Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Security Center !Achtung! Ihr Computer wurde gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.02.2012, 20:41   #1
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



Gestern erschien auf meinem Notebook eben dieses Fenster mit der Aufschrift: "Security Center !Achtung! Ihr Computer wurde gesperrt!" ergänzt durch die Forderung von 100 EUR, da Microsoft auf dem Computer nicht lizensierte Software entdeckt habe. Dies ist definitiv nicht der Fall.

Ich bin ratlos, da das meine Kompetenz bei weitem übersteigt.
Momentan kann ich den Rechner nur noch im gesicherten Modus starten.
Ich wäre sehr dankbar, wenn mir jemand helfen könnte, da ich den PC leider zum Arbeiten brauche.

Viele Grüße und Danke im Voraus
Benf

Alt 01.02.2012, 20:47   #2
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



hi, genau, starte im abgesicherten modus mit netzwerk.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.02.2012, 23:30   #3
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.02.2012 21:06:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Helmut\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,02% Memory free
4,25 Gb Paging File | 4,00 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 15,20 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 15,87 Gb Free Space | 32,34% Space Free | Partition Type: NTFS
 
Computer Name: BENI | User Name: Helmut | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.01 21:00:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.24 00:57:42 | 003,580,928 | ---- | M] () -- C:\Program Files\VistaCodecPack\filters\ffdshow.ax
MOD - [2009.08.11 20:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\System32\ac3filter.acm
MOD - [2009.06.02 17:10:58 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
SRV - [2011.06.28 13:23:49 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.28 13:23:49 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.28 13:23:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 09:12:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 08:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Stopped] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010.09.06 08:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.08.26 19:38:25 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 13:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.01.22 00:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.01 13:13:38 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.11.06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.04.21 23:11:56 | 000,527,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.04.20 23:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.04.17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007.09.12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 17:47:48 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.03.26 19:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 13:23:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 13:23:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.06 08:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 08:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.07.20 11:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.07.20 11:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.07.20 11:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009.11.16 03:13:14 | 000,216,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.11.09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008.10.28 16:07:12 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.10.28 16:07:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.09.08 09:25:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.09.08 09:25:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.09.08 09:25:18 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.09.08 09:24:47 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.05.18 17:40:17 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2008.04.17 08:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.01 11:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007.12.10 13:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007.12.10 13:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007.05.24 15:01:57 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 01:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.26 19:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.03.26 19:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.03.26 19:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.03.22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.24 07:27:38 | 000,019,944 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SIVX32.sys -- (SIVDRIVER)
DRV - [2007.02.05 11:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:57 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.myspass.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "TranslatorBar 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2392836&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {00bf7b9c-acd2-4080-bea8-b1c41987070f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Helmut\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.09 13:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.19 13:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.19 13:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 14:29:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 07:55:21 | 000,000,000 | ---D | M]
 
