Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 22.12.2012, 20:24   #1
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Hallo Trojaner-Board-Experten.

Ich hoffe, ihr könnt mir weiterhelfen.
Ich habe mir den bekannten GVU-Trojaner eingefangen. Dieser ließ mich selbst im abgesicherten Modus nichts mehr amchen (schwarzer Bildschirm).
Habe vorhin gerade im Netz gesucht und denke, es müsste die 2.10-Version sein.

Habe mich dann eingelesen (by the way: Ich benutze gerade einen PC eines Kumpels) und bereits eine CD erstellt mit OTLPENet.exe und bei dem dann auftauchenden REATOGO-X-PE Desktop über OTLPE die beiden Log-Files OLT.txt und Extra.txt erstellt.

Habe die beiden Dateien dann über's Internet verschickt, weil USB-Sticks an dem PC nicht erkannt werden. Hoffentlich war das kein Fehler.

Wie ihr schon seht, bin ich kein Fachmann auf diesem Gebiet - um es mal milde auszudrücken.

Das ist auch der Grund, warum ich euch um Hilfe bitte bei den weiteren Schritten. Vor allem, weil es jetzt an das Auslesen der Codes geht und da sollte man ja dann doch nichts falsch machen.

Anbei die beiden Dateien und jetzt schon mal einen Dank an euch für diese tollen Leistungen hier.

Beste Grüße
Mufus

P.S.: Ich weiß nicht, ob das normal ist oder ob mir ein Fehler unterlaufen ist, aber die beiden Textdateien haben überall Leerzeichen drin. Ist das normal?


OLT.txt
Code:
ATTFilter
��O T L   l o g f i l e   c r e a t e d   o n :   1 2 / 2 2 / 2 0 1 2   2 : 2 7 : 1 0   P M   -   R u n    
 O T L P E   b y   O l d T i m e r   -   V e r s i o n   3 . 1 . 4 8 . 0           F o l d e r   =   X : \ P r o g r a m s \ O T L P E  
 W i n d o w s   V i s t a   ( T M )   U l t i m a t e   S e r v i c e   P a c k   2   ( V e r s i o n   =   6 . 0 . 6 0 0 2 )   -   T y p e   =   S y s t e m  
 I n t e r n e t   E x p l o r e r   ( V e r s i o n   =   9 . 0 . 8 1 1 2 . 1 6 4 2 1 )  
 L o c a l e :   0 0 0 0 0 4 0 7   |   C o u n t r y :   D e u t s c h l a n d   |   L a n g u a g e :   D E U   |   D a t e   F o r m a t :   d d . M M . y y y y  
    
 2 . 0 0   G b   T o t a l   P h y s i c a l   M e m o r y   |   2 . 0 0   G b   A v a i l a b l e   P h y s i c a l   M e m o r y   |   8 2 . 0 0 %   M e m o r y   f r e e  
 2 . 0 0   G b   P a g i n g   F i l e   |   2 . 0 0   G b   A v a i l a b l e   i n   P a g i n g   F i l e   |   9 5 . 0 0 %   P a g i n g   F i l e   f r e e  
 P a g i n g   f i l e   l o c a t i o n ( s ) :   ? : \ p a g e f i l e . s y s   [ b i n a r y   d a t a ]  
    
 % S y s t e m D r i v e %   =   C :   |   % S y s t e m R o o t %   =   C : \ W i n d o w s   |   % P r o g r a m F i l e s %   =   C : \ P r o g r a m   F i l e s  
 D r i v e   C :   |   1 8 4 . 2 2   G b   T o t a l   S p a c e   |   3 6 . 4 7   G b   F r e e   S p a c e   |   1 9 . 8 0 %   S p a c e   F r e e   |   P a r t i t i o n   T y p e :   N T F S  
 D r i v e   X :   |   4 3 6 . 5 9   M b   T o t a l   S p a c e   |   0 . 0 0   M b   F r e e   S p a c e   |   0 . 0 0 %   S p a c e   F r e e   |   P a r t i t i o n   T y p e :   C D F S  
    
 C o m p u t e r   N a m e :   R E A T O G O   |   U s e r   N a m e :   S Y S T E M  
 B o o t   M o d e :   N o r m a l   |   S c a n   M o d e :   A l l   u s e r s  
 C o m p a n y   N a m e   W h i t e l i s t :   O f f   |   S k i p   M i c r o s o f t   F i l e s :   O f f   |   N o   C o m p a n y   N a m e   W h i t e l i s t :   O n   |   F i l e   A g e   =   3 0   D a y s  
 U s i n g   C o n t r o l S e t :   C o n t r o l S e t 0 0 1  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   W i n 3 2   S e r v i c e s   ( S a f e L i s t )   = = = = = = = = = = [ / c o l o r ]  
    
 S R V   -   [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 2 3   |   0 0 0 , 2 1 2 , 4 8 0   |   - - - -   |   M ]   ( )   [ O n _ D e m a n d ]   - -   C : \ U s e r s \ D e l l \ w g s d g s d g d s g s d . d l l   - -   ( W i n m g m t )  
 S R V   -   [ 2 0 1 2 / 1 1 / 2 9   0 8 : 5 0 : 2 5   |   0 0 3 , 4 6 3 , 0 8 0   |   - - - -   |   M ]   ( T e a m V i e w e r   G m b H )   [ A u t o ]   - -   C : \ P r o g r a m   F i l e s \ T e a m V i e w e r \ V e r s i o n 8 \ T e a m V i e w e r _ S e r v i c e . e x e   - -   ( T e a m V i e w e r 8 )  
 S R V   -   [ 2 0 1 2 / 1 1 / 2 5   1 0 : 0 1 : 3 3   |   0 0 0 , 1 1 5 , 1 6 8   |   - - - -   |   M ]   ( M o z i l l a   F o u n d a t i o n )   [ O n _ D e m a n d ]   - -   C : \ P r o g r a m   F i l e s \ M o z i l l a   M a i n t e n a n c e   S e r v i c e \ m a i n t e n a n c e s e r v i c e . e x e   - -   ( M o z i l l a M a i n t e n a n c e )  
 S R V   -   [ 2 0 1 2 / 1 1 / 1 2   1 3 : 0 9 : 0 0   |   0 0 4 , 5 3 9 , 7 1 2   |   - - - -   |   M ]   ( )   [ A u t o ]   - -   C : \ p r o g r a m   f i l e s \ c o m m o n   f i l e s \ a k a m a i / n e t s e s s i o n _ w i n _ c e 5 b a 2 4 . d l l   - -   ( A k a m a i )  
 S R V   -   [ 2 0 1 2 / 0 7 / 2 7   1 5 : 5 1 : 2 6   |   0 0 0 , 0 6 3 , 9 6 0   |   - - - -   |   M ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   [ A u t o ]   - -   C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ A d o b e \ A R M \ 1 . 0 \ a r m s v c . e x e   - -   ( A d o b e A R M s e r v i c e )  
 S R V   -   [ 2 0 1 1 / 0 7 / 0 8   1 2 : 0 4 : 2 2   |   0 0 0 , 2 6 9 , 4 8 0   |   - - - -   |   M ]   ( A v i r a   G m b H )   [ A u t o ]   - -   C : \ H i l f s p r o g g s \ A v i r a   A n t i V i r   1 0 \ A v i r a \ A n t i V i r   D e s k t o p \ a v g u a r d . e x e   - -   ( A n t i V i r S e r v i c e )  
 S R V   -   [ 2 0 1 1 / 0 4 / 2 1   0 0 : 5 2 : 5 1   |   0 0 0 , 1 3 6 , 3 6 0   |   - - - -   |   M ]   ( A v i r a   G m b H )   [ A u t o ]   - -   C : \ H i l f s p r o g g s \ A v i r a   A n t i V i r   1 0 \ A v i r a \ A n t i V i r   D e s k t o p \ s c h e d . e x e   - -   ( A n t i V i r S c h e d u l e r S e r v i c e )  
 S R V   -   [ 2 0 1 1 / 0 3 / 1 5   0 7 : 4 1 : 4 0   |   0 0 0 , 4 0 7 , 3 3 6   |   - - - -   |   M ]   ( V a l v e   C o r p o r a t i o n )   [ D i s a b l e d ]   - -   C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ S t e a m \ S t e a m S e r v i c e . e x e   - -   ( S t e a m   C l i e n t   S e r v i c e )  
 S R V   -   [ 2 0 0 9 / 1 0 / 3 1   1 2 : 3 3 : 2 2   |   0 0 0 , 0 8 5 , 0 9 6   |   - - - -   |   M ]   ( A u t o d e s k )   [ D i s a b l e d ]   - -   C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ A u t o d e s k   S h a r e d \ S e r v i c e \ A d s k S c S r v . e x e   - -   ( A u t o d e s k   L i c e n s i n g   S e r v i c e )  
 S R V   -   [ 2 0 0 9 / 1 0 / 3 0   1 0 : 2 4 : 3 2   |   0 0 0 , 6 5 1 , 7 2 0   |   - - - -   |   M ]   ( M a c r o v i s i o n   E u r o p e   L t d . )   [ D i s a b l e d ]   - -   C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ M a c r o v i s i o n   S h a r e d \ F L E X n e t   P u b l i s h e r \ F N P L i c e n s i n g S e r v i c e . e x e   - -   ( F L E X n e t   L i c e n s i n g   S e r v i c e )  
 S R V   -   [ 2 0 0 9 / 1 0 / 2 7   0 3 : 2 6 : 3 6   |   0 0 0 , 6 5 7 , 4 0 8   |   - - - -   |   M ]   ( N o k i a )   [ D i s a b l e d ]   - -   C : \ P r o g r a m   F i l e s \ P C   C o n n e c t i v i t y   S o l u t i o n \ S e r v i c e L a y e r . e x e   - -   ( S e r v i c e L a y e r )  
 S R V   -   [ 2 0 0 8 / 0 1 / 1 9   0 2 : 3 8 : 2 4   |   0 0 0 , 2 7 2 , 9 5 2   |   - - - -   |   M ]   ( M i c r o s o f t   C o r p o r a t i o n )   [ A u t o ]   - -   C : \ P r o g r a m   F i l e s \ W i n d o w s   D e f e n d e r \ M p S v c . d l l   - -   ( W i n D e f e n d )  
 S R V   -   [ 2 0 0 7 / 1 1 / 0 7   1 8 : 5 8 : 1 8   |   0 0 3 , 0 0 4 , 4 1 6   |   - - - -   |   M ]   ( M i c r o s o f t   C o r p o r a t i o n )   [ D i s a b l e d ]   - -   C : \ H i l f s p r o g g s \ M S   V i s u a l   S t u d i o   2 0 0 8 \ C o m m o n 7 \ I D E \ R e m o t e   D e b u g g e r \ x 8 6 \ m s v s m o n . e x e   - -   ( m s v s m o n 9 0 )  
 S R V   -   [ 2 0 0 7 / 1 0 / 2 6   0 7 : 2 8 : 0 6   |   0 0 1 , 5 2 4 , 5 1 2   |   - - - -   |   M ]   ( C i s c o   S y s t e m s ,   I n c . )   [ A u t o ]   - -   C : \ P r o g r a m   F i l e s \ C i s c o   S y s t e m s \ V P N   C l i e n t \ c v p n d . e x e   - -   ( C V P N D )  
 S R V   -   [ 2 0 0 7 / 0 4 / 2 7   0 2 : 3 2 : 0 6   |   0 0 0 , 3 8 6 , 5 9 2   |   - - - -   |   M ]   ( D e l l   I n c . )   [ A u t o ]   - -   C : \ P r o g r a m   F i l e s \ D e l l \ Q u i c k S e t \ N i c C o n f i g S v c . e x e   - -   ( n i c c o n f i g s v c )  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   D r i v e r   S e r v i c e s   ( S a f e L i s t )   = = = = = = = = = = [ / c o l o r ]  
    
