Zur點k   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder st鋘dig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu k鰊nen, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauensw黵dig ist und bis zur vollst鋘digen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.03.2012, 15:19   #1
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Hallo liebes trojaner-board.de Team.

Mich hat es erwischt und mein Computer wurde von dem hier schon in mehreren Themen behandelten 50 Virus befallen.

Schon nach wenigen Sekunden, nachdem ich den PC gestartet habe und mit dem Internet verbunden bin, erscheint folgende Meldung:

Durch das Besuchen von Seiten mit infizierten und pornographischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen k鰊nen. Um das System wiederherstellen zu k鰊nen m黶sen Sie ein zus鋞zliches Sicherheitsupdate herunterladen.

Dieses Update ist ein kostenpflichtiges Upgrade f黵 besonders infizierte Windowssysteme. Es besch黷zt das System vollst鋘dig von Virus und Schadprogrammen, stabilisiert Ihr Computersystem und verhindert den Datenverlust.

Ich bin ein absoluter Laie und hoffe, dass ich hier richtig bin...

Das Betriebssystem ist Windows 7 (32 bit).

Den Forumregeln nach er鰂fne ich deswegen hier einen neuen Thread, in der Hoffnung, dass ihr mir schnell weiterhelfen k鰊nt.

Anbei f黦e ich einige Logfiles bei dir ich der Anleitung f黵 neue Threads nach erstellen sollte:

dds:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Admin at 14:46:58 on 2012-03-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2813.1856 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\brss01a.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ICQ7.6\ICQ.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Pageshots for Internet Explorer PRO: {28cf50da-4a17-4442-bbf9-d916bfde072c} - c:\programdata\pageshotspro\pageshots_x86.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: toolplugin: {dfefcdee-cf1a-4fc8-89af-189327213627} - toolplugin\toolbar.dll
uRun: [<NO NAME>]
uRun: [ICQ] "c:\program files\icq7.6\ICQ.exe" silent loginmode=4
uRun: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] c:\users\admin\appdata\roaming\microsoft\torrent.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
IE: {998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 213.211.192.34 213.187.64.1
TCP: Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068} : DhcpNameServer = 213.211.192.34 213.187.64.1
TCP: Interfaces\{692779E6-F838-4B7A-B811-22C354536B52} : DhcpNameServer = 193.189.244.225 193.189.244.206
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npuuseep.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe [2010-10-29 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-5 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-9-22 645048]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-5 5587456]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-5 210432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Droppix Service;Droppix Service;c:\program files\common files\droppix\DxService.exe [2011-5-6 221184]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-21 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
.
=============== Created Last 30 ================
.
2012-03-07 13:07:44 -------- d-----w- c:\users\admin\appdata\roaming\QuickScan
2012-03-06 21:48:57 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0a9d0c6-60fe-45d0-b0f0-951d1c695917}\mpengine.dll
2012-03-06 09:36:45 922176 ------w- c:\program files\mozilla firefox\ger\DPInst.exe
2012-03-05 09:02:27 -------- d-----w- c:\program files\Software4u
2012-02-26 19:43:06 -------- d-----w- c:\program files\SPSS Viewer
2012-02-23 19:48:52 -------- d-----w- c:\program files\iPod
2012-02-23 09:16:51 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 10:24:04 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 16:08:38 4554119 ----a-w- c:\program files\MyPhoneExplorer_Setup_v1.8.exe
2009-10-13 07:34:26 3439104 ----a-w- c:\program files\iRinger.exe
2008-03-04 02:08:22 131072 ----a-w- c:\program files\ICQ Status Checker.exe
.
============= FINISH: 14:48:30,27 ===============

dds attached:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 29.10.2010 11:06:34
System Uptime: 07.03.2012 14:43:43 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1475
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Unknown | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 22,935 GiB free.
D: is FIXED (NTFS) - 230 GiB total, 40,372 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.6 - Deutsch
Amazon MP3-Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audacity 1.2.6
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Brother MFL-Pro Suite DCP-115C
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CdCoverCreator 2.5.3
Cisco AnyConnect VPN Client
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.07.0290
Compatibility Pack for the 2007 Office system
Cucusoft iPhone Video Converter 7.18
DAEMON Tools Toolbar
Driver Detective
Droppix Label Maker 2.x
Druckerdeinstallation f黵 EPSON SX410 Series
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Handbuch
ESET NOD32 Antivirus
Free Audio Converter version 2.3.4.920
Free Video to iPhone Converter version 3.2.18.426
Free YouTube Download version 3.0.13.815
Free YouTube to iPhone Converter version 2.11.6.727
Free YouTube to MP3 Converter version 3.10.6.727
High-Definition Video Playback 10
HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞
HP Deskjet 2050 J510 series Hilfe
HP ESU for Microsoft Windows 7
HP Photo Creations
HP Product Detection
HP Update
HP Webcam Driver
iCloud
ICQ7.6
iDevice Manager
IDT Audio
iTunes
Java Auto Updater
Java(TM) 6 Update 26
LightScribe System Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Speichern als PDF oder XPS Add-In f黵 2007 Microsoft Office-Programme
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 10.0.2 (x86 de)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PageshotsPro 1.0.0
PC Connectivity Solution
PDF Settings CS5
PhotoScape
PokerStars.net
QuickPar 0.9
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype 5.0
SopCast 3.2.9
SPSS SmartViewer 15G
Synaptics Pointing Device Driver
toolplugin
Trojancheck 6
Uninstall 1.0.0.1
Update f黵 Microsoft Office Excel 2007 Help (KB963678)
Update f黵 Microsoft Office Outlook 2007 Help (KB963677)
Update f黵 Microsoft Office Powerpoint 2007 Help (KB963669)
Update f黵 Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VLC media player 1.1.11
vShare.tv plugin 1.3
Winamp
Winamp Erkennungs-Plug-in
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WiseFixer 3.5
.
==== End Of File ===========================