[2010.07.26 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions
[2010.07.26 17:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.19 15:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.13 09:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions
[2012.01.13 09:54:38 | 000,000,000 | ---D | M] (TranslatorBar 1 Community Toolbar) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010.05.03 19:08:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(200)
[2010.05.03 19:08:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(201)
[2010.07.08 22:46:05 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\by33jvx7.default\extensions\searchrecs@veoh.com
[2010.04.21 11:08:16 | 000,000,933 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\by33jvx7.default\searchplugins\conduit.xml
[2011.12.18 20:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.05.08 20:36:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BY33JVX7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.08 14:29:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.08 14:29:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 14:29:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 14:29:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 14:29:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.08 14:29:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 14:29:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [vasja] C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe (Quick Heal Technologies (P) Ltd.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PH1ZWp1JWE = C:\ProgramData\upgvkjit\cbqdgfwt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E6D2DA-3FE7-4292-A7C1-1D3FE5E806F5}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA776327-0BF5-406F-8850-05CCA96DA247}: DhcpNameServer = 192.168.250.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: admsetgen - {254E6018-0286-1655-1886-02237EC41171} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ad267a0-079b-11dd-8f1f-001bfcf2bd86}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{2ad267b6-079b-11dd-8f1f-001bfcf2bd86}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{d91932ba-14d6-11df-b1dc-001bfcf2bd86}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rtD.exE
O33 - MountPoints2\{f9849a20-82f2-11dd-8097-001bfcf2bd86}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 08:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.01 21:00:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.02.01 01:08:50 | 002,247,216 | ---- | C] (SPAMfighter ApS) -- C:\Users\Helmut\Desktop\spywarefighter.exe
[2012.02.01 00:46:48 | 000,000,000 | R--D | C] -- C:\Users\Helmut\Favorites
[2012.01.31 20:22:53 | 000,000,000 | R--D | C] -- C:\Users\Helmut\Documents
[2012.01.31 20:18:35 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\heavens gate
[2012.01.31 20:18:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\Event project
[2012.01.31 20:18:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop
[2012.01.25 07:54:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2007.01.24 11:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.01 21:00:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.02.01 18:24:39 | 000,650,512 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.01 18:24:39 | 000,606,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.01 18:24:39 | 000,133,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.01 18:24:39 | 000,110,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.01 18:21:40 | 000,001,356 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2012.02.01 18:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.01 18:15:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.01 18:15:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 18:15:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 18:15:24 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.02.01 01:30:25 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.02.01 01:22:03 | 000,050,477 | ---- | M] () -- C:\Users\Helmut\Desktop\Defogger.exe
[2012.02.01 01:08:52 | 002,247,216 | ---- | M] (SPAMfighter ApS) -- C:\Users\Helmut\Desktop\spywarefighter.exe
[2012.02.01 00:33:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.31 23:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.31 21:38:17 | 000,200,971 | ---- | M] () -- C:\Users\Helmut\Desktop\Donzdorf1,32km.jpg
[2012.01.31 21:35:11 | 000,178,764 | ---- | M] () -- C:\Users\Helmut\Desktop\Donzdorf2,83km.jpg
[2012.01.31 20:23:29 | 000,000,549 | ---- | M] () -- C:\Users\Helmut\Desktop\Uni - Verknüpfung.lnk
[2012.01.31 20:17:27 | 000,131,072 | ---- | M] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 07:55:22 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.01 18:15:26 | 000,003,839 | ---- | C] () -- C:\Windows\System32\drivers\GETPADD.sys
[2012.02.01 01:22:02 | 000,050,477 | ---- | C] () -- C:\Users\Helmut\Desktop\Defogger.exe
[2012.01.31 21:38:17 | 000,200,971 | ---- | C] () -- C:\Users\Helmut\Desktop\Donzdorf1,32km.jpg
[2012.01.31 21:35:11 | 000,178,764 | ---- | C] () -- C:\Users\Helmut\Desktop\Donzdorf2,83km.jpg
[2012.01.31 20:19:14 | 000,221,409 | ---- | C] () -- C:\Users\Helmut\Desktop\tarifplanneuinnenmitlegende.pdf
[2012.01.31 20:19:14 | 000,000,104 | ---- | C] () -- C:\Users\Helmut\Desktop\Papierkorb - Verknüpfung.lnk
[2012.01.31 20:19:13 | 000,306,834 | ---- | C] () -- C:\Users\Helmut\Desktop\tarifplanneuaussenmitlegendejan2011.pdf
[2012.01.31 20:19:08 | 000,202,775 | ---- | C] () -- C:\Users\Helmut\Desktop\schnellbahn-netzplan2011.pdf
[2012.01.31 20:18:44 | 000,000,549 | ---- | C] () -- C:\Users\Helmut\Desktop\Uni - Verknüpfung.lnk
[2012.01.25 07:55:22 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.25 07:55:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.05.23 09:38:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.05.23 09:38:25 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.07 13:59:06 | 000,001,356 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2010.09.06 08:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.09.06 08:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.09.06 08:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.09.06 08:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.07.11 18:49:04 | 000,032,768 | ---- | C] () -- C:\Windows\URCACM.EXE