 D R V   -   F i l e   n o t   f o u n d   [ K e r n e l   |   O n _ D e m a n d ]   - -     - -   ( v p n v a )  
 D R V   -   F i l e   n o t   f o u n d   [ K e r n e l   |   O n _ D e m a n d ]   - -     - -   ( U S B A A P L )  
 D R V   -   F i l e   n o t   f o u n d   [ K e r n e l   |   O n _ D e m a n d ]   - -     - -   ( N w l n k F w d )  
 D R V   -   F i l e   n o t   f o u n d   [ K e r n e l   |   O n _ D e m a n d ]   - -     - -   ( N w l n k F l t )  
 D R V   -   F i l e   n o t   f o u n d   [ K e r n e l   |   O n _ D e m a n d ]   - -     - -   ( I p I n I p )  
 D R V   -   [ 2 0 1 2 / 0 7 / 0 2   1 4 : 5 4 : 5 0   |   0 0 0 , 2 8 1 , 7 6 0   |   - - - -   |   M ]   ( )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a t k s g t . s y s   - -   ( a t k s g t )  
 D R V   -   [ 2 0 1 2 / 0 7 / 0 2   1 4 : 5 4 : 5 0   |   0 0 0 , 0 2 5 , 8 8 8   |   - - - -   |   M ]   ( )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ l i r s g t . s y s   - -   ( l i r s g t )  
 D R V   -   [ 2 0 1 1 / 0 7 / 0 8   1 2 : 0 4 : 2 3   |   0 0 0 , 1 3 8 , 1 9 2   |   - - - -   |   M ]   ( A v i r a   G m b H )   [ K e r n e l   |   S y s t e m ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a v i p b b . s y s   - -   ( a v i p b b )  
 D R V   -   [ 2 0 0 9 / 1 0 / 2 7   1 6 : 1 2 : 2 4   |   0 0 0 , 1 0 1 , 2 4 8   |   - - - -   |   M ]   ( A V M   B e r l i n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a v m a u r a . s y s   - -   ( a v m a u r a )  
 D R V   -   [ 2 0 0 9 / 1 0 / 0 8   1 0 : 5 5 : 3 3   |   0 0 0 , 0 2 8 , 5 2 0   |   - - - -   |   M ]   ( A v i r a   G m b H )   [ K e r n e l   |   S y s t e m ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ s s m d r v . s y s   - -   ( s s m d r v )  
 D R V   -   [ 2 0 0 9 / 1 0 / 0 6   0 5 : 5 2 : 5 0   |   0 0 0 , 0 0 7 , 9 3 6   |   - - - -   |   M ]   ( N o k i a )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b s e r _ l o w e r f l t j . s y s   - -   ( U s b s e r F i l t )  
 D R V   -   [ 2 0 0 9 / 1 0 / 0 6   0 5 : 5 2 : 3 4   |   0 0 0 , 0 2 2 , 0 1 6   |   - - - -   |   M ]   ( N o k i a )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ c c d c m b o . s y s   - -   ( n m w c d c )  
 D R V   -   [ 2 0 0 9 / 1 0 / 0 6   0 5 : 5 2 : 3 4   |   0 0 0 , 0 1 7 , 6 6 4   |   - - - -   |   M ]   ( N o k i a )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ c c d c m b . s y s   - -   ( n m w c d )  
 D R V   -   [ 2 0 0 9 / 1 0 / 0 6   0 5 : 5 2 : 3 4   |   0 0 0 , 0 0 7 , 9 3 6   |   - - - -   |   M ]   ( N o k i a )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b s e r _ l o w e r f l t . s y s   - -   ( u p p e r d e v )  
 D R V   -   [ 2 0 0 9 / 0 6 / 2 0   0 8 : 4 0 : 2 2   |   0 0 0 , 7 2 1 , 9 0 4   |   - - - -   |   M ]   ( D u p l e x   S e c u r e   L t d . )   [ K e r n e l   |   B o o t ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ s p t d . s y s   - -   ( s p t d )  
 D R V   -   [ 2 0 0 9 / 0 4 / 1 1   0 0 : 0 6 : 2 6   |   0 0 0 , 0 1 9 , 9 6 8   |   - - - -   |   M ]   ( M i c r o s o f t   C o r p o r a t i o n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ W S D S c a n . s y s   - -   ( W S D S c a n )  
 D R V   -   [ 2 0 0 9 / 0 4 / 1 0   2 3 : 3 8 : 5 9   |   0 0 0 , 0 3 0 , 2 0 8   |   - - - -   |   M ]   ( M i c r o s o f t   C o r p o r a t i o n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ u s b c c i d . s y s   - -   ( U S B C C I D )  
 D R V   -   [ 2 0 0 9 / 0 1 / 3 0   0 2 : 1 2 : 0 0   |   0 0 7 , 5 4 4 , 8 3 2   |   - - - -   |   M ]   ( N V I D I A   C o r p o r a t i o n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ n v l d d m k m . s y s   - -   ( n v l d d m k m )  
 D R V   -   [ 2 0 0 8 / 1 0 / 2 8   2 2 : 3 2 : 4 2   |   0 0 0 , 0 3 2 , 2 8 8   |   - - - -   |   M ]   ( R E A L T E K   S E M I C O N D U C T O R   C o r p . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ R T L 2 8 3 2 U U S B . s y s   - -   ( R T L 2 8 3 2 U U S B )  
 D R V   -   [ 2 0 0 8 / 1 0 / 2 8   2 2 : 3 2 : 3 6   |   0 0 0 , 0 7 0 , 0 4 8   |   - - - -   |   M ]   ( R E A L T E K   S E M I C O N D U C T O R   C o r p . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ R T L 2 8 3 2 U B D A . s y s   - -   ( R T L 2 8 3 2 U B D A )  
 D R V   -   [ 2 0 0 8 / 0 8 / 2 6   0 3 : 2 6 : 1 2   |   0 0 0 , 0 1 8 , 8 1 6   |   - - - -   |   M ]   ( N o k i a )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ p c c s m c f d . s y s   - -   ( p c c s m c f d )  
 D R V   -   [ 2 0 0 8 / 0 1 / 1 9   0 1 : 1 4 : 5 9   |   0 0 0 , 0 1 6 , 8 9 6   |   - - - -   |   M ]   ( M i c r o s o f t   C o r p o r a t i o n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ W S D P r i n t . s y s   - -   ( W S D P r i n t D e v i c e )  
 D R V   -   [ 2 0 0 7 / 1 1 / 0 5   0 5 : 5 6 : 5 8   |   0 0 0 , 1 0 1 , 5 0 4   |   - - - -   |   M ]   ( H u a w e i   T e c h n o l o g i e s   C o . ,   L t d . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ e w u s b m d m . s y s   - -   ( h w d a t a c a r d )  
 D R V   -   [ 2 0 0 7 / 1 0 / 2 6   0 7 : 2 7 : 0 0   |   0 0 0 , 3 0 6 , 3 0 0   |   - - - -   |   M ]   ( C i s c o   S y s t e m s ,   I n c . )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ C V P N D R V A . s y s   - -   ( C V P N D R V A )  
 D R V   -   [ 2 0 0 7 / 0 9 / 2 6   0 1 : 1 2 : 0 0   |   0 0 2 , 2 5 1 , 7 7 6   |   - - - -   |   M ]   ( I n t e l   C o r p o r a t i o n )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ N E T w 4 v 3 2 . s y s   - -   ( N E T w 4 v 3 2 )   I n t e l ( R )  
 D R V   -   [ 2 0 0 7 / 0 2 / 1 5   1 9 : 5 7 : 0 4   |   0 0 0 , 0 3 4 , 7 6 0   |   - - - -   |   M ]   ( S l y S o f t ,   I n c . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ E l b y C D F L . s y s   - -   ( E l b y C D F L )  
 D R V   -   [ 2 0 0 7 / 0 2 / 1 5   1 9 : 5 6 : 4 9   |   0 0 0 , 0 1 1 , 9 8 4   |   - - - -   |   M ]   ( E l a b o r a t e   B y t e s   A G )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ E l b y D e l a y . s y s   - -   ( E l b y D e l a y )  
 D R V   -   [ 2 0 0 7 / 0 1 / 3 1   0 6 : 4 5 : 0 6   |   0 0 0 , 1 2 7 , 3 7 6   |   - - - -   |   M ]   ( D e t e r m i n i s t i c   N e t w o r k s ,   I n c . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ d n e 2 0 0 0 . s y s   - -   ( D N E )  
 D R V   -   [ 2 0 0 7 / 0 1 / 1 8   1 1 : 2 8 : 0 2   |   0 0 0 , 0 0 5 , 2 7 5   |   - - - -   |   M ]   ( C i s c o   S y s t e m s ,   I n c . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ C V i r t A . s y s   - -   ( C V i r t A )  
 D R V   -   [ 2 0 0 6 / 1 2 / 0 5   0 5 : 3 4 : 4 2   |   0 0 0 , 5 0 7 , 1 3 6   |   - - - -   |   M ]   ( P i x A r t   I m a g i n g   I n c . )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ P F C 0 2 7 . S Y S   - -   ( P A C 2 0 7 )  
 D R V   -   [ 2 0 0 6 / 1 1 / 2 0   1 4 : 1 3 : 5 8   |   0 0 0 , 0 4 3 , 5 2 0   |   - - - -   |   M ]   ( R E D C )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i m s p t s k . s y s   - -   ( r i m s p t s k )  
 D R V   -   [ 2 0 0 6 / 1 1 / 2 0   1 4 : 1 3 : 5 8   |   0 0 0 , 0 3 7 , 3 7 6   |   - - - -   |   M ]   ( R E D C )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i x d p t s k . s y s   - -   ( r i s m x d p )  
 D R V   -   [ 2 0 0 6 / 1 1 / 2 0   1 4 : 1 3 : 5 6   |   0 0 0 , 0 3 2 , 2 5 6   |   - - - -   |   M ]   ( R E D C )   [ K e r n e l   |   A u t o ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ r i m m p t s k . s y s   - -   ( r i m m p t s k )  
 D R V   -   [ 2 0 0 6 / 1 1 / 2 0   0 0 : 5 7 : 0 0   |   0 0 0 , 2 8 3 , 7 7 6   |   - - - -   |   M ]   ( A f a T e c h                                     )   [ K e r n e l   |   O n _ D e m a n d ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ A F 1 5 B D A . s y s   - -   ( A F 1 5 B D A )   C i n e r g y   T   U S B   X E   ( M K I I )  
 D R V   -   [ 2 0 0 1 / 0 8 / 2 2   0 2 : 4 2 : 5 8   |   0 0 0 , 0 1 3 , 6 3 2   |   - - - -   |   M ]   ( D e l l   C o m p u t e r   C o r p o r a t i o n )   [ K e r n e l   |   S y s t e m ]   - -   C : \ W i n d o w s \ S Y S T E M 3 2 \ D R I V E R S \ O M C I . S Y S   - -   ( O M C I )  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   S t a n d a r d   R e g i s t r y   ( S a f e L i s t )   = = = = = = = = = = [ / c o l o r ]  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   I n t e r n e t   E x p l o r e r   = = = = = = = = = = [ / c o l o r ]  
    
