| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2011, 11:38
| #1 |
| |  Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer Hallo zusammen, vor einiger Zeit hat mein Virenprogramm (G Data) den Virus Virus: Trojan.Generic.5295221 (Engine-A) gefunden und gelöscht. Mein PC wird aber auch immer langsamer und die Festplatte ist ständig am arbeiten (wie jetzt auch). Kann aber gar nicht so genau sagen, was.. Im Task-Manger sehe ich nur, dass SamSs, ProtectedStorage, KeyIso usw ausgeführt wird. Erscheint mir alles recht seltsam, zu dem habe ich öfters einen totalen Stillstand, der dann nach ca 1 Min wieder weg ist. Ich benutze G Data TotalCare (gekauft), TuneUp Utilities (gekauft) und CCleaner (free). Hier ein paar Daten zu meinem PC: 5,5 Windwos Leistungsindex AMD Phenom(tm) II X4 925 Processor 2.80 GHz Installierter Arbeitsspeicher 4,00 GB (3,25 GB verwendbar) 32 Bit - Betriebssystem (Windows 7) und echt laaaaaaaahhhhhmmm.. sogar bei WoW stockt es ab und zu. Vielleicht hat das was mit dem Virus zu tun oder sind noch mehrere drauf trotz Virenprogramm? Viele Grüße Tami |
|
19.04.2011, 11:42
| #2 |
| /// Malware-holic   | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer hallo,
__________________tuneup ist müll, auch solche angeblichen "tuning" maßnamen können das system verlangsamen und schädigen, solch einen schrott sollte man vom pc verbannen, und schon gar kein geld dafür raus schmeißen. aber nun zu deinem problem. 1. wo ist gdata fündig geworden? 2. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
19.04.2011, 11:55
| #3 |
| | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer Erstmal danke,
__________________habe trotzdem das Bedürfnis den PC ausn Fenster zu schmeissen.. Hier ist das Programm fündig geworden: Virenprüfung mit G Data TotalCare 2011 Version 21.1.2.2 (15.12.2010) Virensignaturen vom Startzeit: 16.04.2011 12:55:51 Engine(s): Engine A, Engine B Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 16.04.2011 15:55:58 158720 Dateien überprüft 1 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Objekt: A0016809.exe Pfad: I:\System Volume Information\_restore{A44B1AB4-1CAD-4857-8630-AB7A70D7E34B}\RP69 Status: Virus entfernt Virus: Trojan.Generic.5295221 (Engine-A) + Der Zugriff auf die folgenden Dateien wurde verweigert: -------------------------------------------------------------------------------- C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl C:\hiberfil.sys C:\pagefile.sys C:\Users\TamZi\AppData\LocalLow\Microsoft\Search Enhancement Pack\Search Box Extension\history.dat C:\Users\TamZi\AppData\Local\Temp\~DF479F2480CA86218E.TMP C:\Users\TamZi\AppData\Local\Temp\~DF4D933A1A734F755E.TMP C:\Users\TamZi\AppData\Local\Temp\~DF87A4178DD895F39D.TMP C:\Users\TamZi\AppData\Local\Temp\~DFB5DF6F998A0B728E.TMP C:\Users\TamZi\AppData\Local\Temp\~DFCBAEEED1CA18EE26.TMP C:\Users\TamZi\AppData\Local\Temp\~DFD2C216D305296A0D.TMP C:\System Volume Information\Syscache.hve C:\System Volume Information\Syscache.hve.LOG1 C:\System Volume Information\Syscache.hve.LOG2 C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{81dedd7a-6791-11e0-b2cb-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c4f11870-636b-11e0-85f3-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c4f118aa-636b-11e0-85f3-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c4f118c7-636b-11e0-85f3-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c4f118f3-636b-11e0-85f3-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{c4f118fb-636b-11e0-85f3-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\{f17bab33-6746-11e0-b61f-406186932cf3}{3808876b-c176-4e48-b7ae-04046e6cc752} C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be01ce730dfbdab99147ae35676f42b0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00e06b1d4687116c4fd019af160aad79_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01095de4e542c8c5e41a3a507941a529_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\025506459fb92578159d263125aebf45_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03a8ee05e47c0ebbc6a5d1c216c916f1_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04302fd36222f42fc99f3c7dcf318d55_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05b0ad5d822903d719b09f42f10a10e0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\060e500c995d382a0f2803376869da96_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08a4e2784c58fb2959a99cfcc637f5ef_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09c1c0b7556e4697c055343b200a7789_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09f44b26119f657d04c6765ed921d2ce_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b19393047176073f85ec77b1976d104_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c93dac5a80958e498d7569a7d70a45f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e063581149c792a11f891f7c586ff4f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fe31c27a89a6908a7979286b46c8388_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10bef02f7d33f53a54339472919c823a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\142bb7319bc249e796dbd3214d8130bd_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13a45a357539dcfcd0c4543482c1f0f0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1513f66c0745ea22b3d993fc6a6ab40d