[2010.02.25 22:04:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.01.24 13:50:21 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.01.01 14:28:27 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.01.01 14:28:27 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.01.01 03:01:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.12.31 21:08:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.31 21:07:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.16 20:54:25 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.02.16 20:54:25 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.28 16:07:12 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.28 16:07:11 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\winlogonpc.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\userconfig9x.dll
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\taack.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\taack.dat
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\psoft1.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\ps1.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\netode.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mwin32.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mtr2.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\msgp.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\iTunesMusic.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hxiwlgpm.exe
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hxiwlgpm.dat
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\System32\hoproxy.dll
[2008.10.22 06:54:50 | 000,004,096 | ---- | C] () -- C:\Windows\FVProtect.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\WINWGPX.EXE
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\winsystem.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\temp#01.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysreq.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\ssvchost.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\Rundl1.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\regm64.dll
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\newsd32.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\mssecu.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\mssecu.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\h@tkeysh@@k.dll
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\dpcproxy.exe
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\bdn.com
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\bdn.com
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\awtoolb.dll
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\anticipator.dll
[2008.10.22 06:54:49 | 000,004,096 | ---- | C] () -- C:\Windows\System32\akttzn.exe
[2008.08.10 10:45:28 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.07.15 16:08:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.26 08:22:58 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008.05.18 18:43:18 | 000,028,915 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\UserTile.png
[2008.05.18 18:13:29 | 009,730,075 | ---- | C] () -- C:\Program Files\vlc-0.8.6f-win32.exe
[2008.05.18 17:40:08 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.05.18 17:40:08 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.05.18 17:40:08 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.05.18 17:40:08 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.05.18 17:17:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.05.18 17:02:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.21 10:05:41 | 000,131,072 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.04.08 16:53:09 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABF3Ke.DAT
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.08.02 19:09:55 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2007.08.02 19:09:51 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.08.02 19:09:43 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2007.08.02 19:04:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2007.08.02 18:45:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.05.24 14:52:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.24 14:28:45 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.04.18 10:14:04 | 000,650,512 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.04.18 10:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.04.18 10:14:04 | 000,133,572 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.04.18 10:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.04.18 09:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.02.20 09:39:09 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,606,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,110,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.08.06 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\4Media
[2009.03.02 08:22:26 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Anthropics
[2010.02.08 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Audacity
[2008.07.04 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\CD-LabelPrint
[2011.06.06 16:50:05 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Diercke Globus Online
[2012.01.08 09:02:35 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Dropbox
[2010.01.24 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Leadertech
[2011.01.19 13:23:12 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Local
[2011.05.23 09:32:19 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Samsung
[2009.08.02 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TeamViewer
[2010.07.26 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Thunderbird
[2010.06.19 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TomTom
[2008.08.10 11:08:59 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TuneUp Software
[2009.12.31 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\VistaCodecs
[2012.02.01 18:15:24 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.02.01 01:14:39 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Code: >
 
