Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows gesperrt - 50 Euro zu zahlen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.01.2012, 17:38   #1
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



Hallo zusammen,

erst einmal vielen Dank für euer Forum. ich weiß gar nicht, was ich sonst machen würde!

Wie bereits oben im Titel angekündigt, habe ich mir einen Trojaner eingefangen, der Windows sperrt und mich auffordert 50 Euro zu zahlen.

Ich werde gleich das Log posten ...
Vielen Dank für eure Hilfe!

Alt 20.01.2012, 18:59   #2
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



hi, pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 20.01.2012, 19:51   #3
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



hier sind die logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.01.2012 20:42:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Laura\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 72,26% Memory free
7,09 Gb Paging File | 6,51 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 66,71 Gb Free Space | 48,03% Space Free | Partition Type: NTFS
 
Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Laura\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Laura\Downloads\Defogger.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Laura\Downloads\Defogger.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\wxvault.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys ()
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 18:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 16:38:19 | 000,000,000 | ---D | M]
 
[2009.07.11 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions
[2012.01.19 20:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions
[2010.05.01 09:39:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.07 17:51:48 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}(126)
[2012.01.09 10:50:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(125)
[2011.02.15 11:51:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.09 15:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.30 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBG1Y0I.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
[2012.01.04 00:55:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010.05.25 09:38:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}] C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe ()
O4 - HKCU..\Run: [{6B4795EC-6539-2F71-F881-BD95F12448DD}] C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe (Orb Networks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23841AE8-6C8D-42A4-954D-00ADC665EE9C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F07D9316-C35E-4B25-A389-5BE7FCF77FC5}: DhcpNameServer = 80.69.100.214 80.69.100.206
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\AutoRun\command - "" = F:\STOBOM/odlazim.exe
O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\explore\command - "" = F:\STOBOM/odlazim.exe
O33 - MountPoints2\{711f162c-fb27-11de-886a-00234ed159ad}\Shell\open\command - "" = F:\STOBOM/odlazim.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe - (Dell Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk - C:\Program Files\phase6\phase6_19\WinStart\p6erinnerung.exe - (phase6)
MsConfig - StartUpFolder: C:^Users^Laura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: ChangeTPMAuth - hkey= - key= - C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
MsConfig - StartUpReg: CLIVFR - hkey= - key= - C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe (CyberLink)
MsConfig - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: DellConnectionManager - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
MsConfig - StartUpReg: DellControlPoint - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dradio-RecorderTimer - hkey= - key= - C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
MsConfig - StartUpReg: EmbassySecurityCheck - hkey= - key= - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg:  Malwarebytes Anti-Malware  (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: SansaDispatch - hkey= - key= -  File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Spyware Doctor - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SysTrayApp - hkey= - key= -  File not found
MsConfig - StartUpReg: USCService - hkey= - key= - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
MsConfig - StartUpReg: WavXMgr - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.20 18:27:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012.01.20 18:23:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Xeenatk
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Tyi
[2012.01.13 16:37:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.11 22:43:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 22:43:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 22:43:41 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 22:43:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 22:43:37 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ]