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\17c121fb4d2bef2e237116bb2c640571_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1803e4d3b6f0b01a51e3b04dedcafd94_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d95a14bcac9b4b626c4adf056bab7a4_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d98b2a67a0a8c94847beedffd60d56c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f07a483738321684f2dadb8246b657a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2022f0764c69b273993b698fc456a43a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2010628a7f70a8c82f6eae3862c77a20_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\20a61c3381e8e1029f77b8c90081b102_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21042175bfbb0e70d01d9055ae353a0d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2181906e9aa408cb90bc2499115fe8de_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\219fa1efd8c574e177b7aabc3379f05a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21d8d010be831142cbc3ee4b14291ff0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\220c946389e61a98ad424406afd68337_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22dcab7781d1b94d4b27e16143b0b75d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2651c73c02141f71a3f74bd0f5d3c340_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26b00ef1dd25da90332686211f70be01_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26e35aa57157f82bd6e006eb34a71df9_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2750dee91678fb04edc2da4db800088b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2834d44bc2a8dbf6c5b69bd67b20050a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\285c23d6302527b6288b563ead094ad4_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ce9e001f23082ace0e36c09b1dd3511_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2cf429faccd7b16ad48e9095cf1f9af6_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ec962ff960a7914a298dafab66061b7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\308ce09f67d5059bc28135604c2c8cb1_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30b676240d9b26a5ab2a422f51fc15e4_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\31034775f721c26c3b01b8f67cec633d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\31e15ab271c5f1c0b0f273b93b923894_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3299b4099a129a95d725e948b71fcac8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\342da60a377a252901737c262079733a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37724dac5888da1f301211bbc34726ee_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38149fb26526b19c568f2b3b18bcea76_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\386aad69e3b1a78fd23977b9cb6cbee0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37f072d383c2d1d2821a86dbe4479e20_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b00b6df36d742a338737d509486dbaa_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c73c54b381564beea46cbcf585b1258_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b3affa5a37a8b8bf34744a13119757e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c84fa800fb762bdc555bff091565d02_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d107ea5b5b9dd4e9724ea6a4e951651_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cc158a4332308a66ca09871d426a810_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\40748c90fc3326f21b4ca1681b107690_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e6f22898c3d28bef723db2b6570ef3b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\40be1b055c3149ae090f8fb2ac842965_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4133ae59879ce9a022b4a31b13d5a894_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42d574a683673aeeb2bf5a971a066e17_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44778fff6284099b3d4e02a6d721f663_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44f981fb4da8e1408e6d6b1f8dac80ae_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\474a4c6b4bcb8355f9cffef3e97a31bf_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\454bd3a06237dd944b784b09f9955c40_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48bc374a1d9eaf0b3ef8a6248da2057c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b2c9285a71daacef90cb6a1dd528026_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4ad60ec0f05a124cb52f2815de8b99aa_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d05734560daa88fab1e755518761b73_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d6ceb0264dded79a146fe02e95e9bd8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4db2581ea7dca5f47e66c053d36ed68d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e7fae3a84e8b54fd92fa8b19e48816c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f6f947a301cdee63a2251f11e2fd8a8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4fddf5ef250c5d0d46816ed9627e02f5_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4fe9760527532aa492a220e239484a40_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5058729987754ab7f8d6a8c721466a79_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5189faea9d61a6f895074889deab722b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51b075db6f5f9412a650789768b7c045_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5315f4bfa29039bf0b7eb5e9d87dd937_