< --------- >
 
< %SYSTEMDRIVE%\*. >
[2008.07.03 13:57:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.11.04 19:55:15 | 000,000,000 | ---D | M] -- C:\a350f16921ea856758a2b839
[2009.02.16 20:51:57 | 000,000,000 | ---D | M] -- C:\BlueByte
[2011.06.04 16:54:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.26 09:28:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.01.04 15:37:48 | 000,000,000 | ---D | M] -- C:\demobodenkarte
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.08.02 17:30:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.11.04 10:35:30 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.07 22:22:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.06 14:03:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.31 13:07:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.07 08:42:25 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.01 00:46:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2008.05.18 18:13:10 | 009,730,075 | ---- | M] () -- C:\Program Files\vlc-0.8.6f-win32.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.05.12 20:42:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.05.12 20:42:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.05.12 20:42:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.05.13 19:31:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.05.13 19:31:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.02 18:00:59 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.08.02 18:00:59 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.01 21:06:25 | 003,407,872 | ---- | M] () -- C:\Users\Helmut\ntuser.dat
[2012.02.01 21:06:25 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat.LOG1
[2008.04.07 08:42:26 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat.LOG2
[2008.08.10 11:39:51 | 001,572,864 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT_BAK_12923
[2008.10.26 11:09:35 | 001,835,008 | ---- | M] () -- C:\Users\Helmut\ntuser.dat_BAK_75874
[2008.08.10 11:39:27 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\NTUSER.DAT_TU_12923.LOG1
[2008.08.10 11:39:27 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\NTUSER.DAT_TU_12923.LOG2
[2008.10.26 11:09:21 | 000,262,144 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat_TU_75874.LOG1
[2008.10.26 11:09:21 | 000,000,000 | -H-- | M] () -- C:\Users\Helmut\ntuser.dat_TU_75874.LOG2
[2008.12.07 23:22:40 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TM.blf
[2008.12.07 23:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2008.12.07 23:22:40 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{172456a5-c449-11dd-acfe-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2009.03.10 22:25:30 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TM.blf
[2009.03.10 22:25:30 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2009.03.10 22:25:30 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{25934d6c-0d67-11de-94f4-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2008.04.07 09:07:45 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.04.07 09:07:45 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.04.07 09:07:45 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.08.10 14:20:48 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TM.blf
[2008.08.10 14:20:48 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2008.08.10 14:20:48 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\NTUSER.DAT{42797d05-66c3-11dd-a3c4-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2008.12.15 19:53:53 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TM.blf
[2008.12.15 19:53:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2008.12.15 19:53:53 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{8a6768f3-caa7-11dd-aca7-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2011.06.04 16:55:00 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TM.blf
[2011.06.04 16:55:00 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2010.02.02 16:43:56 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{b96e9fca-0fe8-11df-8227-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2012.02.01 11:44:13 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TM.blf
[2012.02.01 11:44:13 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2011.06.04 16:57:41 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cb57af29-8eb0-11e0-8798-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2010.02.02 12:00:11 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TM.blf
[2010.02.02 12:00:11 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2009.09.20 15:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{cdc28418-a5e4-11de-8c52-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2008.10.26 11:21:08 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TM.blf
[2008.10.26 11:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2008.10.26 11:21:08 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{e892c79f-a343-11dd-aa98-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2008.11.04 11:06:02 | 000,065,536 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TM.blf
[2008.11.04 11:06:02 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TMContainer00000000000000000001.regtrans-ms
[2008.11.04 11:06:02 | 000,524,288 | -HS- | M] () -- C:\Users\Helmut\ntuser.dat{ee37b6c0-aa56-11dd-8f63-001bfcf2bd86}.TMContainer00000000000000000002.regtrans-ms
[2008.04.07 08:42:27 | 000,000,020 | -HS- | M] () -- C:\Users\Helmut\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---
__________________

Alt 01.02.2012, 23:39   #4
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.02.2012 21:06:19 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Helmut\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,02% Memory free
4,25 Gb Paging File | 4,00 Gb Available in Paging File | 94,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 15,20 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 15,87 Gb Free Space | 32,34% Space Free | Partition Type: NTFS
 