GMer.txt:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-03-07 15:02:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC72E
Running: q5q18dyk.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxdiqpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Vielen Dank schon mal im Voraus
LG Joschi

Alt 07.03.2012, 15:30   #2
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



hi,
neustart f8 dr點ken abgesicherter modus mit netzwerk w鋒len, im infizierten konto anmelden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 07.03.2012, 16:07   #3
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Hallo Markus,

vielen Dank f黵 deine schnelle Meldung.

Hier die Textdateien aus OTL:

Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
 
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.5
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In f黵 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}" = HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2592F05-6715-4454-B37C-088EA1F9E20A}" = ESET NOD32 Antivirus
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9273F52-B929-E315-D82B-EDF384D53924}" = ATI Catalyst Install Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA35F4DF-8DE9-47DB-07C7-A176B2C54878}" = ccc-utility
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft iPhone Video Converter_is1" = Cucusoft iPhone Video Converter 7.18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Droppix Label Maker_is1" = Droppix Label Maker 2.x
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX410 Series" = Druckerdeinstallation f黵 EPSON SX410 Series
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.18.426
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.6.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
 
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)
SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (hwdatacard)
DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]
 
[2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions
[2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com
[2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com
[2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml
[2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml
[2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/ File not found
O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/ File not found
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: (default) - hkey= - key= -  File not found
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner
[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012
[2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012
[2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
[2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer
[2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer
[2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe
[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf
[2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf
[2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf
[2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk
[2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk
[2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe
[2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf
[2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf
[2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf
[2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk
[2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk
[2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe
[2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec
[2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett
[2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner
[2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe
[2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe
[2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1
[2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2
[2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf
[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf
[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms
[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms
[2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf
[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf
[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf
[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms
[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms
[2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf
[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf
[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
__________________

Alt 07.03.2012, 16:09   #4
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Hallo Markus,

vielen Dank f黵 deine schnelle Meldung.

Hier die Textdateien aus OTL:

Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
 
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.5
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft  Speichern als PDF oder XPS  Add-In f黵 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}" = HP Deskjet 2050 J510 series - Grundlegende Software f黵 das Ger鋞
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2592F05-6715-4454-B37C-088EA1F9E20A}" = ESET NOD32 Antivirus
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9273F52-B929-E315-D82B-EDF384D53924}" = ATI Catalyst Install Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA35F4DF-8DE9-47DB-07C7-A176B2C54878}" = ccc-utility
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.0
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft iPhone Video Converter_is1" = Cucusoft iPhone Video Converter 7.18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Droppix Label Maker_is1" = Droppix Label Maker 2.x
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX410 Series" = Druckerdeinstallation f黵 EPSON SX410 Series
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.18.426
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.6.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2012 15:48:00 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free
5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS
Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32
 
Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)
SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (hwdatacard)
DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]
 
[2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions
[2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com
[2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com
[2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml
[2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml
[2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found
O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: (default) - hkey= - key= -  File not found
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner
[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012
[2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012
[2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
[2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u
[2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer
[2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer
[2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe
[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf
[2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf
[2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf
[2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk
[2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk
[2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe
[2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf
[2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf
[2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf
[2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk
[2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk
[2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe
[2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec
[2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett
[2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner
[2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe
[2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe
[2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1
[2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2
[2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf
[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf
[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms
[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms
[2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf
[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf
[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf
[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms
[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms
[2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf
[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf
[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms
[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms
[2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Alt 07.03.2012, 16:11   #5
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



hi


dieses script sowie evtl. folgende scripts sind nur f黵 den jeweiligen user.
wenn ihr probleme habt, er鰂fnet eigene topics und wartet auf, f黵 euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found
 :Files
C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner n鋍hsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Dr點ke bitte die + E Taste.
  • 謋fne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und 鰂fne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verd鋍htige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterst黷zen m鯿htet

Alt 07.03.2012, 16:19   #6
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Sorry f黵 den doppelten Post! Das war nicht beabsichtigt und ich kann eine der Nachrichten leider nicht wieder l鰏chen...