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\530d221a19337f8fc06a623caa340fb8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\534b977a12b2ade3f75b0e42523510f0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\54c401a63ac72d0478eb1f62f32f1c3c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5537f2db3bb927fe628609266716456b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\553af71bb565ae3e29bb96d602bb530c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57d1cac82c0781f58b57b0f14bac5874_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\559f0183dcb5b28443429a1b650822fb_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\58d222a59586f30062e3c64d636fd444_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c5b6c654b12ebcb49bf55688d4e60d8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\606162f14442cb6a3a49ce28438346ae_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\611ee8fb4a69b8f911b51f6ff64260ab_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\616a7286dd420a9709a53e9155fdacef_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\625b4a6742962876252f7315fc6957d9_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68bb06cdcb391905995bb2e849f92973_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6610803990f2900f937a7b774d44b55e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\65d6398be39a2499a49902a23398b8b2_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ccd9f0cd4032df2e8c305e5bfb3daf3_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d9e5a8e5b527778a0d69cea035c7bc8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f941386baf0a611c102edb81c34841e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72864d27b7b29ab4c5deb9ca5881da71_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73baf5221bfe3381e75ca4cdcedf4c17_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74b5ba4700c14009c38eb9de07c8e827_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7906fe31ab273a8eb7bfdb0919b0b869_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a53e3d6658679e3cec9230a5709a3a1_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bb69a9bd74fe12134f55defbb0f6ac9_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f722d75baa8b28a7e1d7462412f364b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cde58eb8411d88dfb3223cbc8b43416_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81c5ced632e6314b1d277518297b1911_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82324a285d8416e67ea5c5729978b57f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82f11283081a8039f5b1777a0fa11283_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\830af6f05de527013ea9325f417761b5_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83b6e1674b81adc9e0777129e5f21872_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\847567394a4a84073d2ba80ac621b0fc_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84cc11f6756961d6957beb89081c29e0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\857e8b71077522ed6241ffdd459f838f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86b11a36b2d7c97a0c5e0a479d586042_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\887de6280825a86a860fa07da2056053_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\897c4bce3c7a5cbe445165def73eb0ce_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\872df5c15ae537d96ff248724fec98f7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a1251b6d2d57b7b266ba807ebc98289_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\91360e18194a78ba32c91f8614c139ff_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e7d520a553505a85a3ac760be328216_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\950e6b96f894a382bc4837a0fbce7935_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\960a2268d3c4775cdcc77df03bf3ab27_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\961e89d047b1c9353c4deeb666168569_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\987b436e9ed7f10d9ef32c52a4b3e22d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\999396a74d1c36f151980d1284744dbf_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97af27735ee9b49c2896116c965ffb23_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a2485bbe92bea3de23aa62adff30f2d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9aee3673d169357d1c5f4e49518962db_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bb536ae7c3a462291c4a802b95a11ba_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9db1fdade6b200e10a4e6579e84b3ef0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bbe11df48c522089291eccd285a05fa_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1746725f70b6214901617c7fdf98470_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2016bb4966ddd963cd23091101cab43_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2b083ef650921c22b4307e76d4a0e86_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2821c45f0d59d36e7d7ad5a60ad2319_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2b11175560f4be53419cf28b3f05a7c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3217527cf01d712b0ef84100d126d9c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a357ec104d72697a7d055c21611a8a9e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a661054ec3b5ad8c661e82eded79daf8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a83089f5d802