[7 C:\Users\Laura\Documents\*.tmp files -> C:\Users\Laura\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.20 20:25:10 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2012.01.20 18:27:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Desktop\OTL.exe
[2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable
[2012.01.20 18:26:38 | 000,598,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.20 18:26:38 | 000,104,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.20 18:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.20 18:18:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.20 18:18:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.20 18:18:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.16 13:06:03 | 013,415,134 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_19990211-0900b.mp3
[2012.01.16 13:05:29 | 013,625,340 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20000323-0900b.mp3
[2012.01.16 13:04:55 | 019,824,400 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20030410-0900a.mp3
[2012.01.16 13:04:46 | 020,324,635 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20040212-0900a.mp3
[2012.01.16 13:04:35 | 020,262,743 | ---- | M] () -- C:\Users\Laura\Desktop\iotc_20041007-0900a.mp3
[2012.01.16 13:01:13 | 020,229,648 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20051117-0900a.mp3
[2012.01.16 13:00:53 | 020,300,085 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20070208-0900a.mp3
[2012.01.16 13:00:35 | 020,302,257 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20080320-0900a.mp3
[2012.01.16 13:00:24 | 020,261,990 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20080424-0900a.mp3
[2012.01.16 13:00:10 | 020,260,105 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20081106-0900a.mp3
[2012.01.16 12:59:58 | 020,294,261 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20090115-0900a.mp3
[2012.01.16 12:59:45 | 020,369,207 | ---- | M] () -- C:\Users\Laura\Desktop\iotp_20091029-0900a.mp3
[2012.01.15 19:57:53 | 000,013,073 | ---- | M] () -- C:\Users\Laura\Documents\dandrey_neu.odt
[2012.01.06 19:09:20 | 052,808,192 | ---- | M] () -- C:\Users\Laura\Desktop\111010_2003_Hoerspiel-und-Medienkunst_Elfriede-Jelinek-Neid-1.mp3
[9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ]
[7 C:\Users\Laura\Documents\*.tmp files -> C:\Users\Laura\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.20 18:26:45 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable
[2012.01.16 13:05:56 | 013,415,134 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_19990211-0900b.mp3
[2012.01.16 13:05:23 | 013,625,340 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20000323-0900b.mp3
[2012.01.16 13:04:47 | 019,824,400 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20030410-0900a.mp3
[2012.01.16 13:04:37 | 020,324,635 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20040212-0900a.mp3
[2012.01.16 13:04:27 | 020,262,743 | ---- | C] () -- C:\Users\Laura\Desktop\iotc_20041007-0900a.mp3
[2012.01.16 13:01:04 | 020,229,648 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20051117-0900a.mp3
[2012.01.16 13:00:44 | 020,300,085 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20070208-0900a.mp3
[2012.01.16 13:00:27 | 020,302,257 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20080320-0900a.mp3
[2012.01.16 13:00:15 | 020,261,990 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20080424-0900a.mp3
[2012.01.16 13:00:02 | 020,260,105 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20081106-0900a.mp3
[2012.01.16 12:59:49 | 020,294,261 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20090115-0900a.mp3
[2012.01.16 12:59:36 | 020,369,207 | ---- | C] () -- C:\Users\Laura\Desktop\iotp_20091029-0900a.mp3
[2012.01.15 19:57:52 | 000,013,073 | ---- | C] () -- C:\Users\Laura\Documents\dandrey_neu.odt
[2012.01.13 16:38:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.01.11 22:43:45 | 000,025,088 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
[2012.01.06 19:08:50 | 052,808,192 | ---- | C] () -- C:\Users\Laura\Desktop\111010_2003_Hoerspiel-und-Medienkunst_Elfriede-Jelinek-Neid-1.mp3
[2010.11.05 11:39:21 | 000,001,356 | ---- | C] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2010.05.09 17:04:00 | 000,017,408 | ---- | C] () -- C:\Users\Laura\AppData\Local\WebpageIcons.db
[2010.01.17 15:38:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.01.03 15:13:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.24 16:19:28 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009.12.24 16:19:27 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009.10.25 14:05:55 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.10.25 13:58:51 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2009.09.17 11:50:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 11:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 11:48:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.09.01 04:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.08.23 12:08:07 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2009.07.11 21:15:42 | 000,036,352 | ---- | C] () -- C:\Users\Laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.11 13:39:34 | 000,000,000 | ---- | C] () -- C:\Users\Laura\AppData\Local\WavXMapDrive.bat