    
    
 I E   -   H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s :   " P r o x y E n a b l e "   =   0  
 I E   -   H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s :   " P r o x y O v e r r i d e "   =   < l o c a l >  
    
 I E   -   H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n , P r e v   S e a r c h   P a g e   =   h t t p : / / g o o g l e . i c q . c o m  
 I E   -   H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n , S e a r c h   P a g e   =   h t t p : / / g o o g l e . i c q . c o m  
 I E   -   H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n , S t a r t   P a g e   =   h t t p : / / w w w . g o o g l e . d e /  
 I E   -   H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ M a i n , S t a r t P a g e C a c h e   =   1  
 I E   -   H K U \ D e l l _ O N _ C \ . . \ U R L S e a r c h H o o k :   { 8 5 5 F 3 B 1 6 - 6 D 3 2 - 4 f e 6 - 8 A 5 6 - B B B 6 9 5 9 8 9 0 4 6 }   -   R e g   E r r o r :   V a l u e   e r r o r .   F i l e   n o t   f o u n d  
 I E   -   H K U \ D e l l _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s :   " P r o x y E n a b l e "   =   0  
    
    
    
 I E   -   H K U \ N e t w o r k S e r v i c e _ O N _ C \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s :   " P r o x y E n a b l e "   =   0  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i r e F o x   = = = = = = = = = = [ / c o l o r ]  
    
 F F   -   p r e f s . j s . . b r o w s e r . s e a r c h . u p d a t e :   f a l s e  
 F F   -   p r e f s . j s . . b r o w s e r . s e a r c h . d e f a u l t e n g i n e n a m e :   " I C Q   S e a r c h "  
 F F   -   p r e f s . j s . . b r o w s e r . s e a r c h . s e l e c t e d E n g i n e :   " G o o g l e "  
 F F   -   p r e f s . j s . . b r o w s e r . s e a r c h . u p d a t e :   f a l s e  
 F F   -   p r e f s . j s . . b r o w s e r . s t a r t u p . h o m e p a g e :   " h t t p : / / w w w . g o o g l e . d e / "  
 F F   -   p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s :   { 5 9 c 8 1 d f 5 - 4 b 7 a - 4 7 7 b - 9 1 2 d - 4 e 0 f d f 6 4 e 5 f 2 } : 0 . 9 . 8 6 . 1  
 F F   -   p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s :   { e 4 a 8 a 9 7 b - f 2 e d - 4 5 0 b - b 1 2 d - e e 0 8 2 b a 2 4 7 8 1 } : 0 . 9 . 1  
 F F   -   p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s :   { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 0 - A B C D E F F E D C B A } : 6 . 0 . 2 0  
 F F   -   p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s :   { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 1 - A B C D E F F E D C B A } : 6 . 0 . 2 1  
 F F   -   p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s :   { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 2 - A B C D E F F E D C B A } : 6 . 0 . 2 2  
 F F   -   p r e f s . j s . . k e y w o r d . U R L :   " h t t p : / / s e a r c h . i c q . c o m / s e a r c h / a f e _ r e s u l t s . p h p ? c h _ i d = a f e x & q = "  
    
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r :   C : \ W i n d o w s \ S y s t e m 3 2 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 _ 1 1 _ 5 _ 5 0 2 _ 1 3 5 . d l l   ( )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ d i v x . c o m / D i v X   B r o w s e r   P l u g i n , v e r s i o n = 1 . 0 . 0 :   C : \ P r o g r a m   F i l e s \ D i v X \ D i v X   P l u s   W e b   P l a y e r \ n p d i v x 3 2 . d l l   ( D i v X , I n c . )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ d i v x . c o m / D i v X   P l a y e r   P l u g i n , v e r s i o n = 1 . 0 . 0 :   C : \ H i l f s p r o g g s \ D i v X \ D i v X   P l a y e r \ n p D i v x P l a y e r P l u g i n . d l l   ( D i v X ,   I n c )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ G o o g l e . c o m / G o o g l e E a r t h P l u g i n :   C : \ P r o g r a m   F i l e s \ G o o g l e \ G o o g l e   E a r t h \ p l u g i n \ n p g e p l u g i n . d l l   ( G o o g l e )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ j a v a . c o m / D T P l u g i n , v e r s i o n = 1 0 . 7 . 2 :   C : \ W i n d o w s \ S y s t e m 3 2 \ n p d e p l o y J a v a 1 . d l l   ( O r a c l e   C o r p o r a t i o n )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ j a v a . c o m / J a v a P l u g i n , v e r s i o n = 1 0 . 9 . 2 :   C : \ P r o g r a m   F i l e s \ J a v a \ j r e 7 \ b i n \ p l u g i n 2 \ n p j p 2 . d l l   ( O r a c l e   C o r p o r a t i o n )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / W P F , v e r s i o n = 3 . 5 :   C : \ W i n d o w s \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 3 . 5 \ W i n d o w s   P r e s e n t a t i o n   F o u n d a t i o n \ N P W P F . d l l   ( M i c r o s o f t   C o r p o r a t i o n )  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p p l 3 2 6 0 ; v e r s i o n = 6 . 0 . 1 2 . 4 6 :     F i l e   n o t   f o u n d  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p r j p l u g ; v e r s i o n = 1 . 0 . 3 . 4 6 :     F i l e   n o t   f o u n d  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n p r p j p l u g ; v e r s i o n = 6 . 0 . 1 2 . 4 6 :     F i l e   n o t   f o u n d  
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ r e a l . c o m / n s J S R e a l P l a y e r P l u g i n ; v e r s i o n = :      
 F F   -   H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ A d o b e   R e a d e r :   C : \ P r o g r a m   F i l e s \ A d o b e \ R e a d e r   1 0 . 0 \ R e a d e r \ A I R \ n p p d f 3 2 . d l l   ( A d o b e   S y s t e m s   I n c . )  
 F F   -   H K C U \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r :     F i l e   n o t   f o u n d  
    
 F F   -   H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ { A B D E 8 9 2 B - 1 3 A 8 - 4 d 1 b - 8 8 E 6 - 3 6 5 A 6 E 7 5 5 7 5 8 } :   C : \ H i l f s p r o g g s \ b r o w s e r r e c o r d  
 F F   -   H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ H B L i t e @ H B L i t e . c o m :   C : \ P r o g r a m   F i l e s \ H B L i t e \ b i n \ 1 1 . 0 . 3 6 3 . 0 \ f i r e f o x \ e x t e n s i o n s   [ 2 0 1 1 / 0 5 / 2 4   1 5 : 5 5 : 0 1   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]  
 F F   -   H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ E x t e n s i o n s \ \ { 3 3 0 4 4 1 1 8 - 6 5 9 7 - 4 D 2 F - A B E A - 7 9 7 4 B B 1 8 5 3 7 9 } :   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7   [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 8 : 5 7   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]  
 F F   -   H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a   F i r e f o x   1 7 . 0 \ e x t e n s i o n s \ \ C o m p o n e n t s :   C : \ P r o g r a m   F i l e s \ F i r e F o x \ c o m p o n e n t s   [ 2 0 1 2 / 1 1 / 2 5   1 0 : 0 1 : 3 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]  
 F F   -   H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a   F i r e f o x   1 7 . 0 \ e x t e n s i o n s \ \ P l u g i n s :   C : \ P r o g r a m   F i l e s \ F i r e F o x \ p l u g i n s   [ 2 0 1 2 / 1 1 / 2 5   1 0 : 0 1 : 0 1   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]  
 F F   -   H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ e x t e n s i o n s \ \ { 3 3 0 4 4 1 1 8 - 6 5 9 7 - 4 D 2 F - A B E A - 7 9 7 4 B B 1 8 5 3 7 9 } :   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7   [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 8 : 5 7   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]  
    
