Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner infiziert mit Win32Spy.Zbot Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2011, 16:22   #1
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Hallo liebe Gemeinde,


mein ESET meldet mir mein Arbeitsspeicher wäre mit dem oben genannten Virus befallen und ESET kann diese Infektion nicht säubern.
Habe anscheinend einen E-Mail Anhang geöffnet der als Bild getarnt über eine Anwendung ins System geschleust hat.
Das System ist nun ultra langsam, Internet Explorer und ähnliches hängt sich auf.

Bitte um eure Hilfe welche Schritte ich gehen muss um diesen Virus zu entfernen !

Alt 30.12.2011, 17:01   #2
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 30.12.2011, 17:13   #3
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Super Danke !

Kurzer Hinweiss noch !

Habe eine ESET Rescue Disc durchlaufen lassen ,da findet er keine Infektion.

Sobald Windows wieder normal startet, meldet ESET die Datei taskhost.exe als infiziert. Das System ist dann sofort wieder sau langsam und nicht vernünftig bedienbar.
__________________

Alt 30.12.2011, 17:31   #4
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Hallo AlexCSH,

bitte folgenden Link beachten!

http://www.trojaner-board.de/69886-a...-beachten.html

Gruß
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.12.2011, 19:50   #5
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



so habe die drei anwendungen durch laufen lassen, der pc ist im moment wieder steuerbar..

die olt.txt war zu groß deshalb hänge ich sie an..OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.12.2011 18:51:49 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Media\Desktop\Trojaner
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,44% Memory free
6,00 Gb Paging File | 4,51 Gb Available in Paging File | 75,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 38,98 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 344,30 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
 
Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\Trojaner\OTL.exe
PRC - [2011.08.01 13:02:18 | 000,351,952 | ---- | M] (Binnerup Consult) -- C:\Programme\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.01.12 15:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe
PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010.01.18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsTray.exe
PRC - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsSvc.exe
PRC - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsAuxs.exe
PRC - [2009.12.06 22:13:16 | 000,397,312 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.08.01 02:06:25 | 000,155,648 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.06.20 00:31:39 | 000,651,264 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.04.09 02:49:30 | 000,344,064 | ---- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.02.21 09:26:20 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.02.21 09:26:20 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.30 17:14:08 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2011.12.30 11:05:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ea98cad4cea9ac78db91e6c66a6cbf3\System.Web.Services.ni.dll
MOD - [2011.12.30 11:05:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 20:49:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.14 20:48:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011.10.14 20:48:55 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 20:48:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011.10.14 20:48:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.14 20:48:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 20:48:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 20:48:30 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 20:48:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.14 20:21:10 | 001,941,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.08.01 02:06:25 | 000,155,648 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.13 12:33:06 | 000,126,464 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe -- (Installer Service)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.12 15:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.12.06 22:13:16 | 000,397,312 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.09 02:49:30 | 000,344,064 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.02.21 09:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.06 21:59:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.05 17:27:44 | 000,838,912 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2010.12.21 14:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 14:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 12:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 12:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010.12.21 12:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010.02.02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.02.02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.02.02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.09.15 13:27:24 | 000,641,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.14 09:26:24 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008.07.14 09:02:00 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.03 04:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 23 96 C3 16 0B CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 20:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 20:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.05 20:39:30 | 000,000,000 | ---D | M]
 
[2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions
[2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.12.30 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions
[2011.12.26 14:39:54 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.30 12:18:43 | 000,000,933 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\11-suche.xml
[2011.12.30 12:18:44 | 000,002,419 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\englische-ergebnisse.xml
[2011.12.30 12:18:43 | 000,010,525 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\gmx-suche.xml
[2011.12.30 12:18:44 | 000,002,457 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\lastminute.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\startsear.xml
[2011.12.30 12:18:43 | 000,005,508 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\webde-suche.xml
[2011.06.08 22:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.10.04 18:42:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [{07855E74-58D4-C82E-731B-555E718499FC}] C:\Users\Media\AppData\Roaming\Fywab\ataxp.exe ()
O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E365FBB-8B8F-44A2-9710-01B6CAAE05F0}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE1D2C4-5339-42DF-BA1D-5E58F61C0C7C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d6398da0-92be-11e0-86f3-001dba192b71}\Shell - "" = AutoRun
O33 - MountPoints2\{d6398da0-92be-11e0-86f3-001dba192b71}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.30 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Trojaner
[2011.12.30 12:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.30 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.30 11:51:44 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011.12.30 11:51:44 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011.12.30 11:51:44 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011.12.30 11:50:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011.12.30 11:50:13 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011.12.30 11:50:08 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011.12.30 11:50:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011.12.30 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011.12.30 11:50:02 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\PC Tools
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011.12.30 11:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.30 11:47:43 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Downloads
[2011.12.30 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\GetRightToGo
[2011.12.30 11:13:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.30 11:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.12.30 10:59:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.30 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.30 10:51:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.30 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Maax
[2011.12.30 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Fywab
[2011.12.30 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\vlc
[2011.12.30 09:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.29 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\UseNeXT
[2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung
[2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar
[2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.22 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.22 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.22 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.21 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\maxdome - Online Videothek
[2011.12.21 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\BILD
[2011.12.04 21:18:37 | 000,000,000 | R--D | C] -- C:\Users\Media\Dropbox
[2011.12.04 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.04 21:17:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Dropbox
[2011.06.02 20:34:35 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Media\AppData\Roaming\SetupGFD.exe
[2011.06.02 20:33:20 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Media\AppData\Roaming\AvsP.exe
[2011.06.02 20:33:04 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Media\AppData\Roaming\ffdshow.exe
[2011.06.02 20:33:00 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Media\AppData\Roaming\xvid.exe
[2011.06.02 20:32:22 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Media\AppData\Roaming\Imgburn.exe
[2011.06.02 20:32:00 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Media\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.30 18:50:41 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 18:50:41 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 18:45:41 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.001
[2011.12.30 18:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.30 18:45:21 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 17:57:12 | 000,000,156 | ---- | M] () -- C:\Users\Media\defogger_reenable
[2011.12.30 12:29:46 | 000,038,986 | ---- | M] () -- C:\Users\Media\Documents\cc_20111230_122937.reg
[2011.12.30 12:28:30 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 11:50:04 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.12.30 11:07:06 | 000,001,226 | ---- | M] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk
[2011.12.30 10:57:16 | 000,700,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.30 10:57:16 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.30 10:57:16 | 000,147,322 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.30 10:57:16 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 10:51:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 10:03:22 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.dat
[2011.12.30 09:15:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 12:43:07 | 000,962,160 | ---- | M] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht
[2011.12.22 15:34:18 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.22 09:49:30 | 000,001,813 | ---- | M] () -- C:\Users\Media\Desktop\UseNeXT.lnk
[2011.12.15 07:28:38 | 000,507,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.07 20:53:01 | 000,001,008 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.07 20:53:00 | 000,001,028 | ---- | M] () -- C:\Users\Media\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.30 17:57:10 | 000,000,156 | ---- | C] () -- C:\Users\Media\defogger_reenable
[2011.12.30 12:29:40 | 000,038,986 | ---- | C] () -- C:\Users\Media\Documents\cc_20111230_122937.reg
[2011.12.30 12:28:30 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 11:50:13 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011.12.30 11:50:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011.12.30 11:50:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011.12.30 11:50:04 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.12.30 11:50:02 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011.12.30 11:07:06 | 000,001,226 | ---- | C] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk
[2011.12.30 10:51:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 09:15:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 12:43:06 | 000,962,160 | ---- | C] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht
[2011.12.22 15:34:18 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.04 21:18:37 | 000,001,028 | ---- | C] () -- C:\Users\Media\Desktop\Dropbox.lnk
[2011.12.04 21:18:01 | 000,001,008 | ---- | C] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.06 10:28:06 | 000,003,584 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.02 20:40:27 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2011.05.06 22:41:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.06 22:38:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.05 22:26:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.05 13:42:41 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.001
[2011.05.05 13:30:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.05.05 13:30:59 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.05.05 13:30:58 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.05.05 13:30:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.05.05 13:30:58 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.05.05 13:30:58 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.05.05 13:30:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.05.05 13:03:49 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.dat
[2009.07.14 09:47:43 | 000,700,636 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,322 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,507,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,662,518 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,123,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2003.02.27 09:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
 