Alt 07.03.2012, 16:38   #7
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Hier die von dir gew黱schte Datei von dir, auch der Upload war erfolgreich.


Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2012 15:48:00 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop> in the current context!
Error: Unable to interpret < Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7601.17514)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2,75 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 85,34% Memory free> in the current context!
Error: Unable to interpret <5,49 Gb Paging File | 5,12 Gb Available in Paging File | 93,24% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 68,26 Gb Total Space | 23,01 Gb Free Space | 33,71% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 229,73 Gb Total Space | 40,37 Gb Free Space | 17,57% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive H: | 7,52 Gb Total Space | 7,29 Gb Free Space | 96,87% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: JOSCHI-PC | User Name: Admin | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)> in the current context!
Error: Unable to interpret <SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)> in the current context!
Error: Unable to interpret <SRV - [2010.08.05 03:22:34 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)> in the current context!
Error: Unable to interpret <SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)> in the current context!
Error: Unable to interpret <SRV - [2010.03.17 03:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)> in the current context!
Error: Unable to interpret <SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)> in the current context!
Error: Unable to interpret <SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)> in the current context!
Error: Unable to interpret <SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)> in the current context!
Error: Unable to interpret <SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)> in the current context!
Error: Unable to interpret <SRV - [2009.03.12 12:25:40 | 000,221,184 | ---- | M] (Droppix) [On_Demand | Stopped] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)> in the current context!
Error: Unable to interpret <SRV - [2009.03.03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)> in the current context!
Error: Unable to interpret <SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)> in the current context!
Error: Unable to interpret <SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (VGPU)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (tsusbhub)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Synth3dVsc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (hwdatacard)> in the current context!
Error: Unable to interpret <DRV - [2011.09.22 19:29:18 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)> in the current context!
Error: Unable to interpret <DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)> in the current context!
Error: Unable to interpret <DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)> in the current context!
Error: Unable to interpret <DRV - [2010.10.29 12:54:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)> in the current context!
Error: Unable to interpret <DRV - [2010.08.11 20:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)> in the current context!
Error: Unable to interpret <DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)> in the current context!
Error: Unable to interpret <DRV - [2010.08.05 03:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)> in the current context!
Error: Unable to interpret <DRV - [2010.08.05 02:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)> in the current context!
Error: Unable to interpret <DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)> in the current context!
Error: Unable to interpret <DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)> in the current context!
Error: Unable to interpret <DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)> in the current context!
Error: Unable to interpret <DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)> in the current context!
Error: Unable to interpret <DRV - [2010.04.27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)> in the current context!
Error: Unable to interpret <DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)> in the current context!
Error: Unable to interpret <DRV - [2010.03.17 03:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)> in the current context!
Error: Unable to interpret <DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)> in the current context!
Error: Unable to interpret <DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)> in the current context!
Error: Unable to interpret <DRV - [2009.02.06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)> in the current context!
Error: Unable to interpret <DRV - [2009.02.06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)> in the current context!
Error: Unable to interpret <DRV - [2009.02.06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)> in the current context!
Error: Unable to interpret <DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)> in the current context!
Error: Unable to interpret <DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)> in the current context!
Error: Unable to interpret <DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook:  - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{E2810DD3-C86E-4050-B2E2-12820D9E8E25}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Web Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Search the web"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Search the web"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Search the web"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "www.google.de"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - user.js..browser.search.selectedEngine: "Search the web"> in the current context!
Error: Unable to interpret <FF - user.js..browser.search.order.1: "Search the web"> in the current context!
Error: Unable to interpret <FF - user.js..browser.search.defaultenginename: "Search the web"> in the current context!
Error: Unable to interpret <FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.06 18:48:28 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:54:22 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.01.07 10:49:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.07 12:09:39 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.10.29 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions> in the current context!
Error: Unable to interpret <[2011.08.02 14:10:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}> in the current context!
Error: Unable to interpret <[2012.03.03 02:23:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}> in the current context!
Error: Unable to interpret <[2012.03.03 07:55:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}> in the current context!
Error: Unable to interpret <[2012.02.23 13:15:26 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\DTToolbar@toolbarnet.com> in the current context!
Error: Unable to interpret <[2011.11.12 17:29:32 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\e1b4oxbm.default\extensions\welcome@toolmin.com> in the current context!
Error: Unable to interpret <[2010.11.05 11:59:28 | 000,002,059 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\daemon-search.xml> in the current context!
Error: Unable to interpret <[2012.02.12 00:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\icqplugin.xml> in the current context!
Error: Unable to interpret <[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\searchplugins\startsear.xml> in the current context!
Error: Unable to interpret <[2011.11.16 19:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2011.10.11 11:11:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2010.09.17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll> in the current context!
Error: Unable to interpret <[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll> in the current context!