 [ 2 0 0 8 / 0 8 / 2 6   0 5 : 4 7 : 5 4   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   ( N o   n a m e   f o u n d )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M o z i l l a \ E x t e n s i o n s  
 [ 2 0 1 2 / 1 1 / 1 9   1 3 : 2 6 : 4 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   ( N o   n a m e   f o u n d )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 6 f 4 t i k j 2 . d e f a u l t \ e x t e n s i o n s  
 F i l e   n o t   f o u n d   ( N o   n a m e   f o u n d )   - -    
    
 O 1   H O S T S   F i l e :   ( [ 2 0 1 1 / 1 1 / 2 5   1 4 : 1 7 : 5 7   |   0 0 0 , 0 0 0 , 7 6 6   |   - - - -   |   M ] )   -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ e t c \ h o s t s  
 O 1   -   H o s t s :   : : 1                           l o c a l h o s t  
 O 1   -   H o s t s :   1 2 7 . 0 . 0 . 1   l o c a l h o s t    
 O 2   -   B H O :   ( X T T B P o s 0 0   C l a s s )   -   { 0 5 5 F D 2 6 D - 3 A 8 8 - 4 e 1 5 - 9 6 3 D - D C 8 4 9 3 7 4 4 B 1 D }   -   R e g   E r r o r :   V a l u e   e r r o r .   F i l e   n o t   f o u n d  
 O 2   -   B H O :   ( R e a l P l a y e r   D o w n l o a d   a n d   R e c o r d   P l u g i n   f o r   I n t e r n e t   E x p l o r e r )   -   { 3 0 4 9 C 3 E 9 - B 4 6 1 - 4 B C 5 - 8 8 7 0 - 4 C 0 9 1 4 6 1 9 2 C A }   -   R e g   E r r o r :   V a l u e   e r r o r .   F i l e   n o t   f o u n d  
 O 2   -   B H O :   ( J a v a ( t m )   P l u g - I n   S S V   H e l p e r )   -   { 7 6 1 4 9 7 B B - D 6 F 0 - 4 6 2 C - B 6 E B - D 4 D A F 1 D 9 2 D 4 3 }   -   C : \ P r o g r a m   F i l e s \ J a v a \ j r e 7 \ b i n \ s s v . d l l   ( O r a c l e   C o r p o r a t i o n )  
 O 2   -   B H O :   ( I E 5 B a r L a u n c h e r B H O   C l a s s )   -   { 7 8 F 3 A 3 2 3 - 7 9 8 E - 4 A E A - 9 A 5 7 - 8 8 F 4 B 0 5 F D 5 D D }   -   C : \ P r o g r a m   F i l e s \ v S h a r e . t v   p l u g i n \ B a r L c h e r . d l l   ( V S h a r e   I n c . )  
 O 2   -   B H O :   ( J a v a ( t m )   P l u g - I n   2   S S V   H e l p e r )   -   { D B C 8 0 0 4 4 - A 4 4 5 - 4 3 5 b - B C 7 4 - 9 C 2 5 C 1 C 5 8 8 A 9 }   -   C : \ P r o g r a m   F i l e s \ J a v a \ j r e 7 \ b i n \ j p 2 s s v . d l l   ( O r a c l e   C o r p o r a t i o n )  
 O 3   -   H K L M \ . . \ T o o l b a r :   ( V S h a r e T o o l B a r )   -   { 7 A C 3 E 1 3 B - 3 B C A - 4 1 5 8 - B 3 3 0 - F 6 6 D B B 0 3 C 1 B 5 }   -   C : \ P r o g r a m   F i l e s \ v S h a r e . t v   p l u g i n \ B a r L c h e r . d l l   ( V S h a r e   I n c . )  
 O 3   -   H K L M \ . . \ T o o l b a r :   ( & T e r r a T e c   H o m e   C i n e m a )   -   { A D 6 E 6 5 5 5 - F B 2 C - 4 7 D 4 - 8 3 3 9 - 3 E 2 9 6 5 5 0 9 8 7 7 }   -   C : \ H i l f s p r o g g s \ T e r r a T e c   T V \ T H C D e s k B a n d . d l l   ( T e r r a T e c   E l e c t r o n i c   G m b H )  
 O 3   -   H K U \ D e l l _ O N _ C \ . . \ T o o l b a r \ W e b B r o w s e r :   ( I C Q   T o o l b a r )   -   { 8 5 5 F 3 B 1 6 - 6 D 3 2 - 4 F E 6 - 8 A 5 6 - B B B 6 9 5 9 8 9 0 4 6 }   -   R e g   E r r o r :   V a l u e   e r r o r .   F i l e   n o t   f o u n d  
 O 4   -   H K L M . . \ R u n :   [ a v g n t ]   C : \ H i l f s p r o g g s \ A v i r a   A n t i V i r   1 0 \ A v i r a \ A n t i V i r   D e s k t o p \ a v g n t . e x e   ( A v i r a   G m b H )  
 O 4   -   H K L M . . \ R u n :   [ w i l e n l ]     F i l e   n o t   f o u n d  
 O 4   -   H K U \ D e l l _ O N _ C . . \ R u n :   [ A V M U S B F e r n a n s c h l u s s ]   C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ A p p s \ 2 . 0 \ 7 K M E 2 V J N . D E Z \ 5 A O K 0 M 5 T . 0 4 C \ f r i t . . t i o n _ 8 4 8 8 8 8 4 c f b c e f d 6 0 _ 0 0 0 2 . 0 0 0 1 _ 3 8 3 3 8 2 c 5 c 6 0 b 7 2 b d \ A V M A u t o S t a r t . e x e   ( A V M   B e r l i n )  
 O 4   -   H K U \ L o c a l S e r v i c e _ O N _ C . . \ R u n :   [ W i n d o w s W e l c o m e C e n t e r ]   C : \ W i n d o w s \ S y s t e m 3 2 \ o o b e f l d r . d l l   ( M i c r o s o f t   C o r p o r a t i o n )  
 O 4   -   H K U \ N e t w o r k S e r v i c e _ O N _ C . . \ R u n :   [ W i n d o w s W e l c o m e C e n t e r ]   C : \ W i n d o w s \ S y s t e m 3 2 \ o o b e f l d r . d l l   ( M i c r o s o f t   C o r p o r a t i o n )  
 O 4   -   H K U \ . D E F A U L T . . \ R u n O n c e :   [ I C Q   L i t e ]   C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e   ( I C Q   L t d . )  
 O 4   -   S t a r t u p :   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k   =   X : \ I 3 8 6 \ S Y S T E M 3 2 \ R U N D L L 3 2 . E X E   ( M i c r o s o f t   C o r p o r a t i o n )  
 O 6   -   H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ S y s t e m :   E n a b l e L U A   =   0  
 O 9   -   E x t r a   B u t t o n :   I C Q   L i t e   -   { B 8 6 3 4 5 3 A - 2 6 C 3 - 4 e 1 f - A 5 4 D - A 2 C D 1 9 6 3 4 8 E 9 }   -   C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e   ( I C Q   L t d . )  
 O 9   -   E x t r a   ' T o o l s '   m e n u i t e m   :   I C Q   L i t e   -   { B 8 6 3 4 5 3 A - 2 6 C 3 - 4 e 1 f - A 5 4 D - A 2 C D 1 9 6 3 4 8 E 9 }   -   C : \ H i l f s p r o g g s \ I C Q \ I C Q L i t e \ I C Q L i t e . e x e   ( I C Q   L t d . )  
 O 9   -   E x t r a   B u t t o n :   I C Q 6   -   { E 5 9 E B 1 2 1 - F 3 3 9 - 4 8 5 1 - A 3 B A - F E 4 9 C 3 5 6 1 7 C 2 }   -     F i l e   n o t   f o u n d  
 O 9   -   E x t r a   ' T o o l s '   m e n u i t e m   :   I C Q 6   -   { E 5 9 E B 1 2 1 - F 3 3 9 - 4 8 5 1 - A 3 B A - F E 4 9 C 3 5 6 1 7 C 2 }   -     F i l e   n o t   f o u n d  
 O 1 3   -   g o p h e r   P r e f i x :   m i s s i n g  
 O 1 6   -   D P F :   { 5 D 6 F 4 5 B 3 - 9 0 4 3 - 4 4 3 D - A 7 9 2 - 1 1 5 4 4 7 4 9 4 D 2 4 }   h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / D E - D E / a - U N O 1 / G A M E _ U N O 1 . c a b   ( U n o C t r l   C l a s s )  
 O 1 6   -   D P F :   { 8 A D 9 C 8 4 0 - 0 4 4 E - 1 1 D 1 - B 3 E 9 - 0 0 8 0 5 F 4 9 9 D 9 3 }   h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b   ( J a v a   P l u g - i n   1 0 . 9 . 2 )  
 O 1 6   -   D P F :   { B 8 B E 5 E 9 3 - A 6 0 C - 4 D 2 6 - A 2 D C - 2 2 0 3 1 3 1 7 5 5 9 2 }   h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / Z I n t r o . c a b 5 6 6 4 9 . c a b   ( M S N   G a m e s   -   I n s t a l l e r )  
 O 1 6   -   D P F :   { B D 3 9 3 C 1 4 - 7 2 A D - 4 7 9 0 - A 0 9 5 - 7 6 5 2 2 9 7 3 D 6 B 8 }   h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / B a n k s h o t . c a b 5 7 2 1 3 . c a b   ( C B r e a k s h o t C o n t r o l   C l a s s )  
 O 1 6   -   D P F :   { C 3 F 7 9 A 2 B - B 9 B 4 - 4 A 6 6 - B 0 1 2 - 3 E E 4 6 4 7 5 B 0 7 2 }   h t t p : / / m e s s e n g e r . z o n e . m s n . c o m / b i n a r y / M e s s e n g e r S t a t s P A C l i e n t . c a b 5 6 9 0 7 . c a b   ( M e s s e n g e r S t a t s C l i e n t   C l a s s )  
 O 1 6   -   D P F :   { C A F E E F A C - 0 0 1 7 - 0 0 0 0 - 0 0 0 5 - A B C D E F F E D C B A }   h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b   ( R e g   E r r o r :   K e y   e r r o r . )  
 O 1 6   -   D P F :   { C A F E E F A C - F F F F - F F F F - F F F F - A B C D E F F E D C B A }   h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 7 . 0 / j i n s t a l l - 1 _ 7 _ 0 _ 0 5 - w i n d o w s - i 5 8 6 . c a b   ( J a v a   P l u g - i n   1 0 . 9 . 2 )  
 O 1 6   -   D P F :   { E 2 8 8 3 E 8 F - 4 7 2 F - 4 F B 0 - 9 5 2 2 - A C 9 B F 3 7 9 1 6 A 7 }   h t t p : / / p l a t f o r m d l . a d o b e . c o m / N O S / g e t P l u s P l u s / 1 . 6 / g p . c a b   ( R e g   E r r o r :   K e y   e r r o r . )  
 O 1 7   -   H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s :   D h c p N a m e S e r v e r   =   1 9 2 . 1 6 8 . 1 7 8 . 1  
 O 2 0   -   H K L M   W i n l o g o n :   S h e l l   -   ( e x p l o r e r . e x e )   -   C : \ W i n d o w s \ e x p l o r e r . e x e   ( M i c r o s o f t   C o r p o r a t i o n )  
 O 2 0   -   H K L M   W i n l o g o n :   U s e r I n i t   -   ( C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e )   -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e   ( )  
 O 3 2   -   H K L M   C D R o m :   A u t o R u n   -   1  
 O 3 2   -   A u t o R u n   F i l e   -   [ 2 0 0 6 / 0 9 / 1 8   1 6 : 4 3 : 3 6   |   0 0 0 , 0 0 0 , 0 2 4   |   - - - -   |   M ]   ( )   -   C : \ a u t o e x e c . b a t   - -   [   N T F S   ]  
 O 3 2   -   A u t o R u n   F i l e   -   [ 2 0 0 6 / 0 3 / 2 4   0 6 : 0 6 : 4 1   |   0 0 0 , 0 0 0 , 0 5 3   |   R - - -   |   M ]   ( )   -   X : \ A U T O R U N . I N F   - -   [   C D F S   ]  
 O 3 3   -   M o u n t P o i n t s 2 \ { 1 a 0 7 6 5 4 4 - 5 d a 0 - 1 1 d e - 8 8 4 5 - d 2 4 c 8 4 1 c 8 f e 2 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { 1 a 0 7 6 5 4 4 - 5 d a 0 - 1 1 d e - 8 8 4 5 - d 2 4 c 8 4 1 c 8 f e 2 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   F : \ a u t o r u n . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { 5 5 8 8 0 4 a 6 - 8 e 3 9 - 1 1 d d - 8 c 9 4 - c c f 6 b 0 c f 2 5 6 d } \ S h e l l \ 1 \ C o m m a n d   -   " "   =   H : \ . \ r e c y c l e d \ i n f o . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { 5 5 8 8 0 4 a 6 - 8 e 3 9 - 1 1 d d - 8 c 9 4 - c c f 6 b 0 c f 2 5 6 d } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   C : \ W i n d o w s \ s y s t e m 3 2 \ R u n D L L 3 2 . E X E   S h e l l 3 2 . D L L , S h e l l E x e c _ R u n D L L   H : \ . \ r e c y c l e d \ i n f o . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 0 1 e 4 e 0 2 - b 4 0 2 - 1 1 d c - 8 9 6 6 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 0 1 e 4 e 0 2 - b 4 0 2 - 1 1 d c - 8 9 6 6 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   E : \ A u t o r u n . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 3 9 1 4 4 6 6 - 1 c f f - 1 1 d e - 8 4 2 d - b a d 6 e b 6 c 8 8 3 3 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 3 9 1 4 4 6 6 - 1 c f f - 1 1 d e - 8 4 2 d - b a d 6 e b 6 c 8 8 3 3 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 9 8 1 2 b 1 c - e 6 0 b - 1 1 d d - b 9 5 b - f 0 1 5 2 a f a 1 a 9 a } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { 6 9 8 1 2 b 1 c - e 6 0 b - 1 1 d d - b 9 5 b - f 0 1 5 2 a f a 1 a 9 a } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { a f 2 4 5 9 c a - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { a f 2 4 5 9 c a - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { a f 2 4 5 9 c b - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { a f 2 4 5 9 c b - b 4 d f - 1 1 d d - b b 0 a - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { b 4 8 9 8 c 0 4 - 1 c c 1 - 1 1 e 1 - a 0 9 a - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { b 4 8 9 8 c 0 4 - 1 c c 1 - 1 1 e 1 - a 0 9 a - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ a u t o r u n . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { b f a 1 3 2 e 4 - 9 0 8 e - 1 1 d c - b d 6 f - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   E : \ I n s t a l l T o m T o m H O M E . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { b f f 1 b 0 e 4 - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { b f f 1 b 0 e 4 - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   F : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { b f f 1 b 0 e a - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { b f f 1 b 0 e a - d 8 b 4 - 1 1 d c - a e e 8 - 0 0 1 c 2 3 0 6 7 7 6 6 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { d 9 9 f 8 a 2 b - 5 5 a 9 - 1 1 d d - a 9 d e - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { d 9 9 f 8 a 2 b - 5 5 a 9 - 1 1 d d - a 9 d e - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   E : \ A u t o S t a r t e r . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { e e 3 f e d 1 c - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { e e 3 f e d 1 c - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   F : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { e e 3 f e d 1 e - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { e e 3 f e d 1 e - f a f 8 - 1 1 d c - 9 2 f 5 - c 1 3 7 5 d 3 9 2 7 c 5 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 0 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 0 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 4 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 2 7 8 5 4 4 - b 4 7 6 - 1 1 d d - 8 c 8 f - 0 0 1 c 2 6 f 4 1 b 4 8 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 5 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 5 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 6 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ { f 9 9 3 e 4 f 6 - 8 a e d - 1 1 d d - 9 e b b - 0 0 1 3 e 8 8 0 2 2 f 3 } \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   G : \ S t a r t V M C L i t e . e x e  
 O 3 3   -   M o u n t P o i n t s 2 \ F \ S h e l l   -   " "   =   A u t o R u n  
 O 3 3   -   M o u n t P o i n t s 2 \ F \ S h e l l \ A u t o R u n \ c o m m a n d   -   " "   =   F : \ S t a r t V M C L i t e . e x e  
 O 3 4   -   H K L M   B o o t E x e c u t e :   ( a u t o c h e c k   a u t o c h k   * )   -     F i l e   n o t   f o u n d  
 O 3 5   -   H K L M \ . . c o m f i l e   [ o p e n ]   - -   " % 1 "   % *  
 O 3 5   -   H K L M \ . . e x e f i l e   [ o p e n ]   - -   " % 1 "   % *  
 O 3 7   -   H K L M \ . . . c o m   [ @   =   c o m f i l e ]   - -   " % 1 "   % *  
 O 3 7   -   H K L M \ . . . e x e   [ @   =   e x e f i l e ]   - -   " % 1 "   % *  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i l e s / F o l d e r s   -   C r e a t e d   W i t h i n   3 0   D a y s   = = = = = = = = = = [ / c o l o r ]  
    