========== LOP Check ==========
 
[2011.12.28 11:19:09 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.17 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\becker
[2011.12.30 12:29:08 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DAEMON Tools Lite
[2011.07.17 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DeepBurner
[2011.12.30 18:46:00 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Dropbox
[2011.05.05 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ESET
[2011.12.30 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Fywab
[2011.12.30 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GetRightToGo
[2011.05.05 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GHISLER
[2011.12.30 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Maax
[2011.07.17 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MAGIX
[2011.12.30 10:47:25 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\UseNeXT
[2011.10.28 18:40:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.30 11:13:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.12.30 12:04:55 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.05 12:44:57 | 000,000,000 | ---D | M] -- C:\Install
[2011.05.05 12:50:56 | 000,000,000 | ---D | M] -- C:\Intel
[2011.06.07 13:49:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.30 12:28:29 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.30 11:49:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.05 11:51:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.30 18:55:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.11 21:28:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.30 17:50:02 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-30 10:04:47
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---


Alt 30.12.2011, 20:35   #6
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Wie geht es jetzt weiter?

Alt 30.12.2011, 22:59   #7
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Hallo und

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Schritt 1: Combofix
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.12.2011, 23:38   #8
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Bitte schön
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-30.02 - Media 30.12.2011  23:23:48.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.1794 [GMT 1:00]
ausgeführt von:: c:\users\Media\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mazuki.dll
c:\users\Media\AppData\Roaming\Fywab\ataxp.exe
c:\users\Media\AppData\Roaming\ImgBurn.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\pthreadVC.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-30  ))))))))))))))))))))))))))))))
.
.
2011-12-30 22:28 . 2011-12-30 22:29	--------	d-----w-	c:\users\Media\AppData\Local\temp
2011-12-30 22:28 . 2011-12-30 22:28	--------	d-----w-	c:\users\Mcx1-MEDIACENTER.Mediacenter\AppData\Local\temp
2011-12-30 22:28 . 2011-12-30 22:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-30 22:18 . 2011-12-30 22:18	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E803C3E-3EE1-484E-AB0B-5B432FDD92E9}\offreg.dll
2011-12-30 11:28 . 2011-12-30 11:28	--------	d-----w-	c:\program files\CCleaner
2011-12-30 10:49 . 2011-12-30 21:19	--------	d-----w-	c:\program files\Spyware Doctor
2011-12-30 10:49 . 2011-12-30 18:15	--------	d-----w-	c:\programdata\PC Tools
2011-12-30 10:47 . 2011-12-30 10:49	--------	d-----w-	c:\users\Media\AppData\Roaming\GetRightToGo
2011-12-30 10:07 . 2011-12-30 11:29	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-12-30 10:07 . 2011-12-30 10:07	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-12-30 09:51 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-30 09:45 . 2011-12-30 22:17	--------	d-----w-	c:\users\Media\AppData\Roaming\Fywab
2011-12-30 09:45 . 2011-12-30 21:30	--------	d-----w-	c:\users\Media\AppData\Roaming\Maax
2011-12-30 08:15 . 2011-12-30 08:16	--------	d-----w-	c:\users\Media\AppData\Roaming\vlc
2011-12-30 06:52 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E803C3E-3EE1-484E-AB0B-5B432FDD92E9}\mpengine.dll
2011-12-28 10:19 . 2011-12-28 10:19	--------	d-----w-	c:\program files\1und1Softwareaktualisierung
2011-12-28 10:19 . 2011-12-28 10:19	--------	d-----w-	c:\programdata\UUdb
2011-12-28 10:19 . 2011-12-28 10:19	--------	d-----w-	c:\program files\WEB.DE Toolbar
2011-12-28 10:19 . 2011-12-28 10:19	--------	d-----w-	c:\users\Media\AppData\Roaming\1&1 Mail & Media GmbH
2011-12-22 14:33 . 2011-12-22 14:33	--------	d-----w-	c:\program files\iPod
2011-12-22 14:33 . 2011-12-22 14:34	--------	d-----w-	c:\program files\iTunes
2011-12-21 12:22 . 2011-12-21 12:22	--------	d-----w-	c:\program files\maxdome - Online Videothek
2011-12-21 12:21 . 2011-12-21 12:21	--------	d-----w-	c:\program files\BILD
2011-12-14 19:03 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 19:03 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 19:03 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 19:03 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 19:03 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 19:03 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-04 20:18 . 2011-12-30 22:18	--------	d-----r-	c:\users\Media\Dropbox
2011-12-04 20:17 . 2011-12-30 22:18	--------	d-----w-	c:\users\Media\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 17:49 . 2011-08-24 14:28	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-28 17:49 . 2011-08-24 14:28	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-28 17:49 . 2011-05-05 18:55	1248080	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 17:56 . 2011-05-21 23:46	1248080	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-07 20:36 . 2011-05-05 18:55	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-07 20:36 . 2011-05-05 18:55	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-14 19:36 . 2011-05-13 13:23	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-04 17:42 . 2011-06-08 21:08	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12	1600616	----a-w-	c:\program files\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Media\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-07-14 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-14 88608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-5 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-5-5 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-02-21 08:26	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2009-09-15 641152]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe [2011-11-13 126464]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-09 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-06 397312]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2011-05-05 838912]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-07-14 818688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/tb/ie_startpage
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll
FF - ProfilePath - c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
HKCU-Run-{07855E74-58D4-C82E-731B-555E718499FC} - c:\users\Media\AppData\Roaming\Fywab\ataxp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-30  23:30:47
ComboFix-quarantined-files.txt  2011-12-30 22:30
.
Vor Suchlauf: 7 Verzeichnis(se), 41.818.238.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 41.376.641.024 Bytes frei
.
- - End Of File - - B01E9132EE86BD2658C934EABFADB966
         
--- --- ---

Geändert von Larusso (31.12.2011 um 00:14 Uhr)

Alt 02.01.2012, 08:23   #9
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Hallo AlexCSH und ein Frohes Neues!