b0c252b34d773fcb194b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a70d2bdc9f84f3fcecb370303d040b9c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a93796bba1ae83d70c7a7aa7cbc075e6_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aae6d4ce800c637d4d9043d0fd8dbd5a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a92c053e085e69078272f70e8718abbc_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab96e7f926199d8d6d72ec1454c701bd_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\adf4c3a2f5cee9b5b94934f73040433c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aeaea80badaff52b58e73335c1264196_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aefccc17e4152823f4ea59982dab259e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\afd788ad99a4f6519c832eff31394d68_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\afe25181e8610d3683478f1f6dd0cc72_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0031d8629cc4f7051f1c042f242fba3_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b07d76d1200bdc6c79d95da2a3420b49_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0a77c9efbb91237b6e64a841a5d44e0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b24162fa10d4fb1bcc35b724c810cdb5_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3870ea6bd5155dbe458d0fd54c7ec20_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b45139c832c11ecf6dd0dd23ffeb4781_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b45e03c170127d79ba50154401fa65af_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b4627b060525ceae76ffae1a2e410f9e_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5110930870f49bbe4fec65b11a81810_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b530bddf6260382babda4059b73e8e2a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5ab85683950276b7218f98446444fb0_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5b1021d73007cce68a9b7b3701dfbd7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6dda07757665fc5653aac28d65edeab_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ba10cb028967542574036e6550dd6cba_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bacf8306949ce98d4b626377f7f7eb4c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc79b150779415a54941bce01e3ed584_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb95707e7bdb951d293db6687ed1b4b6_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be1c2a6990279174dde0940e55653a50_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c18bc0d3bd9a9444ff849786772c4131_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c26b93b03b74a452d423a95b86d99376_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c279d91e120f519679633a05bbe12dad_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c30606d8bb41c812c9f2c1428a22158a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c45db89d98d8dff1fb9ae223879b3ca1_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3a0b37211f54b111f6568c71b43e49b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c51b18a12e8ff736ab2fabcd051ee7c7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6870f79a426b07241087225d1ae3f91_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c55c30fcaabcc2a5f31767f0e8ea03c8_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c862d3f0aafd121a7a5a06278be24f30_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7f99c240edf7a072e236b7786f35f07_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca822abe69b8e85d6eede25c86dbdb3b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc728dff8a1ad2a5f8b02ce55e92babd_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccb76cce3b1755e0619f9d085622e3dd_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc8ca1b5c01a2930179d36ee10d2195a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d0c63aad7bb31a000a193342cb65c9ae_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd42fc28d431b1cff2586035f98dd8d4_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce4d8614c2ab1451f731db168b8a7185_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1858820585396707bb57f3f34f1b7c4_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1b180c52c4db03d3a57f65321e0a491_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d28fc22a3f4525fc6e2a5b45541b8d54_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3bd2a5a08db0752f3a06e6efbca3a0b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d54ee7a45b738c480f197ee662fe9e34_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2dcc3b49bb2751666aa39c06cba1645_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d66fdd17eb0e54eee96361e00fd694c3_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6c6df3710ab87cfb60d7f0da2aeed92_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6ad862ef0e1d19d5d835ed38198812f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7292fdc5ad7064b0aa05154b34a583b_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d80b75c17114cbb714fba36cc9bee416_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8a365233a484d9689914cad6fd0161d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9c849a2ca64329bcb6229a46160b08f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da80fbf863fad3334ae2907ff9bf2260_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db07f67a7aaeab3214f4f6233d6fdef5_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db46512