 [ 2 0 1 2 / 1 2 / 2 2   1 4 : 2 6 : 5 7   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   C ]   - -   C : \ R E C Y C L E R  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 1 0 : 5 8   |   0 0 0 , 0 5 5 , 2 4 8   |   - - - -   |   C ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ l o a u p d t . j p g  
 [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 8 : 5 7   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ 1 7 0 0 1 . 0 0 7  
 [ 2 0 1 2 / 1 2 / 1 9   1 1 : 0 4 : 4 3   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ k o c k  
 [ 2 0 1 2 / 1 2 / 1 9   1 0 : 4 4 : 2 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ x m l d m  
 [ 2 0 1 2 / 1 2 / 1 9   0 9 : 4 4 : 4 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ I n g - G e o  
 [ 2 0 1 2 / 1 2 / 1 7   1 7 : 1 7 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ P r o g r a m   F i l e s \ C C l e a n e r  
 [ 2 0 1 2 / 1 2 / 1 1   2 0 : 0 2 : 0 8   |   0 0 0 , 6 9 7 , 2 7 2   |   - - - -   |   C ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r A p p . e x e  
 [ 2 0 1 2 / 1 2 / 1 1   2 0 : 0 2 : 0 8   |   0 0 0 , 0 7 3 , 6 5 6   |   - - - -   |   C ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r C P L A p p . c p l  
 [ 2 0 1 2 / 1 2 / 1 0   0 9 : 0 5 : 1 2   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ k o c k  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 7 : 3 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ D o c u m e n t s \ M e i n   G a r m i n  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 7 : 3 6   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ G A R M I N  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 7 : 0 0   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ G a r m i n  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 2 : 3 5   |   0 0 0 , 0 1 8 , 4 3 2   |   - - - -   |   C ]   ( G A R M I N   C o r p . )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ g r m n g e n . s y s  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 2 : 3 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ G a r m i n  
 [ 2 0 1 2 / 1 2 / 0 8   1 1 : 4 2 : 0 7   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ U A s  
 [ 2 0 1 2 / 1 2 / 0 3   1 2 : 1 7 : 5 3   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ T e a m V i e w e r  
 [ 2 0 1 2 / 1 2 / 0 1   1 1 : 3 8 : 2 6   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ P r o g r a m   F i l e s \ T e a m V i e w e r  
 [ 2 0 1 2 / 1 2 / 0 1   1 1 : 3 6 : 0 0   |   0 0 5 , 8 3 5 , 5 1 2   |   - - - -   |   C ]   ( T e a m V i e w e r   G m b H )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ T e a m V i e w e r _ S e t u p _ d e . e x e  
 [ 2 0 1 2 / 1 1 / 2 5   1 0 : 0 0 : 4 6   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   C ]   - -   C : \ P r o g r a m   F i l e s \ F i r e F o x  
 [ 1   C : \ W i n d o w s \ * . t m p   f i l e s   - >   C : \ W i n d o w s \ * . t m p   - >   ]  
 [ 1   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p   f i l e s   - >   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p   - >   ]  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i l e s   -   M o d i f i e d   W i t h i n   3 0   D a y s   = = = = = = = = = = [ / c o l o r ]  
    