Error: Unable to interpret <[2010.11.29 20:35:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2011.11.12 17:29:32 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012.03.06 18:48:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll (AD ON Multimedia Advertising GmbH)> in the current context!
Error: Unable to interpret <O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: []  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: []  File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [{60E55C92-E33B-11DF-ADB6-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\torrent.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 100> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - 灏忔父鎴,鍦ㄧ嚎灏忔父鎴,鍙屼汉灏忔父鎴,Ugege灏忔父鎴 File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.192.34 213.187.64.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09D94FD1-B4B6-4FD2-911C-F449FF46C068}: DhcpNameServer = 213.211.192.34 213.187.64.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692779E6-F838-4B7A-B811-22C354536B52}: DhcpNameServer = 193.189.244.225 193.189.244.206> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM> in the current context!
Error: Unable to interpret <ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"> in the current context!
Error: Unable to interpret <ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0> in the current context!
Error: Unable to interpret <ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context!
Error: Unable to interpret <ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context!
Error: Unable to interpret <ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> in the current context!
Error: Unable to interpret <ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context!
Error: Unable to interpret <ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context!
Error: Unable to interpret <ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6> in the current context!
Error: Unable to interpret <ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context!
Error: Unable to interpret <ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context!
Error: Unable to interpret <ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context!
Error: Unable to interpret <ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context!
Error: Unable to interpret <ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner> in the current context!
Error: Unable to interpret <ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7> in the current context!
Error: Unable to interpret <ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings> in the current context!
Error: Unable to interpret <ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> in the current context!
Error: Unable to interpret <ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context!
Error: Unable to interpret <ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context!
Error: Unable to interpret <ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player> in the current context!
Error: Unable to interpret <ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context!
Error: Unable to interpret <ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context!
Error: Unable to interpret <ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP> in the current context!
Error: Unable to interpret <ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig> in the current context!
Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <NetSvcs: FastUserSwitchingCompatibility -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <NetSvcs: Nla -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Ntmssvc -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: NWCWorkstation -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Nwsapagent -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: SRService -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: WmdmPmSp -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: LogonHours -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: PCAudit -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: helpsvc -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: uploadmgr -  File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: (default) - hkey= - key= -  File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= -  File not found> in the current context!
Error: Unable to interpret <MsConfig - State: "bootini" - 2> in the current context!
Error: Unable to interpret <MsConfig - State: "startup" - 2> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <Error creating restore point.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.03.07 15:35:00 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.03.07 14:39:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com> in the current context!
Error: Unable to interpret <[2012.03.07 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan> in the current context!
Error: Unable to interpret <[2012.03.07 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI> in the current context!
Error: Unable to interpret <[2012.03.06 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer> in the current context!
Error: Unable to interpret <[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia> in the current context!
Error: Unable to interpret <[2012.03.06 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe> in the current context!
Error: Unable to interpret <[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbungsunterlagen Maria Pf黷zner> in the current context!
Error: Unable to interpret <[2012.03.06 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung wiss. Mitarbeiter (Alex Stelle)_10.01.2012> in the current context!
Error: Unable to interpret <[2012.03.06 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Bewerbung WiMI 15.02.2012> in the current context!
Error: Unable to interpret <[2012.03.05 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager> in the current context!
Error: Unable to interpret <[2012.03.05 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u> in the current context!
Error: Unable to interpret <[2012.02.26 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS SmartViewer> in the current context!
Error: Unable to interpret <[2012.02.26 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS Viewer> in the current context!
Error: Unable to interpret <[2012.02.23 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes> in the current context!
Error: Unable to interpret <[2012.02.23 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod> in the current context!
Error: Unable to interpret <[2012.02.23 10:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes> in the current context!
Error: Unable to interpret <[2010.11.14 12:27:21 | 000,131,072 | ---- | C] (murb) -- C:\Program Files\ICQ Status Checker.exe> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.03.07 15:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.03.07 15:42:15 | 2211,885,056 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.03.07 15:39:55 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.03.07 15:35:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2012.03.07 14:51:37 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\q5q18dyk.exe> in the current context!
Error: Unable to interpret <[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.03.07 14:39:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com> in the current context!
Error: Unable to interpret <[2012.03.07 14:37:55 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe> in the current context!
Error: Unable to interpret <[2012.03.06 18:46:40 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2012.03.06 18:46:40 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.03.06 18:46:40 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2012.03.06 18:46:40 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.03.06 18:33:57 | 000,370,070 | ---- | M] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:18:51 | 000,292,707 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikum.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:14:24 | 000,329,288 | ---- | M] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:04:48 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\XnView.lnk> in the current context!