[2009.06.29 16:54:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.29 15:38:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.05.07 00:51:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.05.07 00:51:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009.05.07 00:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.07 00:28:40 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.05.07 00:28:39 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.05.07 00:28:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.05.07 00:28:39 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.05.06 16:16:11 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2009.05.06 16:13:35 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2009.05.06 16:05:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2008.11.08 11:56:48 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2008.11.08 11:56:46 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2008.11.08 11:56:46 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2008.11.08 11:56:44 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2008.11.08 11:56:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2008.11.08 11:56:42 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
[2008.11.08 11:56:42 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2008.11.08 11:56:42 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2008.11.08 11:56:40 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
[2008.11.08 11:56:40 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
[2008.11.08 11:56:38 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
[2008.11.08 11:56:38 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
[2008.11.08 11:56:34 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll
[2008.11.08 11:56:32 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll
[2008.11.08 11:56:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll
[2008.11.08 11:56:30 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll
[2008.11.08 11:56:30 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll
[2008.11.08 11:56:30 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll
[2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll
[2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll
[2008.11.08 11:56:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll
[2008.11.08 11:56:10 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2008.11.08 11:56:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2008.09.26 07:33:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2008.09.24 18:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2008.09.24 18:37:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2008.09.24 18:36:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2008.09.24 18:36:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2008.09.24 18:36:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2008.09.24 18:36:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2008.09.24 18:36:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2008.09.24 18:35:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2008.09.24 18:35:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2008.09.24 18:35:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2008.09.24 18:35:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2008.09.24 18:35:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2008.09.24 18:35:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2008.09.24 18:35:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2008.09.24 18:35:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2008.09.24 18:35:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2008.09.24 18:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2008.09.24 18:35:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2008.09.24 18:35:30 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2008.09.24 18:35:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2008.09.19 08:51:24 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2008.08.22 16:28:12 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2008.03.18 13:02:52 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll
[2008.02.03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.04.19 05:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll
[2007.04.19 05:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll
[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,387,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,598,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006.06.30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll
[2004.09.10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004.09.10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.04 11:14:13 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Academic Software Zurich
[2009.12.23 14:59:00 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\BitDefender