Schritt 1: Combofix-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FOLDER::
c:\users\Media\AppData\Roaming\Fywab
c:\users\Media\AppData\Roaming\Maax

FIREFOX::
FF - ProfilePath - c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage -
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2: MBAM

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 02.01.2012, 18:17   #10
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



sorry hatte vorher keine zeit,,

hier die beiden logs...

Alt 02.01.2012, 23:21   #11
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Nachdem das mit dem Doppel Post jetzt geklärt ist , wie machen wir weiter ?

Alt 03.01.2012, 13:03   #12
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



F-Secure Onlinescanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Deaktiviere dein Antivirenprogramm für die Dauer dieses Scans.
  • Rufe den F-Secure Onlinescanner durch Klick auf diesen Link auf.

    Hinweis: Die Seite prüft, welchen Browser du installiert hast und ob deine Java-Version aktuell ist. Gegebenenfalls wirst du aufgefordert, dein Java zu aktualisieren. Führe dies durch.

  • Wähle als Sprache "Deutsch" und akzeptiere die Lizenzvereinbarungen, indem du das Häkchen in der dafür vorgesehenen Box darunter setzt.
  • Klicke auf "Prüfung durchführen".

    Hinweis: Eventuell wird dir nun eine Java-Sicherheitsabfrage (Sicherheitsinformationen) angezeigt. Bestätige diese unbedingt mit "ausführen".

  • Es wird sich ein neues Fenster öffnen.
  • Wähle Mein Scan und klicke auf Optionen anzeigen.
  • In dem sich öffnenden Fenster, wähle unter Dateitypen für Scan auswählen die Option Alle Dateitypen und hake darunter In komprimierten Dateien suchen an.
  • Klicke unten auf OK.
  • Du befindest dich nun wieder im Hauptmenü des Onlinescanners. Klicke auf Start. F-Secure Online Scanner wird nun einige Dateien herunterladen und dein System scannen.
  • Wenn der Scan abgeschlossen ist, klicke auf Bericht anzeigen.
  • Poste den Bericht hier in deinem Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 04.01.2012, 10:09   #13
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Code:
ATTFilter
 Scanbericht
Mittwoch, Januar 4, 2012 08:40:59 - 10:01:37
Name des Computers: MEDIACENTER
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ D:\ 