Error: Unable to interpret <[2012.03.05 10:02:29 | 000,002,184 | ---- | M] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk> in the current context!
Error: Unable to interpret <[2012.03.01 13:58:04 | 003,774,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2012.02.27 13:34:31 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm> in the current context!
Error: Unable to interpret <[2012.02.23 20:49:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.03.07 14:51:33 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\q5q18dyk.exe> in the current context!
Error: Unable to interpret <[2012.03.07 14:41:44 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.03.07 14:37:51 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe> in the current context!
Error: Unable to interpret <[2012.03.06 18:33:54 | 000,370,070 | ---- | C] () -- C:\Users\Admin\Desktop\Masterzeugnis.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:18:45 | 000,292,707 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikum.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:14:22 | 000,329,288 | ---- | C] () -- C:\Users\Admin\Desktop\Praktikumszeugnis.pdf> in the current context!
Error: Unable to interpret <[2012.03.06 11:04:48 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\XnView.lnk> in the current context!
Error: Unable to interpret <[2012.03.05 10:02:29 | 000,002,184 | ---- | C] () -- C:\Users\Admin\Desktop\iDevice Manager.lnk> in the current context!
Error: Unable to interpret <[2012.02.23 20:49:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat> in the current context!
Error: Unable to interpret <[2011.08.21 17:24:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini> in the current context!
Error: Unable to interpret <[2011.07.01 07:39:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll> in the current context!
Error: Unable to interpret <[2011.06.21 08:04:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe> in the current context!
Error: Unable to interpret <[2011.06.21 08:01:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe> in the current context!
Error: Unable to interpret <[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll> in the current context!
Error: Unable to interpret <[2011.05.09 16:52:59 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll> in the current context!
Error: Unable to interpret <[2011.05.09 16:52:59 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll> in the current context!
Error: Unable to interpret <[2011.02.24 17:06:17 | 004,554,119 | ---- | C] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe> in the current context!
Error: Unable to interpret <[2010.11.27 16:30:36 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini> in the current context!
Error: Unable to interpret <[2010.11.26 13:46:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:32:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:30:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll> in the current context!
Error: Unable to interpret <[2010.11.02 07:30:52 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll> in the current context!
Error: Unable to interpret <[2010.10.30 17:26:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini> in the current context!
Error: Unable to interpret <[2010.10.30 17:26:45 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI> in the current context!
Error: Unable to interpret <[2010.10.30 17:26:45 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI> in the current context!
Error: Unable to interpret <[2010.10.30 17:25:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat> in the current context!
Error: Unable to interpret <[2010.10.30 16:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI> in the current context!
Error: Unable to interpret <[2010.10.29 12:11:02 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg> in the current context!
Error: Unable to interpret <[2010.10.29 11:30:19 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 001,763,968 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 000,211,840 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe> in the current context!
Error: Unable to interpret <[2010.10.29 10:50:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini> in the current context!
Error: Unable to interpret <[2010.10.29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin> in the current context!
Error: Unable to interpret <[2010.06.02 16:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat> in the current context!
Error: Unable to interpret <[2010.04.06 12:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat> in the current context!
Error: Unable to interpret <[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.01.25 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ> in the current context!
Error: Unable to interpret <[2012.03.07 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan> in the current context!
Error: Unable to interpret <[2012.03.04 09:42:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\*. >> in the current context!
Error: Unable to interpret <[2010.11.28 10:45:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin> in the current context!
Error: Unable to interpret <[2011.03.04 08:30:48 | 000,000,000 | ---D | M] -- C:\360Rec> in the current context!
Error: Unable to interpret <[2011.07.01 07:39:48 | 000,000,000 | ---D | M] -- C:\ConverterOutput> in the current context!
Error: Unable to interpret <[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings> in the current context!
Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen> in the current context!
Error: Unable to interpret <[2011.06.25 10:45:25 | 000,000,000 | ---D | M] -- C:\Joschi_komplett> in the current context!
Error: Unable to interpret <[2011.11.22 10:35:53 | 000,000,000 | ---D | M] -- C:\Masterarbeit Maria Pf黷zner> in the current context!
Error: Unable to interpret <[2011.10.18 13:13:36 | 000,000,000 | RH-D | M] -- C:\MSOCache> in the current context!
Error: Unable to interpret <[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs> in the current context!
Error: Unable to interpret <[2012.03.06 10:26:14 | 000,000,000 | R--D | M] -- C:\Program Files> in the current context!
Error: Unable to interpret <[2012.02.02 03:09:43 | 000,000,000 | -H-D | M] -- C:\ProgramData> in the current context!
Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Programme> in the current context!
Error: Unable to interpret <[2010.10.29 10:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery> in the current context!
Error: Unable to interpret <[2010.10.29 11:30:05 | 000,000,000 | ---D | M] -- C:\SwSetup> in the current context!
Error: Unable to interpret <[2012.03.07 13:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information> in the current context!
Error: Unable to interpret <[2010.10.29 12:00:32 | 000,000,000 | R--D | M] -- C:\Users> in the current context!
Error: Unable to interpret <[2012.03.06 10:09:37 | 000,000,000 | ---D | M] -- C:\Windows> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %PROGRAMFILES%\*.exe >> in the current context!
Error: Unable to interpret <[2008.03.04 03:08:22 | 000,131,072 | ---- | M] (murb) -- C:\Program Files\ICQ Status Checker.exe> in the current context!
Error: Unable to interpret <[2009.10.13 08:34:26 | 003,439,104 | ---- | M] (Mouse Industries) -- C:\Program Files\iRinger.exe> in the current context!
Error: Unable to interpret <[2011.02.24 17:08:38 | 004,554,119 | ---- | M] () -- C:\Program Files\MyPhoneExplorer_Setup_v1.8.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %LOCALAPPDATA%\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\*. /mp /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: AGP440.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: ATAPI.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: CNGAUDIT.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll> in the current context!
Error: Unable to interpret <[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: EXPLORER.EXE  >> in the current context!
Error: Unable to interpret <[2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe> in the current context!
