78C599}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{144FD7C8-1219-496C-B8C4-09CBBF32A868}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17DFA6D6-14EE-4A7C-8091-AD95A878C147}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{239394A7-B72E-44A1-A1BB-4C70EBDA656D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{2AFC0213-E1AC-414F-9C25-FE3AAF2E1A65}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{2B994366-DC4F-4049-B16A-016C64061FA0}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{2EF95972-5FDA-46DD-8C43-8FB4754D120D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328629DD-29F2-4ACB-8DCA-0902C70943E4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{34E2EAB9-F061-4B38-A3DE-4D62E6581C58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B76EB1-3A41-4862-BF31-AD35EBAF9257}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CE6CC7C-016C-4D12-AB6F-38815DDD8286}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{4B52AF89-9667-41B0-9937-6B615D4AEE19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{522F2D4E-37A5-4659-B5AE-0310C39DE637}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57C6E372-07C6-4E25-A547-24EF3ED2C869}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C6B0732-E901-4171-97E5-D1B4F026DDE6}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{5D4F9BFA-493C-47DE-9A1B-2ED2D7A67D4A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1203071659\ee\aolsoftware.exe |
"{63F86C92-B9EF-4F15-B147-8DBC3C714CDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{667020A2-B998-45D2-97B4-1B08D80809DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67AC8DCC-C60B-4769-B858-F9DADEC05FC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{707B101B-3D6B-4654-815C-17407FAD69A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7782A756-5764-4D52-ABA5-1BB0A3462FAD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1203071659\ee\aolsoftware.exe |
"{78C1FEDF-4280-4BF9-8A1E-D51D72147366}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C26AC9C-DE82-45E5-9AFE-BB152B69392F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C50C083-1C32-4D34-B0F2-9284F630D4BE}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{7FCF3FED-1E1C-4F68-B77A-05BD2A687FDC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{8269A126-3A17-48F4-825A-510CA275DFC2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8369E550-B263-48F6-9AE4-B1E5CA1B0CC7}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{944ACED2-B5DC-4035-A86A-4A1A2F5FB920}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A744951-A156-4F58-B85D-31037146BB7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3A1AD66-11E4-418C-B80F-FEF56E15DA19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6777EA8-8EB6-4825-A79F-88C332734379}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A74C2128-0FB5-48AE-8148-321717C6C8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B85D93A4-79F4-4902-AF47-2A96947E0545}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9BB4AB3-1E2A-491C-8871-A7320A7D7EA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCBB4C4C-9D31-4857-8FB0-54AC9CCCCFBF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CABC53B4-8414-40DD-8674-D3293E7D3CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E28C52F0-A482-4B5D-8A93-E344DA8B3FB3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E446091E-5CCC-4352-A7F2-811C635B850D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB7457D8-3631-4C02-A88E-52C0077820C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0BA2FEA-896B-424B-8F43-E66194BD2615}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1EDE5A5-9B53-44BD-9C23-31C966FE298B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F5F1B2E2-C6E5-4EAA-8312-E8BC836D47AF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7abfed26-00b3-42c7-9098-3d33f7e4981e}" = Nero 9
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"678B5665-C9E7-4853-91C9-05A2FD16B179_is1" = Registry CleanUP 2007 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Brother HL-5150D" = Brother HL-5150D
"CCleaner" = CCleaner
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free Studio_is1" = Free Studio version 4.9.13
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LetsTrade" = LetsTrade Komponenten
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"MAGIX Fotos auf CD & DVD 3.0" = MAGIX Fotos auf CD & DVD 3.0
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NewsletterDesigner_is1" = NewsletterDesigner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ST6UNST #1" = I Ching V1.6
"SuperMailer" = SuperMailer 5.51
"Totalcmd" = Total Commander (Remove or Repair)
"TrueImage" = Acronis*TrueImage
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2009 05:25:41 | Computer Name =| Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0x2630, Anwendungsstartzeit
01ca669ec3e7abd8.
Error - 16.11.2009 05:25:44 | Computer Name = | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0x2224, Anwendungsstartzeit
01ca669ec5ddd688.
Error - 16.11.2009 05:25:47 | Computer Name = | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0x2754, Anwendungsstartzeit
01ca669ec7b3cf08.