 [ 2 0 1 2 / 1 2 / 2 1   1 4 : 2 6 : 2 9   |   0 0 0 , 0 6 7 , 5 8 4   |   - - S -   |   M ]   ( )   - -   C : \ W i n d o w s \ b o o t s t a t . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   1 4 : 2 6 : 0 0   |   0 9 5 , 0 2 3 , 3 2 0   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . p a d  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 4 2 : 0 6   |   0 0 0 , 0 0 3 , 6 4 8   |   - H - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 2 P - 1 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 4 2 : 0 6   |   0 0 0 , 0 0 3 , 6 4 8   |   - H - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ 7 B 2 9 6 F B 0 - 3 7 6 B - 4 9 7 e - B 0 1 2 - 9 C 4 5 0 E 1 B 7 3 2 7 - 2 P - 0 . C 7 4 8 3 4 5 6 - A 2 8 9 - 4 3 9 d - 8 1 1 5 - 6 0 1 6 3 2 D 0 0 5 A 0  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 4 2 : 0 2   |   0 0 0 , 0 0 0 , 0 1 2   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ b t h s e r v s d p . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 3 2 : 5 3   |   0 0 0 , 0 0 2 , 5 6 5   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ V P N   C l i e n t . l n k  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 1 1 : 4 2   |   0 0 0 , 0 5 5 , 2 4 8   |   - - - -   |   M ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ l o a u p d t . j p g  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 1 1 : 1 8   |   0 0 0 , 0 0 0 , 0 1 6   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ b l c k d o m . r e s  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 4 6   |   0 0 0 , 0 0 2 , 8 6 5   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . j s  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 4 6   |   0 0 0 , 0 0 0 , 8 9 2   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k  
 [ 2 0 1 2 / 1 2 / 2 1   0 7 : 3 3 : 5 9   |   0 0 0 , 6 8 5 , 7 1 2   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 7 . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   0 7 : 3 3 : 5 9   |   0 0 0 , 6 4 2 , 7 0 4   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 9 . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   0 7 : 3 3 : 5 9   |   0 0 0 , 1 4 9 , 9 0 6   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 7 . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   0 7 : 3 3 : 5 9   |   0 0 0 , 1 2 1 , 7 1 2   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 9 . d a t  
 [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 9 : 0 5   |   0 0 0 , 2 1 9 , 2 3 2   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ A c r o I E H e l p e 2 4 8 . d l l  
 [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 9 : 0 5   |   0 0 0 , 0 0 7 , 1 0 4   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 8 . d l l  
 [ 2 0 1 2 / 1 2 / 1 9   0 9 : 4 3 : 4 6   |   0 0 0 , 2 1 0 , 5 1 6   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ n v M o d e s . 0 0 1  
 [ 2 0 1 2 / 1 2 / 1 7   1 4 : 4 5 : 2 7   |   0 0 0 , 0 0 7 , 1 0 4   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 6 . d l l  
 [ 2 0 1 2 / 1 2 / 1 6   0 6 : 5 3 : 4 3   |   0 0 0 , 0 0 0 , 1 4 0   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ L O D E R U N N . I N I  
 [ 2 0 1 2 / 1 2 / 1 2   1 7 : 2 6 : 2 9   |   0 0 0 , 0 3 4 , 5 6 8   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 1 2 - 1 2 - 2 0 1 2 . g d b  
 [ 2 0 1 2 / 1 2 / 1 1   2 0 : 0 2 : 0 8   |   0 0 0 , 6 9 7 , 2 7 2   |   - - - -   |   M ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r A p p . e x e  
 [ 2 0 1 2 / 1 2 / 1 1   2 0 : 0 2 : 0 8   |   0 0 0 , 0 7 3 , 6 5 6   |   - - - -   |   M ]   ( A d o b e   S y s t e m s   I n c o r p o r a t e d )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F l a s h P l a y e r C P L A p p . c p l  
 [ 2 0 1 2 / 1 2 / 1 1   1 3 : 2 7 : 3 1   |   0 0 1 , 0 1 3 , 3 8 0   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ M u f _ f � r _ J u l e s . p d f  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 5 3 : 4 4   |   0 0 0 , 0 0 6 , 9 4 4   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 0 8 - 1 2 - 2 0 1 2 . g d b  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 1 7 : 0 0   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ G a r m i n  
 [ 2 0 1 2 / 1 2 / 0 4   1 4 : 5 2 : 1 1   |   0 0 0 , 3 6 4 , 5 1 2   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F N T C A C H E . D A T  
 [ 2 0 1 2 / 1 2 / 0 3   1 4 : 3 1 : 2 6   |   0 0 0 , 1 7 3 , 5 6 8   |   - - - -   |   M ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ D C B C 2 A 7 1 - 7 0 D 8 - 4 D A N - E H R 8 - E 0 D 6 1 D E A 3 F D F . i n i  
 [ 2 0 1 2 / 1 2 / 0 3   1 2 : 1 7 : 3 3   |   0 0 5 , 8 3 5 , 5 1 2   |   - - - -   |   M ]   ( T e a m V i e w e r   G m b H )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ T e a m V i e w e r _ S e t u p _ d e . e x e  
 [ 2 0 1 2 / 1 2 / 0 3   1 2 : 1 6 : 5 4   |   0 0 0 , 0 0 0 , 9 7 7   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ T e a m V i e w e r   8 . l n k  
 [ 2 0 1 2 / 1 2 / 0 2   0 9 : 1 0 : 4 5   |   0 0 0 , 2 1 0 , 5 1 6   |   - - - -   |   M ]   ( )   - -   C : \ P r o g r a m D a t a \ n v M o d e s . d a t  
 [ 1   C : \ W i n d o w s \ * . t m p   f i l e s   - >   C : \ W i n d o w s \ * . t m p   - >   ]  
 [ 1   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p   f i l e s   - >   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ * . t m p   - >   ]  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i l e s   C r e a t e d   -   N o   C o m p a n y   N a m e   = = = = = = = = = = [ / c o l o r ]  
    