Error: Unable to interpret <[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe> in the current context!
Error: Unable to interpret <[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe> in the current context!
Error: Unable to interpret <[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe> in the current context!
Error: Unable to interpret <[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe> in the current context!
Error: Unable to interpret <[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe> in the current context!
Error: Unable to interpret <[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe> in the current context!
Error: Unable to interpret <[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe> in the current context!
Error: Unable to interpret <[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe> in the current context!
Error: Unable to interpret <[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe> in the current context!
Error: Unable to interpret <[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe> in the current context!
Error: Unable to interpret <[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe> in the current context!
Error: Unable to interpret <[2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: IASTORV.SYS  >> in the current context!
Error: Unable to interpret <[2010.05.12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys> in the current context!
Error: Unable to interpret <[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys> in the current context!
Error: Unable to interpret <[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys> in the current context!
Error: Unable to interpret <[2010.05.12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NETLOGON.DLL  >> in the current context!
Error: Unable to interpret <[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll> in the current context!
Error: Unable to interpret <[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll> in the current context!
Error: Unable to interpret <[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NVSTOR.SYS  >> in the current context!
Error: Unable to interpret <[2010.05.12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys> in the current context!
Error: Unable to interpret <[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys> in the current context!
Error: Unable to interpret <[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys> in the current context!
Error: Unable to interpret <[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys> in the current context!
Error: Unable to interpret <[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys> in the current context!
Error: Unable to interpret <[2010.05.12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: SCECLI.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll> in the current context!
Error: Unable to interpret <[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll> in the current context!
Error: Unable to interpret <[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USER32.DLL  >> in the current context!
Error: Unable to interpret <[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll> in the current context!
Error: Unable to interpret <[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll> in the current context!
Error: Unable to interpret <[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USERINIT.EXE  >> in the current context!
Error: Unable to interpret <[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe> in the current context!
Error: Unable to interpret <[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe> in the current context!
Error: Unable to interpret <[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WINLOGON.EXE  >> in the current context!
Error: Unable to interpret <[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe> in the current context!
Error: Unable to interpret <[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe> in the current context!
Error: Unable to interpret <[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe> in the current context!
Error: Unable to interpret <[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WS2IFSL.SYS  >> in the current context!
Error: Unable to interpret <[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys> in the current context!
Error: Unable to interpret <[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\drivers\*.sys /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\System32\config\*.sav >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\*.dll /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %USERPROFILE%\*.* >> in the current context!
Error: Unable to interpret <[2012.03.07 14:42:10 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.03.07 15:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2012.03.07 15:57:54 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1> in the current context!
Error: Unable to interpret <[2012.03.07 09:17:16 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2> in the current context!
Error: Unable to interpret <[2012.02.24 09:57:17 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TM.blf> in the current context!
Error: Unable to interpret <[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2012.02.24 09:57:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3d6ad030-5ec5-11e1-beda-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2010.12.06 19:35:01 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TM.blf> in the current context!
Error: Unable to interpret <[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2010.12.06 19:35:01 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{454bd344-012d-11e0-8e33-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.08.13 02:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TM.blf> in the current context!
Error: Unable to interpret <[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.08.13 02:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{47121479-c458-11e0-8fdc-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2010.10.29 12:12:19 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf> in the current context!
Error: Unable to interpret <[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2010.10.29 12:12:19 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.08.10 11:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TM.blf> in the current context!
Error: Unable to interpret <[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.08.10 11:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{bf21f22e-c311-11e0-8bc8-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.11.23 18:55:27 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TM.blf> in the current context!
Error: Unable to interpret <[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.11.23 18:55:27 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{c7772674-15e8-11e1-b322-70f3956097b8}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.09.12 03:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TM.blf> in the current context!
Error: Unable to interpret <[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.09.12 03:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{d2b7d433-dc94-11e0-80c0-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.01.13 07:08:20 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TM.blf> in the current context!
Error: Unable to interpret <[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000001.regtrans-ms> in the current context!
Error: Unable to interpret <[2011.01.13 07:08:20 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{e733fb8d-1ebb-11e0-8795-1cc1de98c723}.TMContainer00000000000000000002.regtrans-ms> in the current context!
Error: Unable to interpret <[2010.10.29 12:00:33 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %USERPROFILE%\Local Settings\Temp\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %USERPROFILE%\Local Settings\Temp\*.dll >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %USERPROFILE%\Application Data\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <<           >> in the current context!
Error: Unable to interpret << End of report >
         