Error - 17.11.2009 02:12:35 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.11.2009 02:12:35 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2009 03:35:28 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2009 03:35:28 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2009 03:47:26 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2009 03:47:26 | Computer Name = | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2009 05:11:51 | Computer Name = | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18828 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1a04 Anfangszeit: 01ca682eaea7b3c4 Zeitpunkt
der Beendigung: 7
[ System Events ]
Error - 27.05.2011 08:38:05 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:38:05 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:38:08 | Computer Name = | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{748288BB-19A2-4DBA-8EEF-45748456F5C4} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 27.05.2011 08:38:08 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:38:11 | Computer Name = | Source = Service Control Manager | ID = 7002
Description =
Error - 27.05.2011 08:43:44 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:43:44 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:43:47 | Computer Name = | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{748288BB-19A2-4DBA-8EEF-45748456F5C4} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 27.05.2011 08:43:47 | Computer Name = | Source = netbt | ID = 4321
Description = Der Name " :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.22 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2011 08:43:50 | Computer Name = | Source = Service Control Manager | ID = 7002
Description =
< End of report >
|
|
27.05.2011, 19:20
| #7 |
| | Windows Vista Recovery Scam? und hier noch der Log von Malware bytes. Würde mich über weitere Hilfe, wie ich meinen PC wieder in seinen alten Zustand zurück versetzen kann sehr freuen. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6694 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 27.05.2011 20:17:19 mbam-log-2011-05-27 (20-17-19).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157830 Laufzeit: 4 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
27.05.2011, 19:36
| #8 |
| /// Malware-holic | Windows Vista Recovery Scam? 1. deinstaliere mal spybot, starte neu. 2. nutze jetzt combofix.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2011, 19:46
| #9 |
| | Windows Vista Recovery Scam? Übrigens hat "Windows Vista Recovery" sogar ein Icon auf meinem Desktop installiert und ist unter Programme zu finden.... mit einem "De-installier-Button" wie soll und kann ich das löschen? |
|
27.05.2011, 19:58
| #10 |
| | Windows Vista Recovery Scam? Combofix! was macht dieses Programm und wird mein Rechner dann von dem Trojaner befreit? Bitte um kurze Erläuterung..... |
|
27.05.2011, 20:31
| #11 |
| | Windows Vista Recovery Scam? Na toll, jetzt habe ich trotz meiner Zweifel dieses Combofix laufen lassen und jetzt funktioniert nix mehr auf meinem Rechner.... Die Programme sind zwar wieder da.....aber kein Programm startet mehr... z.B. wenn ich den explorer öffnen will kommt: "es wurde versucht einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde" scheisse, was ist denn jetzt los.... ich schreibe im Moment wieder von einem anderen Rechner, weil beim infizierten nix mehr läuft.....bitte um Hilfe.... |
|
28.05.2011, 11:30
| #12 |
| /// Malware-holic | Windows Vista Recovery Scam? ich warte auf combofix. deine programme gehen nach neustart wieder.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2011, 15:25
| #13 |
| | Windows Vista Recovery Scam? Hallo Markusg... wäre froh, wenn Du mir weiter helfen könntest.... gestern abend habe ich dann einfach alles ausgestellt und aufgegeben.... Jetzt wage ich mich wieder dran. Die Programmleiste ist wieder da aber nicht vollständig. Meine Daten scheinen vollständig erhalten aber unter "Eigenen Dateinen" gibt es keine Einträge... mehr habe ich noch nicht entdeckt... Ich bin ziemlich verzweifelt und brauche den Rechner dringend... |
|
28.05.2011, 15:28
| #14 |
| /// Malware-holic | Windows Vista Recovery Scam? poste den inhalt von combofix.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2011, 15:45
| #15 |
| | Windows Vista Recovery Scam? bin im Moment an einem anderen Rechner....muss noch etwas arbeiten und bin später wieder zu Hause beim "infizierten Kerl"...Danke, dass Du Dich wieder mal gemeldet hast.... |
|
| Themen zu Windows Vista Recovery Scam? |
| advanced, andere, anderen, beschädigt, desktop, dringend, entferne, entfernen, erklärung, erscheint, fake, fenster, festplatte, heute, kaufen, morgen, nicht mehr, platte, problem, recovery, trojaner, vista, vista recovery, windows, windows vista, windows vista recovery scam |
Linear-Darstellung