--------------------------------------------------------------------------------

Keine Malware gefunden

--------------------------------------------------------------------------------

Statistik
Gescannt: 
Dateien: 382340 
System: 15357 
Nicht gescannt: 443 
Aktionen: 
Desinfiziert: 0 
Umbenannt: 0 
Gelöscht: 0 
Nicht bereinigt: 0 
Übermittelt: 0 
Nicht gescannte Dateien:
C:\HIBERFIL.SYS 
C:\PAGEFILE.SYS 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2 
C:\WINDOWS\SYSTEM32\CONFIG\SAM 
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1 
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2 
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT 
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM 
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY 
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE 
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM 
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG 
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB 
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB 
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT 
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2 
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1 
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT 
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1 
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2 
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT 
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT 
C:\Windows\Installer\44accf8.msi\stream 13\recipes_new.zip1371\recipes_new.xml 
C:\Windows\Downloaded Installations\{D020F65E-6889-4144-BBD6-FFB0A68087DC}\FlexPoints 2.01.msi\stream 13\recipes_new.zip1371\recipes_new.xml 
C:\USERS\MEDIA\NTUSER.DAT 
C:\USERS\MEDIA\NTUSER.DAT.LOG1 
C:\USERS\MEDIA\NTUSER.DAT.LOG2 
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FML7D94.TMP 
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FMLD743.TMP 
C:\USERS\MEDIA\APPDATA\LOCAL\TEMP\FMLD81C.TMP 
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT 
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1 
C:\USERS\MEDIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2 
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE 
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1 
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2 
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} 
C:\SYSTEM VOLUME INFORMATION\{740E5BF8-3560-11E1-9842-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752} 
C:\SYSTEM VOLUME INFORMATION\{594FEF25-35DE-11E1-BB5A-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752} 
C:\SYSTEM VOLUME INFORMATION\{43327CB2-36A4-11E1-8936-001DBA192B71}{3808876B-C176-4E48-B7AE-04046E6CC752} 
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\IMPSERVICE925A3ACA-C353-458A-AC8D-A7E5EB378092.LOCK 
C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP 
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG 
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSSTMP.LOG 
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB 
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0023502C5B6F684E3C128BC7EF31DF70_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\007EFE5FB8C1CC0039A47737F6BA0F5C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00C16FE388F6BE4D4A1ABE4C4478CA6D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01834EC499003177DCECD36DF7AAD04E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\024D428060FF3FA407A4F559EC72FDBF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031ED13248068FE7061DB89B9AA5F345_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04D811BA7CA79DF6522297FDA77E6009_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05E4C9984357E8644F814EE21FA9F513_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0685AF167AA5DBBA3469028C71C377BC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06806F6B225C0F8001B08B7751F137F1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07BC7647CF4EA5E9CCD29FA428A2089B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B164E7FCE1DF6967E27B611185688A6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0891AF6420AF6CB24AE92B9541BA6468_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08D2F70DED5B3703F4CBBF8BC20506F3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0938EED99A5D9051F90E89ADCB48B8B7_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B664E15D0D7A5D1D6ECD8E03D23AFDA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C9AA3BA9F42F4B2C15D5328E02F56C6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B7377853D06F3A9607F148BCA2A3FAA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BC66D4DBFD25895BFAADD6D5AF11786_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EC80DF94A3C313A4F867E0DC119ADE2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\114BAB30CA5546D8FF986D43CA7BAF38_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\121D2119E2067C962ABCBAF530F6A8CE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14EF11DF38F4E0341BEE47A3C3878752_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1172908FAE399F339D6B3B95BBFCACE6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16E081CAC8281D7BDBD6ABA05E64F869_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16B6B7189F527A26036B980E01D714B9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1545223539B343836782DF77AA327EB8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1705F23A8EF0559534C850701D0633F2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17D7262638AEBC47AF300BA6FEA49A6E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1848FB353BCAE6556E26DBE71EBF7C71_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19379208CCD404C8382E556096FB2A54_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A51D88D46D7113241080BA38D921E41_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A28308EC91A15CF07DA0DAB6D89AE3A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BA1EE4E90CE10810D21E03A581C1DAF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18F2066FED09B102C58C57B8B6626B1E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD9163A1156B574FA899EC61DBE80B3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E5C951347DE833AE502C08587D1EA7C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F5D496AED6857F209A9480457F18FBD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C2E1F1E050932DFCA98D930251596CE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E6D6C8D31A2BC8C63372AF2C096AAB4_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\203F9393F6C76EEA1D2D1BC0651F7790_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20EEC83C8F52FB1F29717A6029B918EC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F66722BDB0DA6F04262D9817B08408F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EC0827E9F453534946216D4FEB1B05F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21158D41A7B34F2C2161ABC3C5A4C97D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FEF99C83658D41559EA1C4FC86697AA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24996AE2E50F8C01AE65B23B8558AB8E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24A2E8B41D8DF4BE1E5FC7429F9389C9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24261E8F48A0F3C559C41C442CAB356C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22994F3F905C75EAF25D6CBFEE0B6CA0_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\257A3B3FB762DB4E1BD6E6D69C9E1854_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24B411345021645239F96C98FB40DD0E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24CC51D59545BA20C69373C35BF6B296_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26435A015937CF954226104F54771770_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21F81C3C4FB02C51060E40495D9E6868_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\261E5D8386C1926E6FA5EE618838266D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2629EC8DE221EB527728E6F547400850_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\268CC978552AE25E0DB1B4748583DDEA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29AD3963905635AFE1CF73EAB56DC629_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29BAA64441EF89D59382E0D72F99694B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AEB42C3DFA7C01F7CC4C69286F6583D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DA2132729A48B04FC325AAA404003AD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CCDCCD7F493B78A17DEC2E4E44F07B8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B925C79868AC97B14CA949D79E51BBB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F8C85942C15310AE648153503F2B71D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E9DA5CF1B7EDBCA1A0988803014664D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\288DDB25AF09407EF9A15D2FC619C384_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3005306BC8E67850E71F01963E88AECD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\319914C19752C6B9CFE461F37B269800_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\316E1AF448E954B609E2386AFF9F1B3F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F59A438915BC5379D5BE9CF33326BCA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3374A0A9CB07906B3A21F86C22FE9BC6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3216CBCD2E14DE0F958E73F66CE71953_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31914FAE47A8D5B15B141AEB9AF303E5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\378D1C5104AE848281AF6D896CB464B9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3649FC8BE2092DB33BA2DC1312F3B8AD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37BE7992666E46E6B39E0AECEC02FC1E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\377EFD4E559670DE2CC92D2681D4104E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35ED0919114E3D80044286D21A650553_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38174C985A75EDBFB8B0962F692F3832_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C4A0F4EC5DC9B2DE81C403FD1ECAF46_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38ACABB28BF2703DDA9BC3F1457FEC79_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CF336C6EFF62DADD0F444C5443AD3B1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AFFC14E6AC3C2F354AA9CBEF62F548_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\433623684B0FA746C9E83F541FA975BF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E4EC224803DDB37C0D8F3BF70BAFE06_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CD0BCD6C6FAF06DB8F6F0A4A83C5C43_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C511D5F564076DC0A839D811FB73271_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43C5AC24D07401CECA894FFA3AB5F6BE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F00198B711C4F1CA04DC3D0E5D85873_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44A05B078920A71ED2CAC4FAE974FA52_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4497A9855808E78B33D02C8BC1E66C06_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\454DBEA226D43F915D9FA5E32FA0A352_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\464D1B013F0B82A44F9B2F37EB2C8A97_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\472427CD667E1CCCCCF299FF924EA818_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47417C496EB1FF654E512610911DCE45_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47F435A26EB948B42972439CFBAAB99D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49ECD5F5A1EC0898F8D4058F043FA647_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\491C66F232BFFA668C3000881D75ECCD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4704BC3808A56A6C8708F1C7A73CDD65_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BB5701A8E4E65999EED6299AAE02ED2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C47F44D7813DE4C80E6E69FB8ABD112_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EB5ABD45605C49DCD0162B7C3D50A8C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5009195D2E14F68354A7CCFF7D585E53_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D7303E0AA9FFD4206486B95ABF73648_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\507BF0205F595AC03AE93781500CF772_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C6B619836537488285A9BFC0FC17A2E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49C06548B9AFC3FAA5C8A637CFFD6BCD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\510EF9BB1089690DA0869A8C4CB0CA86_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51A394384463C949166FA9E8E5DFAD27_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51D966866CA4D086A9F14E229B2FF278_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\503ABBE960DBF090E6D3482D829C54A4_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52D97F323F5ED08EA9D1AFA36D11A653_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\520235DA6F272631E8C5EF87B93B9146_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\527FDEC73AE26DF09807CA0CC33F0226_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\536F702F4B91BC5B7F1CCFB45CB9C869_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50C2380480504CFD9954AD8EFA419E65_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5304604DF9AC14EA2E0ECCBF3D7BFCFB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54C110AD5F6C97D5E7FAD8C2065DE6A8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\541F1CDF171B84583212A4396862C509_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54910495680AA88416AC620C369FE061_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54FDAC08BF62EBAC00F9DBD0360BA747_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\553669DA192E46A6D2573259AE460BB4_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\557295817BE59744F3E7756CDC30D91E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55F4BB6431E4954B9D48E357D3CBF77B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55CFB8EB961E39F9F3BE6BE414D367CE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58DAD3A9A759804AF38B0122641A4D1C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\563789EAA41C4A08226F1708EAF37F99_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\589441C0CFDE183C7B41BAA359B653DE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5900726225D8361029A1C95E3A4EC0A1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5873F83468C4B642851CF056BDAE58EE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\591040C9DFAEAF00EE5D15ABBD1CB4BE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59EB6A8A330A5A7DFD5F33B644E35915_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B22372FBB9AEA88FD75EDE9374A4C9C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A15B10DC627F0226F723DA93D54EF58_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A6B7A0B165E2757342AF3AF6FA3E9FF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A432BC4BB133F9D4843E67F8175BAFB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DECA0E5722F592FA0AD7CFC502D7A14_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D04D07ACE2A421DDB14D2638D1780B5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EA98C49CA34FD6912251356755B739C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C97662B3E1DFCDF9815CEFC37CBBFA8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C0BAC658D5971573EFFD485B6B7981E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E6D203684476EFB38117F1BC2E665A5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F256A7889D38DE6A3B4FE7C4AD5E145_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F92AEBCD7DA829B3F9C42CD456F5B60_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\608DE29CE8C165BFAA4B5CC643DA8102_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F2B82F17EB6A1A786E4C284E1324006_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F9C6C676D494F632D184CFFF49872D8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6092B1A1DB98CC142863AE076CCEAE69_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60E2FC61507A9F5C7169B70E2B44B324_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\614E3E3E5E14B04E6C829421BADD6D5B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\634DB15406F82C0C4E5C0E4A1D8B59AB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63222E36E626331C4510FB50C5D19E60_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\622C98742BF31911B6CC952421748A9F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63006E029EDED468555A4681D8E7E0CD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6428EAE7987A1F84A55BDFFD6430163C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64A6C78B6772BB47FACDFFE5C7B2CC67_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\651D37026E35EB4DE7FBAABD5607AF69_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6653A9292330359EDBAEE2447F9C4504_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\666D7A1F3903EA288C9402C43E37109F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67DC7A525F3E594C529C6E0B85356773_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69B208D12CB7C1712A845E77AF2E2730_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6823F70F80A7BDA85AC17B48ECFA832F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\687A96DAE88B6C872931BBA6ED01B4FE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D2A5B9747AC2D0B26D9F479374035D3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C5519F1106593AA9BAF0EBD37183102_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EB711B8AA6A9218808F0065A2E5E41B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68831FA9FE2676BD00ADE25C257A3C66_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CED64014CCAE4E10294682CD65AD81A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70F6686B4449528F89478D396DCAABCF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FCAD62C28C5A3628CA621166A69EA1D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\700270F1E4066FF2CC70E6612BC94727_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70728053AE360686382674B705B98312_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72C01D2F1DE5678EEFD897AD1A9287ED_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71CB488A0