a37e9db27a5ffd819c59ef31a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db6dae5156e992dbed324a0d084244cf_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc530004fe153efd843665a59b1ca8f7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddf1de5d8ad48a898d06981ba158f62c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e128f24fff8a9511ffc52639271c5b1c_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e20da32900b8e9acf31806ddf767746a_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1dae55891119469659ccd8126b30a38_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e3f0d0273c24b5f0efe91bc0dfd6b4b1_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e52b45c4dbe2553086bfb0da53982036_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e68d9e4fd3a14976769b2231bd37a544_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e71e1c9a35f04a55f2ecdb6f770c60d6_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7375b563f1acf6ba76a165ec852e4eb_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea51ee02a254d792206d470761292f88_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea34dc66d92e37ef444496eea41b00fe_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\edeba9db19ebc1d93847a7eac8e0c953_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee3b3c3eef1ccf1804ece27ab697818f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef2d66db1207d152b73d6508cdfebf96_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f02849db58400e2c0fefdbeb38071c9d_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0ae20855989a3e351e0a5e5a60328db_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f319b97c392813fe51858972f1c145e7_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f42c78dde022d1f5da148f773f91e9cc_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f5aef5da643eed84b99ee0efe302a499_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f75fd68984429ba00d274f0ccbc1893f_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb7cfd8aec5a70b77cf457f0f440a099_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc111a0fb1fdf73bfd90dda983718dce_849363bd-f511-46b4-b6a2-7e963d94f644 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd8c3bc363c8a4b5453d0e19b0a84128_849363bd-f511-46b4-b6a2-7e963d94f644 -------------------------------------------------------------------------------- + Die folgenden Dateien sind Passwortgeschützt: -------------------------------------------------------------------------------- I:\tamzi pc\Eigene Datein\Hundesport usw\faehrtenhundscript.exe D:\Tools\Corel Draw Essentials 4\AutoPlay\autorun.cdd J:\Games\Far Cry 2\autoplay\autorun.cdd J:\Musik\GrooveCoverage\Groove_Coverage_7_Years_and_50_Days_for_www.goldesel.to.rar -------------------------------------------------------------------------------- Ich probiere das mit dem Programm gleich mal aus |
|
19.04.2011, 12:18
| #4 |
| | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer Extras.Txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.04.2011 12:58:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TamZi\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 1296,11 Gb Free Space | 94,18% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,67 Gb Free Space | 58,35% Space Free | Partition Type: NTFS
Computer Name: TAMZI-PC | User Name: TamZi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{258236B1-6DFE-7363-E4C3-CDC6FCC03BF6}" = Catalyst Control Center InstallProxy
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31B59248-4591-4ED7-BBE9-588C60F09FAC}" = G Data TotalCare 2011
"{32CEEB31-2836-4368-A55A-5B75DE0DE3D5}" = GMX Toolbar MSVC90 CRT x86
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3595DD89-873E-6911-4AF0-47542B5C8073}" = ATI Catalyst Install Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB05083-3621-D206-CB9B-68E8CDB139AD}" = CCC Help English
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42595D32-31E2-D6B0-D6C2-0B068AC22CBA}" = Application Profiles
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C36BD6F-3C93-3ED7-A4EA-2D1D9A6E215B}" = Catalyst Control Center Graphics Previews Common
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C457CDB-18B2-E0AA-F2DD-5A69AE2C0505}" = ccc-utility
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AABB8DC0-EAD9-AB1A-481D-0780B0277FF7}" = AMD Drag and Drop Transcoding
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC84BA9D-B8B1-5723-ABE0-6BD8EA698A3F}" = WMV9/VC-1 Video Playback
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{ADA6637C-88B5-D2D6-E017-8F7C000CAC3E}" = ccc-core-static
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Foto Service D" = ALDI Foto Service
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"CCleaner" = CCleaner
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF reDirect" = PDF reDirect (remove only)
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8c
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1014318291-2568222482-581065179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2011 21:34:38 | Computer Name = TamZi-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
HResult: 0x1. OException caught while loading the descriptor xml
Error - 17.04.2011 21:34:38 | Computer Name = TamZi-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
Type: 45::InvalidMetadataFile.