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 4 6   |   0 0 0 , 0 0 2 , 8 6 5   |   - - - -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . j s  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 4 6   |   0 0 0 , 0 0 0 , 8 9 2   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ S t a r t u p \ r u n c t f . l n k  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 0 4 : 2 7   |   0 9 5 , 0 2 3 , 3 2 0   |   - - - -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ d s g s d g d s g d s g w . p a d  
 [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 9 : 0 5   |   0 0 0 , 2 1 9 , 2 3 2   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ A c r o I E H e l p e 2 4 8 . d l l  
 [ 2 0 1 2 / 1 2 / 2 1   0 4 : 5 9 : 0 5   |   0 0 0 , 0 0 7 , 1 0 4   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 8 . d l l  
 [ 2 0 1 2 / 1 2 / 1 7   1 4 : 4 5 : 2 7   |   0 0 0 , 0 0 7 , 1 0 4   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 4 6 . d l l  
 [ 2 0 1 2 / 1 2 / 1 2   1 7 : 2 6 : 2 9   |   0 0 0 , 0 3 4 , 5 6 8   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 1 2 - 1 2 - 2 0 1 2 . g d b  
 [ 2 0 1 2 / 1 2 / 1 1   1 3 : 2 7 : 3 0   |   0 0 1 , 0 1 3 , 3 8 0   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ M u f _ f � r _ J u l e s . p d f  
 [ 2 0 1 2 / 1 2 / 0 9   0 5 : 5 3 : 4 4   |   0 0 0 , 0 0 6 , 9 4 4   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ D e s k t o p \ K o o r d i n a t e n - I n g G e o - 0 8 - 1 2 - 2 0 1 2 . g d b  
 [ 2 0 1 2 / 1 2 / 0 3   1 2 : 1 6 : 5 4   |   0 0 0 , 0 0 0 , 9 7 7   |   - - - -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ T e a m V i e w e r   8 . l n k  
 [ 2 0 1 2 / 1 1 / 2 0   0 7 : 4 8 : 4 1   |   0 0 0 , 0 0 7 , 1 0 4   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 3 5 . d l l  
 [ 2 0 1 2 / 1 1 / 1 2   0 9 : 3 6 : 3 8   |   0 0 0 , 0 0 7 , 7 2 0   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ B A c r o I E H e l p e 2 2 8 . d l l  
 [ 2 0 1 2 / 1 1 / 1 0   1 0 : 2 1 : 4 0   |   0 0 0 , 0 0 0 , 0 1 6   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ b l c k d o m . r e s  
 [ 2 0 1 2 / 0 9 / 0 5   1 6 : 3 6 : 3 8   |   0 0 0 , 0 0 0 , 1 4 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ L O D E R U N N . I N I  
 [ 2 0 1 1 / 1 1 / 1 6   1 4 : 0 0 : 1 3   |   0 0 0 , 0 0 0 , 0 4 3   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ g s w i n 3 2 . i n i  
 [ 2 0 1 1 / 0 5 / 1 1   0 3 : 2 0 : 4 4   |   0 0 0 , 0 0 2 , 8 2 8   |   - H S -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ K G y G a A v L . s y s  
 [ 2 0 1 1 / 0 5 / 1 1   0 3 : 2 0 : 4 4   |   0 0 0 , 0 0 0 , 0 8 8   |   R H S -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ 2 6 4 8 5 E D 7 F A . s y s  
 [ 2 0 1 0 / 0 7 / 1 6   0 8 : 4 8 : 3 9   |   0 0 0 , 0 0 1 , 4 4 7   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ w i n i n i t . i n i  
 [ 2 0 1 0 / 0 7 / 1 6   0 8 : 3 0 : 0 8   |   0 0 0 , 0 6 9 , 6 3 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ R A U N I N S T . E X E  
 [ 2 0 1 0 / 0 1 / 0 2   0 7 : 0 7 : 3 3   |   0 0 0 , 0 0 0 , 3 1 6   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ O D B C . I N I  
 [ 2 0 0 9 / 0 8 / 2 3   1 3 : 3 6 : 3 9   |   0 0 0 , 0 2 2 , 3 2 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ P n k B s t r K . s y s  
 [ 2 0 0 9 / 0 8 / 2 3   1 3 : 3 6 : 3 1   |   0 0 0 , 1 0 3 , 7 3 6   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ P n k B s t r B . e x e  
 [ 2 0 0 9 / 0 8 / 2 3   1 3 : 3 6 : 2 0   |   0 0 0 , 0 6 6 , 8 7 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ P n k B s t r A . e x e  
 [ 2 0 0 9 / 0 7 / 0 5   1 4 : 0 0 : 2 9   |   0 0 0 , 2 8 1 , 7 6 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ a t k s g t . s y s  
 [ 2 0 0 9 / 0 7 / 0 5   1 4 : 0 0 : 1 1   |   0 0 0 , 0 2 5 , 8 8 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d r i v e r s \ l i r s g t . s y s  
 [ 2 0 0 9 / 0 5 / 2 7   1 4 : 2 7 : 0 6   |   0 0 0 , 1 1 7 , 2 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ E h S t o r A u t h n . d l l  
 [ 2 0 0 9 / 0 5 / 2 7   1 4 : 2 7 : 0 6   |   0 0 0 , 1 0 7 , 6 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ S t r u c t u r e d Q u e r y S c h e m a . b i n  
 [ 2 0 0 9 / 0 5 / 2 7   1 4 : 2 6 : 2 4   |   0 0 0 , 0 6 2 , 9 7 6   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ P r i n t B r m U i . e x e  
 [ 2 0 0 9 / 0 4 / 2 1   0 5 : 2 9 : 2 5   |   0 0 0 , 2 1 0 , 5 1 6   |   - - - -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ n v M o d e s . d a t  
 [ 2 0 0 9 / 0 4 / 2 1   0 5 : 2 9 : 2 5   |   0 0 0 , 2 1 0 , 5 1 6   |   - - - -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ n v M o d e s . 0 0 1  
 [ 2 0 0 9 / 0 3 / 0 5   1 2 : 3 8 : 4 7   |   0 0 0 , 1 6 8 , 4 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ u n r a r . d l l  
 [ 2 0 0 9 / 0 3 / 0 5   1 2 : 3 8 : 3 9   |   0 0 0 , 0 6 7 , 5 8 4   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ f f _ v f w . d l l  
 [ 2 0 0 8 / 1 2 / 0 9   1 0 : 2 3 : 1 3   |   0 0 0 , 0 5 3 , 7 1 2   |   R H S -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ a p p C o n f 3 2 . e x e  
 [ 2 0 0 8 / 1 1 / 2 1   1 6 : 4 7 : 5 2   |   0 0 3 , 5 9 6 , 2 8 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ q t - d x 3 3 1 . d l l  
 [ 2 0 0 8 / 1 1 / 0 5   1 3 : 4 2 : 4 5   |   0 0 0 , 0 6 2 , 4 0 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ I F C . d l l  
 [ 2 0 0 8 / 1 1 / 0 5   1 3 : 4 1 : 5 6   |   0 0 0 , 4 2 2 , 8 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ P P L . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 3 0   |   0 0 0 , 1 9 7 , 9 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p h y s x c u d a r t _ 2 0 . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 2   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l T r a d i t i o n a l C h i n e s e . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S w e d i s h . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S p a n i s h . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l S i m p l i f i e d C h i n e s e . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l P o r t u g e s e . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l K o r e a n . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l J a p a n e s e . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l G e r m a n . d l l  
 [ 2 0 0 8 / 1 0 / 0 7   0 2 : 1 3 : 2 0   |   0 0 0 , 0 5 8 , 6 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ A g C P a n e l F r e n c h . d l l  
 [ 2 0 0 8 / 0 8 / 0 1   2 0 : 0 0 : 5 1   |   0 0 0 , 0 1 8 , 9 0 4   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ S t r u c t u r e d Q u e r y S c h e m a T r i v i a l . b i n  
 [ 2 0 0 8 / 0 7 / 1 9   1 1 : 3 5 : 3 5   |   0 0 0 , 0 0 0 , 0 4 1   |   - H S -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ . z r e g l i b  
 [ 2 0 0 8 / 0 7 / 1 9   1 0 : 3 4 : 4 1   |   0 0 0 , 0 4 3 , 5 2 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ C m d L i n e E x t 0 3 . d l l  
 [ 2 0 0 8 / 0 7 / 1 1   1 5 : 2 4 : 0 3   |   0 0 0 , 0 0 1 , 1 8 5   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ m o z v e r . d a t  
 [ 2 0 0 8 / 0 6 / 1 8   0 9 : 5 9 : 0 6   |   0 0 0 , 0 8 1 , 1 5 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ m a n a g e - b d e . i n i . e n  
 [ 2 0 0 8 / 0 4 / 2 7   0 5 : 0 1 : 1 1   |   0 0 0 , 0 0 0 , 5 1 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ W O R D P A D . I N I  
 [ 2 0 0 8 / 0 3 / 2 5   1 1 : 3 5 : 0 5   |   0 0 0 , 0 0 0 , 0 2 5   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ c d p l a y e r . i n i  
 [ 2 0 0 8 / 0 3 / 2 3   0 4 : 3 4 : 3 5   |   0 0 0 , 0 0 0 , 4 6 6   |   R H S -   |   C ]   ( )   - -   C : \ P r o g r a m D a t a \ n t u s e r . p o l  
 [ 2 0 0 8 / 0 1 / 1 4   1 1 : 4 1 : 1 6   |   0 0 0 , 0 3 4 , 3 8 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ s c u n i n . d a t  
 [ 2 0 0 7 / 1 2 / 2 8   1 9 : 5 0 : 4 2   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ n s r e g . d a t  
 [ 2 0 0 7 / 1 2 / 2 6   2 0 : 0 5 : 3 2   |   0 0 0 , 0 0 0 , 0 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ b t h s e r v s d p . d a t  
 [ 2 0 0 7 / 1 2 / 2 6   1 9 : 3 0 : 5 3   |   0 0 0 , 0 0 1 , 6 5 1   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ e R e g . d a t  
 [ 2 0 0 7 / 1 2 / 2 6   1 8 : 0 6 : 1 8   |   0 0 0 , 0 0 0 , 3 1 9   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ g a m e . i n i  
 [ 2 0 0 7 / 1 2 / 2 4   1 6 : 5 0 : 3 6   |   0 0 0 , 1 7 3 , 5 6 8   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ D C B C 2 A 7 1 - 7 0 D 8 - 4 D A N - E H R 8 - E 0 D 6 1 D E A 3 F D F . i n i  
 [ 2 0 0 7 / 1 1 / 1 1   1 5 : 4 2 : 3 2   |   0 0 0 , 1 0 6 , 7 8 0   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ n v M o d e s . d a t  
 [ 2 0 0 7 / 1 1 / 1 1   1 5 : 4 2 : 3 2   |   0 0 0 , 1 0 6 , 7 8 0   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ R o a m i n g \ n v M o d e s . 0 0 1  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 5 9 : 0 3   |   0 0 0 , 0 1 6 , 4 8 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ r i x d i c o n . d l l  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 9 : 4 6   |   0 0 0 , 0 0 1 , 3 5 6   |   - - - -   |   C ]   ( )   - -   C : \ U s e r s \ D e l l \ A p p D a t a \ L o c a l \ d 3 d 9 c a p s . d a t  
 [ 2 0 0 7 / 1 0 / 2 6   0 7 : 2 8 : 1 8   |   0 0 0 , 1 9 7 , 4 0 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ v p n a p i . d l l  
 [ 2 0 0 6 / 1 1 / 0 2   1 0 : 4 8 : 5 2   |   0 0 0 , 6 8 5 , 7 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 7 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   1 0 : 4 8 : 5 2   |   0 0 0 , 2 9 0 , 7 4 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f i 0 0 7 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   1 0 : 4 8 : 5 2   |   0 0 0 , 1 4 9 , 9 0 6   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 7 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   1 0 : 4 8 : 5 2   |   0 0 0 , 0 3 6 , 9 1 6   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f d 0 0 7 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 7 : 5 5 : 5 2   |   0 0 0 , 0 6 7 , 5 8 4   |   - - S -   |   C ]   ( )   - -   C : \ W i n d o w s \ b o o t s t a t . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 7 : 4 6 : 2 7   |   0 0 0 , 3 6 4 , 5 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ F N T C A C H E . D A T  
 [ 2 0 0 6 / 1 1 / 0 2   0 7 : 3 4 : 2 0   |   0 0 0 , 0 0 5 , 6 3 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ s y s p r e p M C E . d l l  
 [ 2 0 0 6 / 1 1 / 0 2   0 5 : 3 3 : 0 1   |   0 0 0 , 6 4 2 , 7 0 4   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f h 0 0 9 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 5 : 3 3 : 0 1   |   0 0 0 , 2 8 7 , 4 4 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f i 0 0 9 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 5 : 3 3 : 0 1   |   0 0 0 , 1 2 1 , 7 1 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f c 0 0 9 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 5 : 3 3 : 0 1   |   0 0 0 , 0 3 0 , 6 7 4   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p e r f d 0 0 9 . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 5 : 2 3 : 2 1   |   0 0 0 , 2 1 5 , 9 4 3   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ d s s e c . d a t  
 [ 2 0 0 6 / 1 1 / 0 2   0 3 : 5 8 : 3 0   |   0 0 0 , 0 4 3 , 1 3 1   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ m i b . b i n  
 [ 2 0 0 6 / 1 1 / 0 2   0 3 : 2 7 : 4 6   |   0 0 0 , 0 0 0 , 5 1 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ S P 2 0 7 . I N I  
 [ 2 0 0 6 / 1 1 / 0 2   0 3 : 1 9 : 0 0   |   0 0 0 , 0 0 0 , 7 4 1   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ N O I S E . D A T  
 [ 2 0 0 6 / 1 1 / 0 2   0 2 : 4 0 : 2 9   |   0 0 0 , 0 1 3 , 7 5 0   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ p a c e r p r f . i n i  
 [ 2 0 0 6 / 1 1 / 0 2   0 2 : 2 5 : 3 1   |   0 0 0 , 6 7 3 , 0 8 8   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ m l a n g . d a t  
 [ 1 9 9 7 / 0 6 / 1 4   0 5 : 5 6 : 0 8   |   0 0 0 , 0 5 6 , 8 3 2   |   - - - -   |   C ]   ( )   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ i y v u 9 _ 3 2 . d l l  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   L O P   C h e c k   = = = = = = = = = = [ / c o l o r ]  
    