D6454C32136A662885EAA59_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71FABC7E374E7F07A88B380CF7BE8B6B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7317E34376B12C4C6674B9790D536BCD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7513B4F8DCBF198BB2BF6CD428CC71BC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76656C80AAEAFE0E6DBE70AFF4A5F50F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75797778734731DF627B22505DE62B60_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71C8A78D632C9892F1DEED74F13BF73C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7881C86D06D52D7D4FDE22FBFDFB4033_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79D2A46E9A4906B5A1FDE2DA6192423A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\787C02DBCDAF080AEB8322C03ED0E673_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\792BE3B386145BF77B184078C664FB1D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CE32DBD8AFA8FF844651BF8E3CC1D21_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6D0C4141BD6C0586E04B16EBAD189E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BEFDAF8D90CCF6BBCDFD4C74EBA9CBF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E560EE816F4678AA9250D9EFC66EB48_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8008C0BC90A109F3738A8E82AA299711_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8066FCB5B50AD5E09BC07469CEE72ED8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80EC192F7B61F5435EB88A5B450B8847_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F55EB63524304AA184DD466CC18C77D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7DE1237803F3E1FD3F9C8514921C262C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\831866EDA2A79605B9A76B7E957E6F97_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81F118B1F92F264B17378F0BDF6BA959_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85CF6C25AF28973CB08B91BA2208CABA_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\847CDE12E4A23B1B7251BAE016B39F73_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8657822C0FFFC5A8A628BA7E253FFAD2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86D968DF922F7684D53773EBB02D2146_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D64C1E8026301F3C131B70D1D27FCD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\877BB7259BAAD22F4E34C1F092FBD3E2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\884388CBE3BA80BB0CE60ACD7E2833A4_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8857229FBB3AD896B652CD0378057006_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89591AB259015B92D42349203CF173FE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89D6065C9F478F878F01D12293F2D20D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81FED3864DE0988142C4A75FB4435C04_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88EBB7CDE17104D6BE0BA74E6617A4DE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B4B8405C6FB3E932EF23AC1BB9DEE4E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88B072B061E2AD8E396565565E39CD25_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D1A0BE8DFD0C3294F00AC01FBCE8CB6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F7DB73EC05DE9D0693505964CA592B9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F042090BC6C516170A7B538DD07A9B1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DF04589549115DC992BF2230F2E14F2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9186613F88A2343F03874073612868AB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92BAEFCE146C143A81F9702394FED214_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9190444EE273D56F572A6467290A7E87_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C7BF51E95FFE1DF83E87455DEE10B5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\929D379D21A04E621921EEEE3445852D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92D6A96D4B528D1FBA96F4A40D7901B9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\917DB4D922476F237CD502B5EC448612_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95236C6F722C2346EDB27206D53238B7_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92F2C7D6F6BB4189C974E7F7EA83C3EC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94BED5FBEBFC45A2F42C9A8DB9EB2D26_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94626E70B041512B4BBEE1835F67ABFC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\954C10D30E77F1DB907E50301741D081_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9936E46846C36E2E6AFAC6D71F29988C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96518874E8FFBCFEE2EDF02ADFBC9C5D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B4B9328523D6DDFABA997CAC6792081_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97FBAA23684C6848D9653F3272676077_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C2A8EAF6AF29FA68C41696CEEDA9617_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EB5C6E6A22FF15AAA518FE190F9E09_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ADEAE8C69C9DC408EEF17019AB66FEC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B97C30D7B8EC8CCD24D5E854298F608_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EB126DC2245599EA03E7EF918E0229E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E17FA1751A2753B4AC05568F36074B8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CC29F8B9F34F4EC28A8079FE85C84ED_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EE0BC84016AFD63086D17ED7635EAC8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C91428CB43FE4B16892BF9EF9110910_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A13F197433BD8587DD7622912C311D65_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2271C9D77CC9D47089532E6508EE970_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A00B84686F1C755DF8B8E6840D446E65_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4264C44192C660F7EC47B07BDD1B08F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A54CB07C9CA051F8B8C75F82324A4BD9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5405558F33499608E1D9851BCD05200_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5889316152028506E801D33A5E7ADBC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A22E54E65ADC107B48673607C2E2AAD9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A68EBBE0D59B887F0101C0C251E01D48_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A653CD20BB53A92862958C1D0CA017DB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7BA1F2C00AFFB5A14A3F4EB6A22D444_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB6D306E2A29DDE3CA3C499CA9DF96DD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA40FE9E748261BFCB667674F3AB5C9B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8C90BC69D1E3249E4B891173BF4B32A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC477D119AD5A542FAECE56AA0204867_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD9E75DDDB51C90B6E5867BF21DDA228_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC6DA7DE96CDA920178BA1D922671AD0_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABC6FCD3505D22D53729CCA19BFF749C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACBA577652955E613422EB2AD7A6AC05_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE142526BAE7FADD2D78C84B20E78A1F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE76AEB0FEBE2FB09CF3E59A4B28C8AC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B099A7BF655819C9601D8971ADBD4F79_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0DB7281E18A5350B1AEAA38A9956639_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1B5906AED62F2FBE8F556012C1DE743_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEBD1E33BE2C3EE57007CEC82C5ABE71_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B003E8E21846C4ACAD14C0F5A6EC09D3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B24502CC9CFD2DCEBCCDD04FC588AE80_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B290090A9B21C534128201900BF2C667_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B285415502E3299E961658F08C8A5B15_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B35F8362870B783CB5A07ABBBB36DB0E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3AB7BA071D925C29DB2778158318F5D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B57328956C9C060B3232AB3ADEDD49F3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5045E530CB26F3F65CC5A9C7ED45FA0_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5237E164A0C0FD3F8C95186B3F1FC8E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B58168A99A3D1F284F1DE7D4E915A472_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B662F1867215C79A099FFC0AAFEA36E6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B66A4674847BE13045FA15140F2BFCBE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7509834C15F2F86D7E088491DE1BEDD_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6D7EFF6F36D1D6BBEDF262A3D2363EF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8418C6BC956D8838FF25C2A90D46C74_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7AAB6DD5EE91DE0A0AB45510CBCC0F3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9422EEFF654D64F88B7F9F3C9084259_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8AFA0ADCB06885F9B9A34976799DC1E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94EE4CD0261C90693CE6A198168442B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA97E5F8B0AEB4CA367CF6DA00C8296A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB2E89A682132D92D1C9A72C1C5FBFC3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8FDEC5E1EB41CB5E1F12F89A997BA51_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAE585F1CBCA33D8A0C9A8B1449A68E5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBED17B6EC0F6E052941B3F638DF014A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAD64EFCB83092BEDDB366D48A3C7759_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBFCC008137C35986D821781A3BEC765_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC654BA66FD1F87F17BBE061EF7F6827_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCD2498FF01989BE40F178FDCBF841BE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCCE4E768259F4776DAD21781E01FA9F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBB70FC4350F53EA4EE8145D028CBBFE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF06FFE6500CCC069C99BDF8E98A9F16_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD12F87F61C7F566F42D024AA8A4A3E7_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC71FB956B0FA20EE51BCFC629E132D7_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFAD86F2DDA024B7424985A9543C46C7_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE675317771D40650D49A2B4CDDD2282_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C07072D166C03AFF177C4587A137B8B0_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C109AE8B70B67FFD35BD88C554738707_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1FFA529FB3CF83E123E7530C33C1DB9_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C34DFD0840D1E943EBB30D26DF2E1030_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C143FA97079FAE896C557129CDC0273F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFFF8B73C2349AB611C21CB21DE35C49_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4526C1D90BCAEF04955B708F55B993C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C401915A9F282C66864B9F74B205D1FE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7426CEACDFE3AF005E182A8939C0AA6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C47A72AABC27831E171ECA0BFBE157B6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C59E48198676826EA3ED13429A9F4872_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C67F3A1A47C6118DF1D9BBD7C35FA794_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8EB5E91D38169C0C4B5DDD98D8134A3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7575784CAC38B83B56ABBFCFC1AB2B2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91D21E948FB8FFDFB65C5BD8A926704_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C97991B2B265127D8BEA3B0FFFF5A93B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA39BCFA47FFB60E039FFBAA5424DCBE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA44C69DB542F6CB24AF4B805685B9BE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC060FA46493C6EDE1DA521A72BD4281_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03DD8AE86157F48C81EEACAE1ADE88E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFD2A8ABD04A8405F65D75539D020362_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF0A0501AC6B81C4E587DD4780D6450E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D056C678F18D9DF08BF5A86085733017_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1765405B3537ADB61862455075CFBDB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4A3E71CA9A0DDA54E3930765C5ED0D8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE60F30C8DEB132B13F6C8ECE85CCBC6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5423F34ED36A5CA18650E0AC2D883E8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D167DBBC2D7BF12C657A5FC423B7AB26_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D67F97869733128665A6EDEB62B6F8AF_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7A83039619EC31B80DAC536F1C584EC_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9BA3C5E3A4317EEDCE3BBDBEA7A277E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7F89F19E6662D663A56A62AEABDD72D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC781CF53C23F929436DE176B127A7B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC6D1DA9AB21BA4C1C06E9DB2F75F8C3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA7FF52CD91E866C37BB7CF106CBDB44_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5E9502729C2CDAADFD1ADE72E5DB783_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEF973E3A11DFB05CE2677DE6613052E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBF6FAB7F29AE7660EF8368020648DC3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0DA4A5EF3E0A28470DA21B80960E8F2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E200B98548B84003D233B0C3726D89B1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E093FA468DC5BBFEDE6F6AA1E66ACCE1_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E038E6938E9D71E2696CE6529ECFBA79_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E11618FFEE3D753BFB058EBF89B32014_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFEB5F5F6B6E51C77C79DFADF0C0B1E5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3240E6BDFAE3130680FA2BC2E4258E8_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E43609A5E5E2C91B075721BBBBE03F8E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E433195133F0D3D15D1F100006D9083A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6A418D86BDBC0CD06C0884ABC459AB5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3156BB0A8E07EEBCB88598AF026D4BE_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E72D6FD2EC83E0CC43F3201D0EB25F9D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E48DEB4D8D32660B0C8BF0C8B810C85A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5411292664D2170D8A9835CAD8BE424_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8572B7C523EAF8A4AF73AEB131D7D1B_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8894CBBEFFFFFA3A2FB2C6CBBA91B46_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8376B25A5B2EEBE29AE9338C06C6F32_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8B95DB4575296BDFA261F1D3C2031C6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E933E3C08BBA913818C9EFD9230313CB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9B49EC15162FDECCACF0DED95353064_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8D8F566228FE9D7A2DF8CDFAB8A480D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E88E336B99A28E932C1925E2FDD893AB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA858826194D1FC978FE2E004947071A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED024663DC972D17A4E2EEB8871A888D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBE32FBFF72D52C8B4EB17796BA6DAAB_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9ED5B2EF93C611F8C7D9C648008AD02_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E941B1180622F4E50882628E4122D2C0_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE302D9112B7D3B829C414F6E4A08D27_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEB078952FFA41156DC15CC8B1941ED5_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F050441ECAA4222F3093CCD22D6BFBE2_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF806530158D86DD7D018463F765110E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEE3014DF6B78B9D0149075B6B9E2FA3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1735532808CDCEB81F98B1685D7165F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFA5BD745E8AF25B05FEF9F3A6768BD6_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F13C3DA16248F37933E6A5477F464716_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2AA80F799137A0B57FB196CE552A54E_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F64233C9737070ACF21BABB26FF8BC33_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8C98575D4136389CA3CC1C982C54F14_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6E4F82697F2C755DDF439372405D6C4_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2748C947482181C15851887FF060576_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB2EE9AD6EE6F475092243AC2F74B97F_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FAF003AD0AA5F5BA2E043B260525E1D3_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FABD09C8A61BA8621195A7483E426678_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7526A5321291728891E74ADB09E5F2A_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCBF4E5D0532B1030521F98B1AE21493_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF7A69C5ECD5AE9A93337F47FE49F95D_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFC6645D2C0F201354AD0998AD61D815_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF1B282CDE0FADF6B53824B8901FD42C_B88DA34D-0407-4649-89A0-54D874F107AF 
C:\Program Files\Weight Watchers\FlexPoints 2.01\dbmat\recipes_new.zip\recipes_new.xml 