Error - 18.04.2011 04:29:31 | Computer Name = TamZi-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.1.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6628 Startzeit:
01cbfda24dbf133a Endzeit: 12 Anwendungspfad: C:\Program Files\iTunes\iTunes.exe Berichts-ID:
Error - 18.04.2011 06:01:12 | Computer Name = TamZi-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.1.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5cd8 Startzeit:
01cbfda2c110a4c7 Endzeit: 12 Anwendungspfad: C:\Program Files\iTunes\iTunes.exe Berichts-ID:
Error - 18.04.2011 07:49:51 | Computer Name = TamZi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 5ffc Startzeit: 01cbfd9bc7973cc9 Endzeit: 67 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 18.04.2011 07:54:43 | Computer Name = TamZi-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.1.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7bbc Startzeit:
01cbfdb118cf7580 Endzeit: 10 Anwendungspfad: C:\Program Files\iTunes\iTunes.exe Berichts-ID:
Error - 18.04.2011 08:07:23 | Computer Name = TamZi-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
HResult: 0x1. OException caught while loading the descriptor xml
Error - 18.04.2011 08:07:23 | Computer Name = TamZi-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_working\{90140011-0062-0407-0000-0000000FF1CE}\descriptor.xml
Type: 45::InvalidMetadataFile.
Error - 18.04.2011 18:32:03 | Computer Name = TamZi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.04.2011 18:32:36 | Computer Name = TamZi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ System Events ]
Error - 03.04.2011 10:29:29 | Computer Name = TamZi-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 03.04.2011 10:29:38 | Computer Name = TamZi-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 10.04.2011 08:30:00 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 08:30:00 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 10:04:02 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 10:04:02 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 10:11:36 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 10:11:37 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 12:03:32 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
Error - 10.04.2011 12:03:32 | Computer Name = TamZi-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
19.04.2011, 12:24
| #5 |
| /// Malware-holic | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer ok, otl.txt fehlt noch
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.04.2011, 12:27
| #6 |
| | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.04.2011 12:58:29 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\TamZi\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1296,11 Gb Free Space | 94,18% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,67 Gb Free Space | 58,35% Space Free | Partition Type: NTFS Computer Name: TAMZI-PC | User Name: TamZi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TamZi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\GUI\GDSC.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe () PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\TamZi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AVKService) -- C:\Program Files\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDTunerSvc) -- C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe () SRV - (GDBackupSvc) -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.11 00:25:22 | 000,000,000 | ---D | M] [2010.10.03 20:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TamZi\AppData\Roaming\mozilla\Extensions [2011.04.13 21:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TamZi\AppData\Roaming\mozilla\Firefox\Profiles\l3kcrg8z.default\extensions [2011.03.27 20:29:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\TamZi\AppData\Roaming\mozilla\Firefox\Profiles\l3kcrg8z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.13 21:30:44 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\TamZi\AppData\Roaming\mozilla\Firefox\Profiles\l3kcrg8z.default\extensions\ffxtlbr@babylon.com [2011.03.23 16:07:07 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\TamZi\AppData\Roaming\mozilla\Firefox\Profiles\l3kcrg8z.default\extensions\toolbar@gmx.net [2011.04.10 16:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.26 12:03:47 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} File not found (No name found) -- [2010.09.26 12:03:47 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE} () (No name found) -- C:\USERS\TAMZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L3KCRG8Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1014318291-2568222482-581065179-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1014318291-2568222482-581065179-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\TamZi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{0BA1959D-30C5-40D2-8B14-35010CBBA242} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.04.19 12:20:33 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\G Data Protokolle [2011.04.17 00:57:01 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.04.17 00:43:42 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\1&1 Mail & Media GmbH [2011.04.17 00:43:40 | 000,000,000 | ---D | C] -- C:\Programme\GMX Toolbar [2011.04.16 03:14:34 | 000,000,000 | ---D | C] -- C:\537b1aed4ea1dedc2ef049a8 [2011.04.15 21:25:40 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\IPhone [2011.04.15 21:24:21 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Kündigungen [2011.04.15 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Rücksendungen [2011.04.15 21:23:44 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Bundeswehr [2011.04.15 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Standesamtliche Trauung [2011.04.15 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Kontoänderung Adressen [2011.04.15 20:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF reDirect [2011.04.15 20:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF reDirect v2 [2011.04.15 20:43:07 | 000,000,000 | ---D | C] -- C:\Programme\PDF reDirect [2011.04.15 15:23:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 15:23:10 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 15:23:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 15:19:25 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 15:19:24 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.15 15:19:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.15 15:19:19 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 15:19:18 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\PDF reDirect [2011.04.13 21:08:24 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2011.04.13 21:08:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2011.04.13 21:08:22 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2011.04.13 21:08:22 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2011.04.13 21:08:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2011.04.13 