Computer Name: BENI | User Name: Helmut | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103E8A86-E0E7-4E48-9897-65908B7B19B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{28466698-D852-457B-B9C2-4FFDE70927EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E0586CC-DEB3-4E2D-9571-6E74A2A6EF64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45E0E8BA-B89E-482A-9046-BCB12200BFAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59E92CCE-A3B1-476D-A409-DD0DFA4751B3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A5846CCF-4F89-41F1-A981-AAB8CBC6106F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB8D64F8-0145-47EF-A820-BBC8BE6F87FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CC269F52-B440-434A-9191-AB641FAC7B53}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ED80D5CD-ED01-4490-AD94-F039F6DBEFCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD731354-3EE3-4650-AE15-DEB0407CAF52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0858CC05-0443-4548-93AE-5445B9AD5F52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AF6E8C0-1E90-4D47-8F4B-B0ED9CB37A37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BC8A9BC-7722-4A24-83E9-D3A29B4F7A22}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{154AB5BE-3B9A-49EF-96F8-B5746EE65D89}" = protocol=6 | dir=in | app=c:\users\helmut\appdata\roaming\dropbox\bin\dropbox.exe | 
"{17EB68B9-A54C-4674-9335-388C6F2D5682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1B90BDDE-CD99-467D-994F-18405B2C6AF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{35A3F261-710C-463C-B8FF-48131E4F7A96}" = protocol=6 | dir=out | app=system | 
"{47D3C134-9197-4D9C-82B3-BE481C4DCB2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{63EA5219-11F0-4A03-B4DC-00AACC575FB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E3E75A4-3C7A-4EDA-B8FF-ADAFC3B5749A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7A531804-1753-4763-9003-A93AC06B4215}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F52536B-C707-49C5-A4DE-E198F02FB6FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90540528-53DB-407A-BDD1-C53075E6FB81}" = protocol=17 | dir=in | app=c:\users\helmut\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B826458C-1050-49D8-B71F-571695E03AF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BDC3674B-81E3-41E8-9D76-C4DC0326D729}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C271CEC6-EECC-4AC5-94C0-DCA0C42E7AA1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C8A00FBB-285C-4DB8-A749-5604727D7F25}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C8CFEDBB-22AF-40BF-9A35-08CBD1A8A5AF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CAAF9802-4ACA-4C67-A7F6-6597EE04A9FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D26D7CF3-6C04-4DB1-AF3B-66808A0BD759}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D5EF151D-19BE-4E3F-B975-4753B80809A8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{D6B20AC4-902F-4AE9-BED7-BBE223BCA85A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D952686F-7774-4BB0-B899-8746BF01E8A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC5917E1-112D-4AB5-A930-23AAED47783E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC9E788A-50B0-487C-809E-28308238464B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{024BC378-EE4B-4BAA-B6D6-A33F8ACDF215}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{0E1C4C3A-3AF4-4150-B474-633727A93365}E:\programs\ftptest\ftp-test.exe" = protocol=6 | dir=in | app=e:\programs\ftptest\ftp-test.exe | 
"TCP Query User{53950042-5703-430E-98E7-FC4E570592E4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9D75D519-883D-4079-996F-54466ABB1238}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{C5F2BAAF-B363-4642-BD2D-A3CF843358E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F498715C-4D6A-4D26-A2DF-A400B8D56A48}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{0D0CCFF4-C8D4-47C6-B76A-2732D0B44D0D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{6E07F3A7-4946-4E64-BCB1-76C0E1D4CD0E}E:\programs\ftptest\ftp-test.exe" = protocol=17 | dir=in | app=e:\programs\ftptest\ftp-test.exe | 
"UDP Query User{867F2D69-8998-46FB-B2D7-DBE1BF676C96}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{9A897125-2AD7-4F45-857C-D6CD65FB054E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{9CB6EC9A-F151-4F21-972C-0CAF75A90CDE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E811C563-A948-48C6-8AA7-D10DC6BD937A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3016F4D6-A41E-42EE-A70F-CD69F38D47C8}" = HOT ALBUM MYBOX
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"netrcacm Uninstall" = RCA Digital Cable Modem
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Doctor" = Spyware Doctor 7.0
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2010 13:33:14 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.01.2010 20:46:09 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.01.2010 10:13:33 | Computer Name = Beni | Source = MsiInstaller | ID = 11303
Description = 
 
Error - 09.01.2010 19:52:51 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.01.2010 07:09:55 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
Error - 11.01.2010 06:57:39 | Computer Name = Beni | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.01.2010 07:04:51 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
Error - 11.01.2010 11:48:17 | Computer Name = Beni | Source = Google Update | ID = 20
Description = 
 
Error - 11.01.2010 11:56:38 | Computer Name = Beni | Source = Google Update | ID = 20
Description = 
 
Error - 13.01.2010 19:19:13 | Computer Name = Beni | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.02.2012 05:53:12 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.02.2012 13:17:18 | Computer Name = Beni | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.02.2012 um 18:15:20 unerwartet heruntergefahren.
 
Error - 01.02.2012 13:17:32 | Computer Name = Beni | Source = DCOM | ID = 10005
Description = 
 
Error - 01.02.2012 13:17:43 | Computer Name = Beni | Source = DCOM | ID = 10005
Description = 
 
Error - 01.02.2012 13:18:35 | Computer Name = Beni | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.02.2012 13:18:35 | Computer Name = Beni | Source = Service Control Manager | ID = 7026
Description = 
 
[ TuneUp Events ]
Error - 06.05.2010 10:14:13 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.05.2010 03:06:38 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.05.2010 05:26:14 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.05.2010 09:24:26 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.05.2010 13:00:47 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.05.2010 12:32:14 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.05.2010 12:45:20 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.05.2010 12:56:28 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.05.2010 13:16:59 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.05.2010 13:54:25 | Computer Name = Beni | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