--------------------------------------------------------------------------------

Optionen
Scan-Engines: 
Scanoptionen: 
Alle Dateien scannen
Innerhalb von Archiven suchen
Erweiterte Heuristik verwenden

--------------------------------------------------------------------------------

Copyright © 1998-2009 Produktsupport | Virusbeispiel an F-Secure senden
F-Secure übernimmt keine Verantwortung für Material, das von Drittparteien erstellt oder veröffentlicht wurde, die mit den WWW-Seiten von F-Secure verlinkt sind. Falls von Ihnen nicht ausdrücklich anders angegeben, stimmen Sie durch das Übermitteln von Material auf einen unserer Server, zum Beispiel per E-Mail oder über F-Secure CGI E-Mail, zu, dass das von Ihnen zur Verfügung gestellte Material auf den WWW-Seiten von F-Secure oder in gedruckten P
ublikationen von F-Secure veröffentlicht werden darf. Sie gelangen auf die öffentliche Website von F-Secure, indem Sie auf unterstrichene Links klicken. Dabei wird Ihr Zugriff in unserer privaten Zugriffsstatistik mit Ihrem Domänennamen protokolliert. Diese Informationen werden nicht an Dritte weitergeleitet. Sie erklären sich damit einverstanden, in Zusammenhang mit von Ihnen übermitteltem Material keine rechtlichen Schritte gegen uns einzuleiten. Falls von Ihnen nicht ausdrücklich anders angegeben, berechtigen Sie F-Secure durch die Übermittlung von Material, alle darin beschriebenen Konzepte in Produkten oder Publikationen von F-Secure zu veröffentlichen, ohne dass F-Secure dafür verantwortlich zeichnet.
         