21:08:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2011.04.13 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\WordToPDF [2011.04.12 20:03:44 | 000,000,000 | ---D | C] -- C:\World of Warcraft [2011.04.10 15:56:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.10 15:56:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.10 15:56:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.10 15:56:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.10 15:56:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.10 15:56:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.10 15:56:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.10 15:56:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.10 15:56:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.10 15:56:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.10 15:56:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.10 15:56:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.10 15:56:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.10 15:56:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.10 15:56:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.10 15:56:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.10 15:56:15 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.10 15:56:15 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.10 15:56:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.10 15:56:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.10 15:56:15 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.10 15:56:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.10 15:56:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.10 15:56:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.10 15:56:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.10 15:56:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.10 15:56:14 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.10 15:56:14 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.10 15:56:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.10 15:56:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.10 15:56:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.10 15:56:13 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.10 15:56:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.10 15:56:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.10 15:56:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.10 15:56:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.10 15:56:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.10 15:56:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.10 15:56:12 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.10 15:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2011.04.05 21:06:14 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Local\Windows Live [2011.04.05 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Tamara Bewerbungen [2011.03.27 21:43:23 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\Amazon [2011.03.27 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Amazon [2011.03.27 21:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.03.27 20:29:49 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.27 20:29:45 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\DVDVideoSoft [2011.03.27 20:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.03.27 20:29:31 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2011.03.27 20:29:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2011.03.23 18:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2011.03.23 16:32:21 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Local\G DATA [2011.03.23 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\TamZi\Documents\Outlook-Dateien [2011.03.23 16:13:46 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Local\SoftGrid Client [2011.03.23 16:12:31 | 000,000,000 | ---D | C] -- C:\Users\TamZi\AppData\Roaming\SoftGrid Client [2011.03.23 16:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (Deutsch) [2011.03.23 16:07:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Application Virtualization Client [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.19 12:46:59 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 12:46:59 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.18 14:04:11 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.18 13:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.18 13:56:34 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2011.04.18 03:24:10 | 000,425,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.18 03:02:19 | 000,707,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.18 03:02:19 | 000,660,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.18 03:02:19 | 000,152,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.18 03:02:19 | 000,124,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.13 20:51:25 | 000,000,367 | ---- | M] () -- C:\Users\TamZi\Heimnetzgruppe - Verknüpfung.lnk [2011.04.10 15:56:18 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.10 15:56:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.10 15:56:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.10 15:56:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.10 15:56:18 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.10 15:56:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.10 15:56:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.10 15:56:17 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.10 15:56:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.10 15:56:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.10 15:56:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.10 15:56:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.10 15:56:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.10 15:56:15 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.10 15:56:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.10 15:56:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.10 15:56:15 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.10 15:56:15 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.10 15:56:15 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.10 15:56:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.10 15:56:15 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.10 15:56:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.10 15:56:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.10 15:56:15 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.10 15:56:15 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.10 15:56:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.10 15:56:14 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.10 15:56:14 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.10 15:56:14 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.10 15:56:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.10 15:56:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.10 15:56:14 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.10 