[2009.07.11 13:40:01 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Broadcom
[2011.02.15 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.10 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\FreeAudioPack
[2012.01.20 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Gmail Notifier
[2009.07.11 16:43:59 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\OpenOffice.org
[2010.02.21 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Opera
[2011.02.19 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\phonostar GmbH
[2011.02.17 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PlagiarismFinder
[2010.04.02 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\QuickScan
[2010.02.11 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SanDisk
[2010.12.07 11:28:18 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Tobit
[2012.01.20 17:17:16 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Tyi
[2010.12.07 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Uniblue
[2009.07.11 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Wave Systems Corp
[2012.01.20 17:24:43 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Xeenatk
[2012.01.20 18:18:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.04.02 23:04:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.04.15 12:06:29 | 000,000,000 | ---D | M] -- C:\2f8797f6ddf2b357ee394ad39f020833
[2009.10.18 16:22:58 | 000,000,000 | ---D | M] -- C:\Boot
[2012.01.14 12:28:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.19 17:47:30 | 000,000,000 | ---D | M] -- C:\DELL
[2009.07.11 13:37:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.05.07 00:28:38 | 000,000,000 | ---D | M] -- C:\Drivers
[2009.05.06 16:26:20 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.02 22:02:57 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 03:33:10 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.09 18:12:50 | 000,000,000 | ---D | M] -- C:\PPFS_SCAN2
[2011.09.09 22:46:59 | 000,000,000 | ---D | M] -- C:\PPF_Scan1
[2011.12.30 17:58:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.14 13:43:37 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.06 22:25:58 | 000,000,000 | ---D | M] -- C:\rsit
[2010.10.16 14:49:38 | 000,000,000 | ---D | M] -- C:\SynView
[2012.01.20 12:01:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.17 22:04:39 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.20 18:23:14 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_bdffb04d\atapi.sys
[2008.03.06 05:21:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2209DBCD72FD45199BAE483DDBCA5D75 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22130_none_dda155213abfc239\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_fbc3e716\atapi.sys
[2008.03.06 05:24:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=49996882C3272D944D027E03FCD89F6B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20786_none_db8b089b3dbc5507\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_853be412\atapi.sys
[2009.05.07 00:31:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.05.07 00:46:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.05.07 00:46:38 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.05.07 00:46:38 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.05.07 00:46:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.12.04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Drivers\storage\R207268\IaStor.sys
[2008.12.04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\drivers\iaStor.sys
[2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_38fdd39d\iaStor.sys
[2009.01.08 07:19:30 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_627c3848\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable
[2012.01.20 20:42:12 | 003,670,016 | -HS- | M] () -- C:\Users\Laura\ntuser.dat
[2012.01.20 20:42:12 | 000,262,144 | -H-- | M] () -- C:\Users\Laura\ntuser.dat.LOG1
[2009.07.11 13:38:04 | 000,000,000 | -H-- | M] () -- C:\Users\Laura\ntuser.dat.LOG2
[2010.12.09 00:19:25 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TM.blf
[2010.12.09 00:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TMContainer00000000000000000001.regtrans-ms
[2010.12.07 19:09:27 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{3747a53f-0228-11e0-889c-00216a23364a}.TMContainer00000000000000000002.regtrans-ms
[2010.12.07 18:22:51 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.12.07 18:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2009.07.11 15:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2012.01.20 17:23:16 | 000,065,536 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TM.blf
[2012.01.20 17:23:16 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TMContainer00000000000000000001.regtrans-ms
[2010.12.17 14:37:44 | 000,524,288 | -HS- | M] () -- C:\Users\Laura\ntuser.dat{fc40b0b2-0698-11e0-b2a7-00216a23364a}.TMContainer00000000000000000002.regtrans-ms
[2009.07.11 13:38:04 | 000,000,020 | -HS- | M] () -- C:\Users\Laura\ntuser.ini
[2011.01.30 20:15:23 | 000,002,526 | ---- | M] () -- C:\Users\Laura\Rechnung.htm
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