Alt 04.01.2012, 14:02   #14
Psychotic
/// Malwareteam
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



Neues OTL-Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Macht der Rechner noch Probleme?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.01.2012, 12:58   #15
AlexCSH
 
Rechner infiziert mit Win32Spy.Zbot Trojaner - Standard

Rechner infiziert mit Win32Spy.Zbot Trojaner



so hier die logs
einmal die otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2012 12:46:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Media\Desktop\Trojaner
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,14% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 34,62 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 333,86 Gb Free Space | 40,04% Space Free | Partition Type: NTFS
Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Media\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Programme\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ea98cad4cea9ac78db91e6c66a6cbf3\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (AVerM115S) -- C:\Windows\System32\drivers\AVerM115S.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AVerAVF2) -- C:\Windows\System32\drivers\AVerAVF2.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 23 96 C3 16 0B CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 20:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.04 08:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.05 20:39:30 | 000,000,000 | ---D | M]
 
[2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions
[2011.08.27 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions
[2011.12.26 14:39:54 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.01.05 11:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\777ll5e3.default\extensions\staged
[2011.12.30 12:18:43 | 000,000,933 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\11-suche.xml
[2011.12.30 12:18:44 | 000,002,419 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\englische-ergebnisse.xml
[2011.12.30 12:18:43 | 000,010,525 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\gmx-suche.xml
[2011.12.30 12:18:44 | 000,002,457 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\lastminute.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\startsear.xml
[2011.12.30 12:18:43 | 000,005,508 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\777ll5e3.default\searchplugins\webde-suche.xml
[2012.01.04 08:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.04 08:30:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\777LL5E3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.10.04 18:42:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.04 08:30:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.30 23:29:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E365FBB-8B8F-44A2-9710-01B6CAAE05F0}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DE1D2C4-5339-42DF-BA1D-5E58F61C0C7C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.04 08:40:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\f-secure
[2012.01.04 08:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.04 08:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.04 08:30:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.04 08:30:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.04 08:30:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.04 08:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.02 19:00:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.01.02 18:02:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.01 11:09:09 | 000,000,000 | R--D | C] -- C:\Users\Media\Desktop\2012-01-01
[2011.12.30 23:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.30 23:28:59 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\temp
[2011.12.30 23:22:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.30 23:22:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.30 23:22:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.30 23:22:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.30 23:22:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.30 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\Trojaner
[2011.12.30 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011.12.30 11:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.30 11:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.30 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\GetRightToGo
[2011.12.30 11:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.30 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.12.30 10:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.30 10:51:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.30 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\vlc
[2011.12.30 09:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.29 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\UseNeXT
[2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2011.12.28 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung
[2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar
[2011.12.28 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.22 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.22 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.22 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.21 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\maxdome - Online Videothek
[2011.12.21 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\BILD
[2011.12.15 07:09:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 07:09:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 07:09:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 07:09:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 07:09:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 20:03:22 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 20:03:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 20:03:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 20:03:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 20:03:06 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 20:03:05 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.06.02 20:34:35 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Media\AppData\Roaming\SetupGFD.exe
[2011.06.02 20:33:20 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Media\AppData\Roaming\AvsP.exe
[2011.06.02 20:33:04 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Media\AppData\Roaming\ffdshow.exe
[2011.06.02 20:33:00 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Media\AppData\Roaming\xvid.exe
[2011.06.02 20:32:00 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Media\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.06 12:48:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 12:48:32 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 12:43:33 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.001
[2012.01.06 12:43:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.06 12:43:15 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 21:16:33 | 000,129,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\nvModes.dat
[2012.01.04 08:30:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.01.04 08:30:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.04 08:30:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.02 20:09:59 | 000,700,716 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.02 20:09:59 | 000,662,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.02 20:09:59 | 000,147,402 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.02 20:09:59 | 000,123,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.01 12:18:54 | 4195,057,663 | R--- | M] () -- C:\Users\Media\Desktop\20111231213721.MTS
[2011.12.30 23:29:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.30 12:29:46 | 000,038,986 | ---- | M] () -- C:\Users\Media\Documents\cc_20111230_122937.reg
[2011.12.30 11:07:06 | 000,001,226 | ---- | M] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk
[2011.12.30 10:51:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 09:15:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 12:43:07 | 000,962,160 | ---- | M] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht
[2011.12.29 12:02:56 | 125,290,681 | ---- | M] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi
[2011.12.22 15:34:18 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.22 09:49:30 | 000,001,813 | ---- | M] () -- C:\Users\Media\Desktop\UseNeXT.lnk
[2011.12.15 07:28:38 | 000,507,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.07 20:53:01 | 000,001,008 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.07 20:53:00 | 000,001,028 | ---- | M] () -- C:\Users\Media\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.01 11:28:54 | 4195,057,663 | R--- | C] () -- C:\Users\Media\Desktop\20111231213721.MTS
[2011.12.31 12:25:15 | 125,290,681 | ---- | C] () -- C:\Users\Media\Desktop\Udo Lindenberg feat. Clueso - Celllo.avi
[2011.12.30 23:22:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.30 23:22:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.30 23:22:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.30 23:22:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.30 23:22:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.30 12:29:40 | 000,038,986 | ---- | C] () -- C:\Users\Media\Documents\cc_20111230_122937.reg
[2011.12.30 11:07:06 | 000,001,226 | ---- | C] () -- C:\Users\Media\Desktop\Spybot - Search & Destroy.lnk
[2011.12.30 10:51:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 09:15:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 12:43:06 | 000,962,160 | ---- | C] () -- C:\Users\Media\Desktop\Twinkle Twinkle Little Star - YouTube.mht
[2011.12.22 15:34:18 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 10:28:06 | 000,003,584 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.06 22:41:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.06 22:38:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.05 22:26:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.05 13:42:41 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.001
[2011.05.05 13:30:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2011.05.05 13:30:59 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2011.05.05 13:30:58 | 000,598,016 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2011.05.05 13:30:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2011.05.05 13:30:58 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2011.05.05 13:30:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2011.05.05 13:30:58 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2011.05.05 13:30:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2011.05.05 13:03:49 | 000,129,769 | ---- | C] () -- C:\Users\Media\AppData\Roaming\nvModes.dat
[2009.07.14 09:47:43 | 000,700,716 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,402 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,507,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,662,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,123,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2003.02.27 09:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---



und die extras.txt

[codeOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.01.2012 12:46:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Media\Desktop\Trojaner
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,14% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 34,62 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 333,86 Gb Free Space | 40,04% Space Free | Partition Type: NTFS
Drive E: | 132,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MEDIACENTER | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}" = Microsoft Office Outlook-Minianwendungen für Windows SideShow
"{41DA03AC-71BF-4725-AD26-FC4070B0F0A9}" = My Movies for Windows Media Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A24C18C8-E26C-488B-8373-A45F5D3C6A35}" = BILD.de für Windows Media Center
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC07DE4F-4E89-4546-916E-ABE00FEE264A}" = ESET Smart Security
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVerMedia A177 PCIe Dual Hybrid DVB-T" = AVerMedia A177 PCIe Dual Hybrid DVB-T 1.3.0.76
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"vmcMoteServer" = vmcMoteServer
"WinAce Archiver" = WinAce Archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2012 14:31:12 | Computer Name = MEDIACENTER | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local. 
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 04.01.2012 16:41:52 | Computer Name = Mediacenter | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15c8    Startzeit:
 01cccb212c579691    Endzeit: 0    Anwendungspfad: C:\Users\Media\Desktop\Trojaner\OTL.exe