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_162101

Alt 07.03.2012, 16:41   #8
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



n, das ist nicht das gew黱schte, du hast das otl log kopiert anstelle meines scriptes, bitte noch mal + den upload
__________________
-Verd鋍htige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterst黷zen m鯿htet

Alt 07.03.2012, 16:45   #9
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Oh, das tut mir leid, da hab ich wohl nicht richtig gelesen und die falsche Datei genommen...ich mache es gleich noch mal.

Alt 07.03.2012, 16:59   #10
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



passiert :-)
__________________
-Verd鋍htige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterst黷zen m鯿htet

Alt 07.03.2012, 17:04   #11
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



So, jetzt m黶ste es passen

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{60E55C92-E33B-11DF-ADB6-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60E55C92-E33B-11DF-ADB6-806E6F6E6963}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 815 bytes

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Joschi
->Flash cache emptied: 7415 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Admin
->Temp folder emptied: 302936818 bytes
->Temporary Internet Files folder emptied: 1935283 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64004193 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joschi
->Temp folder emptied: 28017826 bytes
->Temporary Internet Files folder emptied: 12768371 bytes
->Java cache emptied: 980128 bytes
->FireFox cache emptied: 192257105 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2233825921 bytes
RecycleBin emptied: 5482014 bytes

Total Files Cleaned = 2.711,00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03072012_165250

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Auch der Upload war erfolgreich.

Alt 07.03.2012, 17:19   #12
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



So eben ist die Meldung wieder aufgetreten und alles war blockiert...habe ich etwas falsch gemacht?

Alt 07.03.2012, 17:32   #13
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



ok, anders
im abgesicherten modus mit netzwerk folgendes:
Combofix darf ausschlie遧ich ausgef黨rt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgef黨rt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite f黵 Downloadlinks und Anweisungen f黵 dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit st鰎en.
  • Poste bitte die C:\Combofix.txt in deiner n鋍hsten Antwort.
__________________
-Verd鋍htige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterst黷zen m鯿htet

Alt 07.03.2012, 18:38   #14
Joschi513
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



Hier nun die Combofix.txt Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-07.05 - Admin 07.03.2012  18:21:39.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2813.2072 [GMT 1:00]
ausgef黨rt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere L鰏chungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\program files\Mozilla Firefox\plugins\npuuseep.dll
c:\programdata\Windows
c:\programdata\Windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\users\Joschi\AppData\Roaming\Microsoft\torrent.exe
c:\windows\struct~.ini
c:\windows\system32\nsis_loader.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))
.
.
2012-03-07 17:26 . 2012-03-07 17:26	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2012-03-07 15:21 . 2012-03-07 16:00	--------	d-----w-	C:\_OTL
2012-03-07 13:07 . 2012-03-07 13:07	--------	d-----w-	c:\users\Admin\AppData\Roaming\QuickScan
2012-03-07 06:59 . 2012-03-07 06:59	--------	d-----w-	c:\users\Admin\AppData\Roaming\ATI
2012-03-06 21:48 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A9D0C6-60FE-45D0-B0F0-951D1C695917}\mpengine.dll
2012-03-06 20:26 . 2012-03-06 20:26	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2012-03-06 09:36 . 2009-07-13 09:47	922176	------w-	c:\program files\Mozilla Firefox\ger\DPInst.exe
2012-03-05 11:53 . 2012-03-05 11:53	--------	d-----w-	c:\users\Joschi\AppData\Roaming\Software4u
2012-03-05 09:02 . 2012-03-05 09:02	--------	d-----w-	c:\program files\Software4u
2012-02-26 19:43 . 2012-02-26 19:43	--------	d-----w-	c:\program files\SPSS Viewer
2012-02-23 19:48 . 2012-02-23 19:48	--------	d-----w-	c:\program files\iPod
2012-02-23 09:16 . 2012-02-23 19:49	--------	d-----w-	c:\program files\iTunes
2012-02-08 23:32 . 2012-02-12 08:40	--------	d-----w-	c:\users\Joschi\AppData\Roaming\Becu
2012-02-08 23:32 . 2012-02-10 14:39	--------	d-----w-	c:\users\Joschi\AppData\Roaming\Xari
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-10-29 09:30	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-07 10:24 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-02-24 16:08 . 2011-02-24 16:06	4554119	----a-w-	c:\program files\MyPhoneExplorer_Setup_v1.8.exe
2009-10-13 07:34 . 2009-10-13 07:34	3439104	----a-w-	c:\program files\iRinger.exe
2008-03-04 02:08 . 2010-11-14 11:27	131072	----a-w-	c:\program files\ICQ Status Checker.exe
2012-03-06 17:48 . 2011-11-16 18:18	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr鋑e & legitime Standardeintr鋑e werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-10 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-05 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-05 5587456]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-05 210432]
R3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2009-03-12 221184]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-29 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zus鋞zlicher Suchlauf -------
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.ugege.com/
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1b4oxbm.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseintr鋑e - - - -
.
Toolbar-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
HKCU-Run-{60E55C92-E33B-11DF-ADB6-806E6F6E6963} - c:\users\Admin\AppData\Roaming\Microsoft\torrent.exe
MSConfigStartUp-UUSeeMediaCenter - c:\program files\Common Files\uusee\UUSeeMediaCenter.exe
AddRemove-toolplugin - c:\users\Admin\AppData\Local\Temp\WZSE1.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-07  18:27:45
ComboFix-quarantined-files.txt  2012-03-07 17:27
.
Vor Suchlauf: 11 Verzeichnis(se), 27.407.089.664 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 27.202.732.032 Bytes frei
.
- - End Of File - - 87E12E1027D012E39BF4004F52B07CF4
         