15:56:13 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.10 15:56:13 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.10 15:56:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.10 15:56:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.10 15:56:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.10 15:56:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.10 15:56:12 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.10 15:56:12 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.10 15:47:47 | 000,000,038 | ---- | M] () -- C:\Windows\System32\ZX9EQJT7_{DFD16760-0E42-40BC-987D-FC3506C985D5}.dat [2011.04.10 14:20:10 | 000,262,144 | ---- | M] () -- C:\Windows\System32\€ [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.18 14:04:11 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.13 21:08:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.13 20:51:25 | 000,000,367 | ---- | C] () -- C:\Users\TamZi\Heimnetzgruppe - Verknüpfung.lnk [2011.04.10 15:56:15 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.10 15:48:16 | 000,001,994 | ---- | C] () -- C:\Users\TamZi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX.lnk [2011.04.10 15:47:47 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{DFD16760-0E42-40BC-987D-FC3506C985D5}.dat [2011.02.23 16:53:46 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.01.11 00:05:54 | 000,186,100 | ---- | C] () -- C:\Windows\hpoins14.dat [2011.01.11 00:05:54 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat [2010.12.09 19:43:38 | 000,007,600 | ---- | C] () -- C:\Users\TamZi\AppData\Local\Resmon.ResmonCfg [2010.11.29 18:25:28 | 000,000,093 | ---- | C] () -- C:\Users\TamZi\AppData\Local\fusioncache.dat [2010.09.22 20:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.06.06 16:20:02 | 000,065,344 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll [2010.02.03 15:03:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.01.26 17:35:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.26 17:04:43 | 000,000,021 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010.01.26 16:48:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,707,044 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,152,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,425,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,660,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,124,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.04.17 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\1&1 Mail & Media GmbH [2011.03.27 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Amazon [2011.01.17 21:07:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Ashampoo [2011.01.15 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Canneverbe Limited [2011.03.27 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.18 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\gtk-2.0 [2011.04.15 20:54:41 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\PDF reDirect [2010.11.24 16:04:03 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\ScreeNet iSaver [2011.04.18 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\SoftGrid Client [2011.03.23 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TP [2010.10.02 22:06:57 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TS3Client [2010.09.24 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TuneUp Software [2011.04.13 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\WordToPDF [2011.02.18 12:53:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.17 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\1&1 Mail & Media GmbH [2011.01.19 17:47:45 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Adobe [2011.03.27 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Amazon [2010.11.20 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Apple Computer [2011.01.17 21:07:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Ashampoo [2010.09.24 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\ATI [2011.01.15 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Canneverbe Limited [2011.02.23 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Corel [2011.01.18 19:16:54 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\CyberLink [2011.03.27 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.18 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\gtk-2.0 [2011.01.11 20:45:16 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\HP [2010.09.24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Identities [2010.09.24 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Macromedia [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Media Center Programs [2011.03.23 16:33:26 | 000,000,000 | --SD | M] -- C:\Users\TamZi\AppData\Roaming\Microsoft [2010.11.29 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Mozilla [2011.01.14 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Nero [2011.04.15 20:54:41 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\PDF reDirect [2011.02.21 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\Real [2010.11.24 16:04:03 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\ScreeNet iSaver [2011.04.18 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\SoftGrid Client [2011.03.23 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TP [2010.10.02 22:06:57 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TS3Client [2010.09.24 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\TuneUp Software [2011.01.04 23:35:45 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\WinRAR [2011.04.13 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\TamZi\AppData\Roaming\WordToPDF < %APPDATA%\*.exe /s > [2010.12.10 20:22:27 | 000,077,542 | R--- | M] () -- C:\Users\TamZi\AppData\Roaming\Microsoft\Installer\{42595D32-31E2-D6B0-D6C2-0B068AC22CBA}\ARPPRODUCTICON.exe [2011.02.21 15:50:35 | 000,010,134 | R--- | M] () -- C:\Users\TamZi\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.04.10 15:56:15 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2011.04.10 15:56:15 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2011.04.10 15:56:12 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll < End of report > |
|
19.04.2011, 12:28
| #7 |
| | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer Der Pc arbeitet immernoch an irgendwas |
|
21.04.2011, 09:29
| #8 |
| | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer Nun hab ich die Karten aufn Tisch gelegt und jetzt kommt nix mehr...... |
|
21.04.2011, 10:38
| #9 |
| /// Malware-holic | Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer sorry. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Virus: Trojan.Generic.5295221 (Engine-A) gefunden und PC wird immer langsamer |
| arbeiten, arbeitsspeicher, betriebssystem, ccleaner, data, daten, festplatte, free, gekauft, hallo zusammen, langsamer, min, platte, programm, recht, seltsam, stillstand, stockt, totale, trojan.generic., trotz, virus, wieder weg, windows, windows 7, windwos, zusammen |
Linear-Darstellung