Alt 02.02.2012, 11:35   #5
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [vasja] C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe (Quick Heal Technologies (P) Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PH1ZWp1JWE = C:\ProgramData\upgvkjit\cbqdgfwt.exe
 :Files
C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe
C:\ProgramData\upgvkjit
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.02.2012, 12:19   #6
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\PH1ZWp1JWE deleted successfully.
========== FILES ==========
File\Folder C:\Users\Helmut\AppData\Local\Temp\0.45034989735390696.exe not found.
C:\ProgramData\upgvkjit folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41 bytes

User: Default User

User: Helmut
->Flash cache emptied: 7231 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Helmut
->Temp folder emptied: 1120985 bytes
->Temporary Internet Files folder emptied: 402333330 bytes
->Java cache emptied: 9953353 bytes
->FireFox cache emptied: 28352572 bytes
->Google Chrome cache emptied: 6090534 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6782740 bytes
RecycleBin emptied: 1408924831 bytes

Total Files Cleaned = 1.777,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02022012_115842

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 02.02.2012, 12:23   #7
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



ok markusg.. Sollte alles geklappt haben

Alt 02.02.2012, 12:45   #8
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



hatt es, sehr gut.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.02.2012, 15:08   #9
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



Hallo markusg. Combofix ist nun endlich fertig, allerdings finde ich keine Textdatei namens Combofix.txt. Wo könnte die sonst noch sein?

Alt 02.02.2012, 16:00   #10
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



ist es bis zum ende durchgelaufen?
sie müsste auf c:
liegen.
wenn nicht mal erneut ausführen, im abgesicherten modus mit netzwerk diesmal
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.02.2012, 18:41   #11
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



Der Comboficordner ist jetzt auf C vorhanden, allerdings enthält er nur folgende Dateien:
PEV (Anwendung) und
snapshot.00.dat

allerdings hatte ich nach dem Combofix-Scan (ist das überhaupt ein Scan??) auf dem Desktop eine offene Textdatei namens Log. Hab sie mal präventiv auf dem Desktop gespeichert und poste dir hier den Inhalt:



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-02.01 - Helmut 02.02.2012  17:43:18.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1508 [GMT 1:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mssecu.exe
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\bdn.com
c:\windows\system32\dpcproxy.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\msgp.exe
c:\windows\system32\mssecu.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\ps1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\userconfig9x.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-02 bis 2012-02-02  ))))))))))))))))))))))))))))))
.
.
2071-07-25 07:13 . 2006-11-21 18:48	203576	------w-	c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-02-02 16:52 . 2012-02-02 16:52	--------	d-----w-	c:\users\Helmut\AppData\Local\temp
2012-02-02 16:52 . 2012-02-02 16:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-02 10:58 . 2012-02-02 10:58	--------	d-----w-	C:\_OTL
2012-01-26 08:40 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-26 08:40 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-26 08:40 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-26 08:40 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-26 08:40 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-26 08:40 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-11 15:40 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 15:40 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 15:40 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 15:40 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 15:40 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 15:40 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 15:40 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 15:40 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-08 13:29 . 2012-01-08 13:29	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 13:29 . 2012-01-08 13:29	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 13:29 . 2012-01-08 13:29	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 13:29 . 2012-01-08 13:29	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 13:01 . 2007-08-02 18:04	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-11-23 13:37 . 2011-12-14 10:22	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-22 12:22 . 2011-05-17 05:47	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 10:21	2048	----a-w-	c:\windows\system32\tzres.dll
2008-05-18 17:13 . 2008-05-18 17:13	9730075	----a-w-	c:\program files\vlc-0.8.6f-win32.exe
2012-01-08 13:29 . 2011-12-18 19:42	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-21 2622296]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-21 911168]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-20 136472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-6-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"MBBalloon"=c:\program files\HOTALBUMMyBOX\MBBalloon.exe
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-02 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2012-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-08 16:39]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:03]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myspass.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\by33jvx7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2392836&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-02 17:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'Explorer.exe'(200)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Helmut\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-02-02  17:56:11
ComboFix-quarantined-files.txt  2012-02-02 16:56
ComboFix2.txt  2012-02-02 13:13
.
Vor Suchlauf: 13 Verzeichnis(se), 15.472.472.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 15.440.113.664 Bytes frei
.
- - End Of File - - 231EAAB5A022ABCA5F18A4A80396B004
         