und Teil 2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.01.2012 20:42:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Laura\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 72,26% Memory free
7,09 Gb Paging File | 6,51 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 66,71 Gb Free Space | 48,03% Space Free | Partition Type: NTFS
 
Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BA1906-EA85-4676-8EC8-EE7B7DDD8DA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E38398B-94BB-450E-BC3A-4E2CF6374662}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1D67C097-44C6-4454-B365-B681A0752BD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4352F3EE-B338-47E7-A1F0-E78C07EDB16B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{452B8285-F1D1-42D4-B0DE-C90B66D2A87B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{873EF4EF-6368-4C28-85AC-9BABCE44CB7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8F88865B-BE15-4428-98B0-606DFDA79CEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{940AE4BD-1467-4B8C-972A-87D2438BD2FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC6807E5-8198-411F-A5AF-CF90E672B303}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF0E6371-3CA0-43F5-B06C-7E3DE22B8321}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CF8ACB-36D8-4D11-BC64-6D3A4BBF7DA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{050F23D3-C08A-47A2-92EB-7E54028DAF28}" = protocol=17 | dir=in | app=c:\users\laura\appdata\local\temp\7zs4d87.tmp\symnrt.exe | 
"{053A7A1E-8D2F-4AB0-ACB3-A5145DE343C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13BDFAAC-B30D-4E0C-8B33-F1441C07CBDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{242F00E1-253F-43F5-B543-DC090B65A102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3165A6C9-A9A8-4201-9347-2B791DAB9BDD}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{3FA9252D-8EB1-451A-8C3A-3A7C83DBA0F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4FFAE661-8BD7-4753-B009-A7A36B256752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51B80EDC-00C1-4C61-978D-10817E390EE9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{5441CFAF-9418-4EE1-9BB4-7356C50F3C15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7181C4BB-6D00-40C9-8632-D55C741C2363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{751ED8FD-D0D4-41E7-B7D4-A2DF257829DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AAAA2A2-13D8-4A0C-927F-F24AED8EBB41}" = protocol=17 | dir=in | app=c:\users\laura\appdata\local\temp\7zs49b0.tmp\symnrt.exe | 
"{80A5463D-FA3A-4624-812A-FBF8708C6DB6}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{886C57D5-139D-443B-971D-580BEDB7E74E}" = protocol=6 | dir=out | app=system | 
"{89C4D86E-02FB-4C44-8F6F-2D3B6DDEE375}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8C08A9E6-9E77-4FF5-A112-A08EB5A70E3B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"{8F092AD3-AD9A-4744-9624-EB60B3C0684C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9887D2CD-70A0-4308-A3AB-22E8824C8DED}" = protocol=6 | dir=in | app=c:\users\laura\appdata\local\temp\7zs49b0.tmp\symnrt.exe | 
"{98B69A68-A4C1-4C91-9A8D-7061E8A012F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F7DB67A-6C4B-40BE-8E98-86F3338B597C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F9F1C92-1F60-4F4A-A9E6-F428D6248C21}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{A308D34C-2C80-4129-B3D2-B78A16F1DE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A6B4BC3B-17CC-4EBA-9EC0-CE8A57E2D470}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B70D7283-8F27-4B14-B661-02BFE3E659CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B98E83D7-6708-4073-892B-6860343D2F7D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{DBC5F059-4F07-48A5-98E4-F211C78C3655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD0CF21F-1D55-4FC9-903D-D24BE8D0FFDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E4C4D0F9-FE82-415D-8344-045A13E36F24}" = protocol=6 | dir=in | app=c:\users\laura\appdata\local\temp\7zs4d87.tmp\symnrt.exe | 
"{E8187DA7-C95C-4789-A500-382EBB78A89F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F69A8158-0798-4A19-8A6D-3F5F59C1783F}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"TCP Query User{163B1147-812F-47B8-9648-05BC09530AA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{5045FDC3-04D3-44F3-B5E6-1236283A7800}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7C5F51F8-8930-44F1-AD7D-5729C06F7A4A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{995E5D55-EAA0-4F5E-AD6E-05E7EA36D90B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9C9DEAA4-6648-4330-86A3-E4D501F9B2EF}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{BE997588-30FD-400A-8210-185FBFE392B2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{F3C768F2-85B5-4E44-BFD6-0100310ED9AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{0571C39E-77A4-40B4-A7BC-DD82F5A0F71F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{05C88454-8F47-4E3E-9455-EA941FE3E6F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{683C34EC-4D56-4BE6-BB3E-79DF0EAD8A1F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{BA6AD641-CBF7-403D-942A-E7AE61D45D76}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CC43766D-CA90-407D-8BCF-58302172B454}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{E94C9D1C-18DF-4DA0-870D-152A97D4FEA3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{F13BE792-133F-4C3C-9479-CFD97F82F601}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4502
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager
"{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8361A088-1A86-425B-968E-034555992392}" = NTRU TCG Software Stack
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E25AB4C-71E0-4B43-B44F-108BE18DC531}" = DCP32MMWrapper
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}" = Dell Button Service
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D43C8156-C238-4FE1-9CEA-C39E3B8A3530}" = Wave Infrastructure Installer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FDE4BEC4-2D7E-4799-A9BA-2BD23512CC7B}" = Dell Control Point
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF1FB289-146C-49EB-98C1-FADF4162CE28}" = Dell ControlPoint System Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)  
"Dell Webcam Central" = Dell Webcam Central
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gmail Notifier" = Gmail Notifier
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Tobit ClipInc Server" = WDR RadioRecorder
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2012 13:18:21 | Computer Name = Laura-Laptop | Source = LMS | ID = 2
Description = Failed to unregister for device notifications
 