--- --- ---

Alt 07.03.2012, 19:09   #15
markusg
/// Malware-holic
 
Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Standard

Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus



start programme zubeh鰎 editor reinkopieren:

Killall::
Folder::
c:\users\Joschi\AppData\Roaming\Becu
c:\users\Joschi\AppData\Roaming\Xari

datei speichern unter, ort, dort wo sich combofix.exe befindet, typ alle dateien, name
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten
__________________
-Verd鋍htige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterst黷zen m鯿htet

Antwort

Themen zu Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus
32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivirus, bonjour, computer, converter, defender, download, eset nod32, excel, explorer, firefox, flash player, infizierte, internet, mozilla, mp3, myphoneexplorer, office 2007, pdf, photoshop, realtek, seiten, sekunden, software, svchost.exe, updates, video converter, virus, wmp



膆nliche Themen: Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus


  1. Ihr Windowssystem wurde aus Sicherheitsgr黱den blockiert (50 Virus)
    Plagegeister aller Art und deren Bek鋗pfung - 19.04.2012 (17)
  2. Virus: "Achtung! Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert", OTL ausgef黨rt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50€ Zahlung Virus
    Log-Analyse und Auswertung - 19.03.2012 (1)
  4. Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus
    Plagegeister aller Art und deren Bek鋗pfung - 13.03.2012 (29)
  5. Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. 50 Euro-Virus.
    Log-Analyse und Auswertung - 25.02.2012 (3)
  6. Virus: Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert...
    Log-Analyse und Auswertung - 10.02.2012 (21)
  7. aus sicherheitsgr黱den wurde ihr windowssystem blockiert virus
    Log-Analyse und Auswertung - 10.02.2012 (1)
  8. Achtung! Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. (50 Virus!)
    Log-Analyse und Auswertung - 09.02.2012 (23)
  9. Virus: Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bek鋗pfung - 07.02.2012 (17)
  10. Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. 50 Euro-Virus.
    Log-Analyse und Auswertung - 04.02.2012 (21)
  11. Virus: Achtung-Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bek鋗pfung - 03.02.2012 (10)
  12. 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgr黱den blockiert"
    Log-Analyse und Auswertung - 01.02.2012 (8)
  13. Achtung! Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. Virus mit Blackscreens
    Log-Analyse und Auswertung - 30.01.2012 (19)
  14. Achtung! Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. Virus mit Blackscreens
    Alles rund um Windows - 29.01.2012 (1)
  15. Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert. 50 Euro-Virus.
    Plagegeister aller Art und deren Bek鋗pfung - 19.01.2012 (15)
  16. Virus: Achtung aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bek鋗pfung - 04.01.2012 (5)
  17. Virus: Achtung! Aus Sicherheitsgr黱den wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bek鋗pfung - 01.01.2012 (3)

Zum Thema Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus - Hallo liebes trojaner-board.de Team. Mich hat es erwischt und mein Computer wurde von dem hier schon in mehreren Themen behandelten 50 Virus befallen. Schon nach wenigen Sekunden, nachdem ich den - Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus...
Archiv
Du betrachtest: Aus Sicherheitsgr黱den wurde Ihr Windowssystem blockiert. 50 Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.