Berichts-ID:
 855770e5-3714-11e1-8997-001dba192b71  
 
Error - 05.01.2012 06:37:35 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
 Zeitstempel: 0x45b868bc  Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b725  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008d5d  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cccb9602ade8ef  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL  Berichtskennung: 472a33c9-3789-11e1-8169-001dba192b71
 
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local. 
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
 protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 06:41:22 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local. 
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local. 
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in ._mymoviesremoteserver._tcp.local. Application
 protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 06:51:13 | Computer Name = Mediacenter | Source = Bonjour Service | ID = 100
Description = Bad service type in MEDIACENTER._mymoviesremoteserver._tcp.local. 
Application protocol name must be underscore plus 1-15 characters. See <hxxp://www.dns-sd.org/ServiceTypes.html>
 
Error - 05.01.2012 09:46:33 | Computer Name = Mediacenter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgr.exe, Version: 3.1.0.13250,
 Zeitstempel: 0x45b868bc  Name des fehlerhaften Moduls: AUDIOSES.DLL, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b725  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008d5d  ID des fehlerhaften
 Prozesses: 0x80c  Startzeit der fehlerhaften Anwendung: 0x01cccbb069dcad55  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\AUDIOSES.DLL  Berichtskennung: ad40fb9f-37a3-11e1-83b2-001dba192b71
 
[ Media Center Events ]
Error - 26.12.2011 18:49:12 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:12 - Fehler beim Herstellen der Internetverbindung.  23:49:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.12.2011 18:49:46 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 23:49:41 - Fehler beim Herstellen der Internetverbindung.  23:49:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 05:09:48 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:09:48 - Fehler beim Herstellen der Internetverbindung.  10:09:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 05:10:28 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 10:10:18 - Fehler beim Herstellen der Internetverbindung.  10:10:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 06:11:09 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:09 - Fehler beim Herstellen der Internetverbindung.  11:11:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 06:11:43 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 11:11:38 - Fehler beim Herstellen der Internetverbindung.  11:11:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 07:12:25 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:25 - Fehler beim Herstellen der Internetverbindung.  12:12:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 07:13:00 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 12:12:54 - Fehler beim Herstellen der Internetverbindung.  12:12:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 08:13:41 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:13:41 - Fehler beim Herstellen der Internetverbindung.  13:13:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.12.2011 08:14:15 | Computer Name = Mediacenter | Source = MCUpdate | ID = 0
Description = 13:14:10 - Fehler beim Herstellen der Internetverbindung.  13:14:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 27.06.2011 07:45:19 | Computer Name = Mediacenter | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1713
 seconds with 960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.11.2011 20:08:52 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.11.2011 02:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.11.2011 05:19:34 | Computer Name = Mediacenter | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?11.?2011 um 10:15:29 unerwartet heruntergefahren.
 
Error - 06.11.2011 05:19:53 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.11.2011 14:21:20 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 07.11.2011 14:00:45 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 07.11.2011 18:52:27 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.11.2011 13:41:36 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 09.11.2011 04:12:34 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 10.11.2011 14:54:04 | Computer Name = Mediacenter | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
         
--- --- ---
[/code]

der rechner läuft wieder , trotzdem traue ich der sache noch nicht

Antwort

Themen zu Rechner infiziert mit Win32Spy.Zbot Trojaner
anhang, anhang geöffnet, anwendung, arbeitsspeicher, befallen, bild, e-mail, e-mail anhang, entfernen, eset, explorer, getarnt, hängt, infektion, infiziert, internet, internet explorer, langsam, melde, meldet, rechner, spy.zbot, system, trojane, trojaner, virus, win, ähnliches




Ähnliche Themen: Rechner infiziert mit Win32Spy.Zbot Trojaner


  1. Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert
    Log-Analyse und Auswertung - 19.11.2015 (26)
  2. Telekom Abuse E-Mail Rechner mit Virus/Trojaner infiziert
    Log-Analyse und Auswertung - 10.02.2015 (9)
  3. Mit BKA Trojaner auf Windows XP Rechner infiziert
    Log-Analyse und Auswertung - 21.04.2014 (11)
  4. Brief von Telekom: Sie sind mit ZeuS/ZBot-Trojaner infiziert
    Log-Analyse und Auswertung - 10.10.2013 (3)
  5. Hallo, ich habe mein rechner mit dem GVU Trojaner infiziert.
    Log-Analyse und Auswertung - 09.09.2013 (1)
  6. Infiziert mit TR/bublik.I.9 bzw. TR/PSW.Zbot.57344217
    Log-Analyse und Auswertung - 11.05.2013 (9)
  7. Rechner bereinigen nach Trojaner befall (IPH.Trojan.Zbot.Rke)
    Log-Analyse und Auswertung - 03.04.2013 (20)
  8. Brief von der Telekom, Trojaner, ZeuS/ZBot infiziert..?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (15)
  9. GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (42)
  10. Rechner vom GVU-Trojaner infiziert --- OTL-Logs erstellt
    Log-Analyse und Auswertung - 30.09.2012 (13)
  11. GVU Trojaner mit webcam infiziert rechner
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  12. Rechner mit Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 07.05.2012 (17)
  13. Rechner infiziert mit Win32Spy.Zbot Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (11)
  14. Rechner mit Trojaner infiziert, ua. boot -und Browserprobleme
    Log-Analyse und Auswertung - 11.08.2011 (3)
  15. Warnung von Bank, Rechner mit Trojaner Gozi infiziert
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (1)
  16. Ist mein Rechner infiziert? Wie kriege ich die Trojaner weg?
    Log-Analyse und Auswertung - 06.10.2008 (2)
  17. Trojaner PEED LZ aus Emailanhang!! Rechner infiziert!!
    Log-Analyse und Auswertung - 14.04.2007 (4)

Zum Thema Rechner infiziert mit Win32Spy.Zbot Trojaner - Hallo liebe Gemeinde, mein ESET meldet mir mein Arbeitsspeicher wäre mit dem oben genannten Virus befallen und ESET kann diese Infektion nicht säubern. Habe anscheinend einen E-Mail Anhang geöffnet der - Rechner infiziert mit Win32Spy.Zbot Trojaner...
Archiv
Du betrachtest: Rechner infiziert mit Win32Spy.Zbot Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.