Error - 20.01.2012 13:18:22 | Computer Name = Laura-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2012 13:22:06 | Computer Name = Laura-Laptop | Source = EventSystem | ID = 4609
Description = 
 
Error - 20.01.2012 13:22:34 | Computer Name = Laura-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2012 13:49:54 | Computer Name = Laura-Laptop | Source = Application Error | ID = 1000
Description = Faulting application z6ujhl4o.exe, version 1.0.15.15641, time stamp
 0x4e21f2b1, faulting module z6ujhl4o.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
 exception code 0xc0000005, fault offset 0x0000c676,  process id 0x1fc, application
 start time 0x01ccd79bc2d2d3b3.
 
Error - 20.01.2012 13:55:20 | Computer Name = Laura-Laptop | Source = Perflib | ID = 1008
Description = 
 
Error - 20.01.2012 13:55:20 | Computer Name = Laura-Laptop | Source = Perflib | ID = 1010
Description = 
 
Error - 20.01.2012 13:55:21 | Computer Name = Laura-Laptop | Source = PerfNet | ID = 2004
Description = 
 
Error - 20.01.2012 15:30:42 | Computer Name = Laura-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 20.01.2012 15:43:09 | Computer Name = Laura-Laptop | Source = System Restore | ID = 8193
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 20.01.2012 11:49:02 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 11:50:56 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 12:22:20 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 12:23:18 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 20.01.2012 12:23:18 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 12:25:21 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 12:54:54 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 13:18:42 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 20.01.2012 13:18:44 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 20.01.2012 13:18:44 | Computer Name = Laura-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
[ OSession Events ]
Error - 20.01.2011 06:24:56 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3767
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.04.2011 13:48:36 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2011 07:41:16 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 356
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2011 05:44:28 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2011 05:55:57 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06.09.2011 08:03:49 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58038
 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error - 03.11.2011 14:17:16 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2011 10:22:45 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2011 22:44:17 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11281
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 10.12.2011 08:03:46 | Computer Name = Laura-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6979
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.01.2012 12:54:32 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2012 13:17:57 | Computer Name = Laura-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:15:33 on 20.01.2012 was unexpected.
 
Error - 20.01.2012 13:18:23 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2012 13:18:43 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.01.2012 13:21:57 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2012 13:22:06 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2012 13:22:11 | Computer Name = Laura-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2012 13:22:36 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.01.2012 13:22:36 | Computer Name = Laura-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.01.2012 13:24:42 | Computer Name = Laura-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
 
< End of report >
         
--- --- ---
__________________

Alt 20.01.2012, 20:06   #4
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O4 - HKCU..\Run: [{6B4795EC-6539-2F71-F881-BD95F12448DD}] C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe (Orb Networks)
O4 - HKCU..\Run: [{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}] C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe ()
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Xeenatk
[2012.01.20 17:17:16 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Tyi
 :Files
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
C:\Users\Laura\AppData\Roaming\Tyi
C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2012, 20:23   #5
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



Also erst einmal vielen Dank schon mal für deine Mühe!! Du rettest mir hier gerade meinen Tag!

All processes killed
========== OTL ==========
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{6B4795EC-6539-2F71-F881-BD95F12448DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B4795EC-6539-2F71-F881-BD95F12448DD}\ not found.
C:\Users\Laura\AppData\Roaming\Tyi\pyexsy.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{25FFACB1-3A56-11DE-BEE6-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25FFACB1-3A56-11DE-BEE6-806E6F6E6963}\ not found.
C:\Users\Laura\AppData\Roaming\Microsoft\svhcost.exe moved successfully.
C:\Users\Laura\AppData\Roaming\Xeenatk folder moved successfully.
C:\Users\Laura\AppData\Roaming\Tyi folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Laura
->Flash cache emptied: 38389 bytes

User: ***
->Flash cache emptied: 1353 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1480734 bytes
->Java cache emptied: 26823043 bytes
->FireFox cache emptied: 58686747 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***
->Temp folder emptied: 32671 bytes
->Temporary Internet Files folder emptied: 7440206 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 438 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8210387 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 176962450 bytes

Total Files Cleaned = 267,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01202012_211357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Alt 20.01.2012, 20:26   #6
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



bitte mache den upload.
wegen tag rettung, sei da mal noch nicht so vor eilig, hab da was gesehen was mir nicht so gefällt, muss da aber noch nen blick drauf werfen befor ich endgültig was sagen kann.
__________________
--> Windows gesperrt - 50 Euro zu zahlen

Alt 20.01.2012, 20:29   #7
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



den upload habe ich getätigt - müsste der eigentlich hier erscheinen?