--- --- ---







Viele Grüße

Alt 02.02.2012, 19:30   #12
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



jo ist es.
danke für das log.
öffne mal computer, c: qoobox, den ordner quarantain packen, und ebenfalls im upload channel hochladen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.02.2012, 19:49   #13
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



Ich konnte den Ordner zwar komprimieren, aber leider nicht hochladen... Der Uploadchannel scheint nur Dateien und keine Ordner zu akzeptieren (oder bin ich beschränkt?) Oder soll ich den nicht komprimierten Ordner versuchen hochzuladen??
Kann ich dir den Inhalt irgendwie anderweitig zukommen lassen??

Viele Grüße

Alt 02.02.2012, 20:31   #14
markusg
/// Malware-holic
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



vllt einfach nur zu groß
File-Upload.net - Ihr kostenloser File Hoster!
dort hochladen und den link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.02.2012, 21:09   #15
Benf
 
Security Center !Achtung! Ihr Computer wurde gesperrt - Standard

Security Center !Achtung! Ihr Computer wurde gesperrt



äh ja, sind über 70MB...mal sehen wie lange der Upload noch dauert....

Antwort

Themen zu Security Center !Achtung! Ihr Computer wurde gesperrt
100 eur, achtung, achtung!, arbeiten, center, compu, computer, computer wurde gesperrt, dankbar, definitiv, ebook, entdeck, entdeckt, fenster, gesperrt, gestern, ihr computer wurde gesperrt, ihr computer wurde gesperrt!, microsoft, modus, notebook, ratlos, rechner, security, security center, software, starte, tan, übers



Ähnliche Themen: Security Center !Achtung! Ihr Computer wurde gesperrt


  1. Windows Security Center - Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 19.04.2012 (41)
  2. Windows Security Center - Achtung Ihr Computer wurde gesperrt - 100€ zahlen
    Log-Analyse und Auswertung - 16.04.2012 (5)
  3. Achtung! Ihr Computer wurde gesperrt. Windows Security Center!?
    Log-Analyse und Auswertung - 02.04.2012 (21)
  4. Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  5. Windows Security Center - Achtung! Ihr Computer wurde gesperrt! + 17 Viren
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (37)
  6. Windows Security Center Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 21.02.2012 (18)
  7. Windows Security Center: Achtung Ihr Computer wurde gesperrt - mich hat es ebenfalls erwischt
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (21)
  8. Achtung! Ihr Computer wurde gesperrt! Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (9)
  9. Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (22)
  10. Windows Security Center Achtung! Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (15)
  11. Achtung Ihr Computer wurde gesperrt! Security Center
    Log-Analyse und Auswertung - 08.02.2012 (4)
  12. Windows Security Center...Achtung!Ihr Computer wurde gesperrt!100 € oder Daten werden gelöscht
    Log-Analyse und Auswertung - 07.02.2012 (5)
  13. Windows Security Center - Achtung! Ihr Computer wurde gesperrt !
    Log-Analyse und Auswertung - 05.02.2012 (1)
  14. Security Center- Achtung! Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (3)
  15. Security Center - Achtung Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (1)
  16. Security Center !Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 02.02.2012 (10)
  17. windows security center " Achtung! Ihr Computer wurde gesperrt! " Nr. 2
    Alles rund um Windows - 31.01.2012 (1)

Zum Thema Security Center !Achtung! Ihr Computer wurde gesperrt - Gestern erschien auf meinem Notebook eben dieses Fenster mit der Aufschrift: "Security Center !Achtung! Ihr Computer wurde gesperrt!" ergänzt durch die Forderung von 100 EUR, da Microsoft auf dem Computer - Security Center !Achtung! Ihr Computer wurde gesperrt...
Archiv
Du betrachtest: Security Center !Achtung! Ihr Computer wurde gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.