Alt 20.01.2012, 20:57   #8
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



nein, in einem extra bereich, in den dateien sind trojaner enthalten, da soll ja niemand drauf zugreifen.
angekommen ist er.
nutzt du das system für onlinebanking einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2012, 20:59   #9
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



ja, ich nutze den pc für einkäufe bei amazon... aber kein online banking

Alt 20.01.2012, 21:00   #10
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



ok, du hast nen trojaner der sensible daten stiehlt.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2012, 21:04   #11
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



oh nein! muss ich das jetzt sofort machen, wenn ich erst einmal keine einkäufe etc tätige?
ich hab nämlich auch gerade keine zweite festplatte zur verfügung und ich hab auch gerade nicht die cd, um das system zu installieren (brauche ich die?) zu verfügung?

Alt 20.01.2012, 21:07   #12
laura255
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



mein pc ist dein dell latitude e 43000 (ein fertig typ?)

Alt 20.01.2012, 21:09   #13
markusg
/// Malware-holic
 
Windows gesperrt - 50 Euro zu zahlen - Standard

Windows gesperrt - 50 Euro zu zahlen



naja, ich würde es auf jeden fall zeitnahe machen, muss nicht in den nächsten 5 minuten passieren.
hast du noch das handbuch, ich glaub das teil hat ne haus eigene recovery funktion. aber ich bin gleich raus, meld dich wenn du ne festplatte hast zum daten sichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows gesperrt - 50 Euro zu zahlen
50 euro, angekündigt, bereits, eingefangen, euro, gefangen, gen, gesperrt, hallo zusammen, hilfe!, log, poste, posten, sperrt, titel, troja, trojaner, windows, windows gesperrt, würde, zahlen, zusammen



Ähnliche Themen: Windows gesperrt - 50 Euro zu zahlen


  1. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  2. Windows gesperrt-Aufforderung 50 Euro zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (2)
  3. windows XP gesperrt ich soll 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (7)
  4. windows XP gesperrt ich soll 50 euro zahlen
    Alles rund um Windows - 29.03.2012 (2)
  5. Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  6. Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen!
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (21)
  7. Virus! windows 7 gesperrt, 50 Euro zahlen
    Log-Analyse und Auswertung - 15.02.2012 (15)
  8. Windows Gesperrt 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (10)
  9. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  10. windows gesperrt....50 euro zahlen
    Log-Analyse und Auswertung - 24.01.2012 (1)
  11. Windows durch das besuchen spezieller Seiten gesperrt - 50 Euro zahlen
    Log-Analyse und Auswertung - 24.01.2012 (11)
  12. Windows durch das besuchen spezieller Seiten gesperrt - 50 Euro zahlen
    Log-Analyse und Auswertung - 20.01.2012 (9)
  13. Windowssystem gesperrt - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (23)
  14. windows gesperrt....50 euro zahlen
    Log-Analyse und Auswertung - 28.12.2011 (3)
  15. windows gesperrt....50 euro zahlen
    Log-Analyse und Auswertung - 21.12.2011 (11)
  16. Windows gesperrt 50 euro zahlen brauche dringend hilfe
    Log-Analyse und Auswertung - 21.12.2011 (4)
  17. Windows wurde gesperrt, bitte 50 Euro zahlen, Thema wurde schon häufig angesprochen
    Log-Analyse und Auswertung - 20.12.2011 (10)

Zum Thema Windows gesperrt - 50 Euro zu zahlen - Hallo zusammen, erst einmal vielen Dank für euer Forum. ich weiß gar nicht, was ich sonst machen würde! Wie bereits oben im Titel angekündigt, habe ich mir einen Trojaner eingefangen, - Windows gesperrt - 50 Euro zu zahlen...
Archiv
Du betrachtest: Windows gesperrt - 50 Euro zu zahlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.