 [ 2 0 1 1 / 0 5 / 2 4   1 5 : 5 5 : 0 1   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ 2 A C A 5 C C 3 - 0 F 8 3 - 4 5 3 D - A 0 7 9 - 1 0 7 6 F E 1 A 8 B 6 5  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 8 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ A n w e n d u n g s d a t e n  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ A p p l i c a t i o n   D a t a  
 [ 2 0 0 9 / 1 1 / 0 3   1 1 : 2 9 : 3 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ A u t o d e s k  
 [ 2 0 1 1 / 1 0 / 2 6   1 4 : 1 0 : 3 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ C a n o n   I J   N e t w o r k   T o o l  
 [ 2 0 1 1 / 0 5 / 1 3   0 0 : 3 7 : 2 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - H - D   |   M ]   - -   C : \ P r o g r a m D a t a \ C a n o n B J  
 [ 2 0 1 1 / 1 0 / 2 6   1 4 : 0 8 : 5 4   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ C a n o n I J M S e t u p  
 [ 2 0 0 9 / 0 6 / 2 0   0 8 : 4 5 : 5 3   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ D A E M O N   T o o l s   L i t e  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ D e s k t o p  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ D o c u m e n t s  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 8 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ D o k u m e n t e  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 8 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ F a v o r i t e n  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ F a v o r i t e s  
 [ 2 0 1 1 / 0 5 / 2 4   1 5 : 5 6 : 5 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ H B L i t e S A  
 [ 2 0 1 0 / 0 1 / 3 1   1 6 : 5 7 : 0 2   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ I n s t a l l a t i o n s  
 [ 2 0 1 2 / 1 0 / 0 9   0 4 : 2 5 : 5 6   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ I n t e n i u m  
 [ 2 0 1 0 / 0 1 / 3 1   1 6 : 4 9 : 3 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ N o k i a  
 [ 2 0 0 9 / 1 0 / 2 1   1 2 : 4 6 : 0 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ P C   S u i t e  
 [ 2 0 0 8 / 0 3 / 1 2   1 4 : 4 2 : 3 1   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ p i x e l S t o r m  
 [ 2 0 1 1 / 0 4 / 0 7   0 7 : 1 5 : 4 6   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ P o p C a p   G a m e s  
 [ 2 0 1 0 / 0 1 / 0 4   0 9 : 2 4 : 1 9   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ P r e E m p t i v e   S o l u t i o n s  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ S t a r t   M e n u  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 8 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ S t a r t m e n �  
 [ 2 0 1 2 / 0 9 / 1 9   0 6 : 5 7 : 0 3   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ T E M P  
 [ 2 0 0 6 / 1 1 / 0 2   0 8 : 0 0 : 3 8   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ T e m p l a t e s  
 [ 2 0 0 8 / 1 1 / 1 8   1 5 : 1 4 : 3 3   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ T e r r a T e c  
 [ 2 0 0 7 / 1 1 / 1 1   1 4 : 4 8 : 0 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - H S D   |   M ]   - -   C : \ P r o g r a m D a t a \ V o r l a g e n  
 [ 2 0 0 8 / 1 2 / 0 1   0 6 : 5 6 : 1 5   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ W i n d o w s S e a r c h  
 [ 2 0 1 1 / 1 1 / 2 5   1 4 : 3 7 : 0 2   |   0 0 0 , 0 0 0 , 0 0 0   |   - - - D   |   M ]   - -   C : \ P r o g r a m D a t a \ { 8 3 C 3 B 2 F D - 3 7 E A - 4 C 0 6 - A 2 2 8 - E 9 B 5 E 3 2 F F 0 B 1 }  
 [ 2 0 1 2 / 1 2 / 2 1   1 1 : 4 2 : 0 3   |   0 0 0 , 0 3 2 , 6 0 8   |   - - - -   |   M ]   ( )   - -   C : \ W i n d o w s \ T a s k s \ S C H E D L G U . T X T  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   P u r i t y   C h e c k   = = = = = = = = = = [ / c o l o r ]  
    
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   A l t e r n a t e   D a t a   S t r e a m s   = = = = = = = = = = [ / c o l o r ]  
    
 @ A l t e r n a t e   D a t a   S t r e a m   -   2 4   b y t e s   - >   C : \ W i n d o w s : C 6 D 3 D E 2 E 1 5 9 5 B 9 6 E  
 @ A l t e r n a t e   D a t a   S t r e a m   -   1 1 2   b y t e s   - >   C : \ P r o g r a m D a t a \ T E M P : B 6 0 6 B A 3 4  
 <   E n d   o f   r e p o r t   >
         
Extras.txt
Code:
ATTFilter
��O T L   E x t r a s   l o g f i l e   c r e a t e d   o n :   1 2 / 2 2 / 2 0 1 2   2 : 2 7 : 1 0   P M   -   R u n    
 O T L P E   b y   O l d T i m e r   -   V e r s i o n   3 . 1 . 4 8 . 0           F o l d e r   =   X : \ P r o g r a m s \ O T L P E  
 W i n d o w s   V i s t a   ( T M )   U l t i m a t e   S e r v i c e   P a c k   2   ( V e r s i o n   =   6 . 0 . 6 0 0 2 )   -   T y p e   =   S y s t e m  
 I n t e r n e t   E x p l o r e r   ( V e r s i o n   =   9 . 0 . 8 1 1 2 . 1 6 4 2 1 )  
 L o c a l e :   0 0 0 0 0 4 0 7   |   C o u n t r y :   D e u t s c h l a n d   |   L a n g u a g e :   D E U   |   D a t e   F o r m a t :   d d . M M . y y y y  
    
 2 . 0 0   G b   T o t a l   P h y s i c a l   M e m o r y   |   2 . 0 0   G b   A v a i l a b l e   P h y s i c a l   M e m o r y   |   8 2 . 0 0 %   M e m o r y   f r e e  
 2 . 0 0   G b   P a g i n g   F i l e   |   2 . 0 0   G b   A v a i l a b l e   i n   P a g i n g   F i l e   |   9 5 . 0 0 %   P a g i n g   F i l e   f r e e  
 P a g i n g   f i l e   l o c a t i o n ( s ) :   ? : \ p a g e f i l e . s y s   [ b i n a r y   d a t a ]  
    
 % S y s t e m D r i v e %   =   C :   |   % S y s t e m R o o t %   =   C : \ W i n d o w s   |   % P r o g r a m F i l e s %   =   C : \ P r o g r a m   F i l e s  
 D r i v e   C :   |   1 8 4 . 2 2   G b   T o t a l   S p a c e   |   3 6 . 4 7   G b   F r e e   S p a c e   |   1 9 . 8 0 %   S p a c e   F r e e   |   P a r t i t i o n   T y p e :   N T F S  
 D r i v e   X :   |   4 3 6 . 5 9   M b   T o t a l   S p a c e   |   0 . 0 0   M b   F r e e   S p a c e   |   0 . 0 0 %   S p a c e   F r e e   |   P a r t i t i o n   T y p e :   C D F S  
    
 C o m p u t e r   N a m e :   R E A T O G O   |   U s e r   N a m e :   S Y S T E M  
 B o o t   M o d e :   N o r m a l   |   S c a n   M o d e :   A l l   u s e r s  
 C o m p a n y   N a m e   W h i t e l i s t :   O f f   |   S k i p   M i c r o s o f t   F i l e s :   O f f   |   N o   C o m p a n y   N a m e   W h i t e l i s t :   O n   |   F i l e   A g e   =   3 0   D a y s  
 U s i n g   C o n t r o l S e t :   C o n t r o l S e t 0 0 1  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   E x t r a   R e g i s t r y   ( S a f e L i s t )   = = = = = = = = = = [ / c o l o r ]  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i l e   A s s o c i a t i o n s   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ < e x t e n s i o n > ]  
 . c p l   [ @   =   c p l f i l e ]   - -   C : \ W i n d o w s \ S y s t e m 3 2 \ c o n t r o l . e x e   ( M i c r o s o f t   C o r p o r a t i o n )  
 . h l p   [ @   =   h l p f i l e ]   - -   C : \ W i n d o w s \ w i n h l p 3 2 . e x e   ( M i c r o s o f t   C o r p o r a t i o n )  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   S h e l l   S p a w n i n g   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ < k e y > \ s h e l l \ [ c o m m a n d ] \ c o m m a n d ]  
 b a t f i l e   [ o p e n ]   - -   " % 1 "   % *  
 c m d f i l e   [ o p e n ]   - -   " % 1 "   % *  
 c o m f i l e   [ o p e n ]   - -   " % 1 "   % *  
 c p l f i l e   [ c p l o p e n ]   - -   % S y s t e m R o o t % \ S y s t e m 3 2 \ c o n t r o l . e x e   " % 1 " , % *   ( M i c r o s o f t   C o r p o r a t i o n )  
 e x e f i l e   [ o p e n ]   - -   " % 1 "   % *  
 h e l p f i l e   [ o p e n ]   - -   R e g   E r r o r :   K e y   e r r o r .  
 h l p f i l e   [ o p e n ]   - -   % S y s t e m R o o t % \ w i n h l p 3 2 . e x e   % 1   ( M i c r o s o f t   C o r p o r a t i o n )  
 i n f f i l e   [ i n s t a l l ]   - -   % S y s t e m R o o t % \ S y s t e m 3 2 \ I n f D e f a u l t I n s t a l l . e x e   " % 1 "   ( M i c r o s o f t   C o r p o r a t i o n )  
 p i f f i l e   [ o p e n ]   - -   " % 1 "   % *  
 r e g f i l e   [ m e r g e ]   - -   R e g   E r r o r :   K e y   e r r o r .  
 s c r f i l e   [ c o n f i g ]   - -   " % 1 "  
 s c r f i l e   [ i n s t a l l ]   - -   r u n d l l 3 2 . e x e   d e s k . c p l , I n s t a l l S c r e e n S a v e r   % l  
 s c r f i l e   [ o p e n ]   - -   " % 1 "   / S  
 t x t f i l e   [ e d i t ]   - -   R e g   E r r o r :   K e y   e r r o r .  
 U n k n o w n   [ o p e n a s ]   - -   % S y s t e m R o o t % \ s y s t e m 3 2 \ r u n d l l 3 2 . e x e   % S y s t e m R o o t % \ s y s t e m 3 2 \ s h e l l 3 2 . d l l , O p e n A s _ R u n D L L   % 1  
 D i r e c t o r y   [ c m d ]   - -   c m d . e x e   / s   / k   p u s h d   " % V "   ( M i c r o s o f t   C o r p o r a t i o n )  
 D i r e c t o r y   [ f i n d ]   - -   % S y s t e m R o o t % \ E x p l o r e r . e x e   ( M i c r o s o f t   C o r p o r a t i o n )  
 F o l d e r   [ o p e n ]   - -   % S y s t e m R o o t % \ E x p l o r e r . e x e   / s e p a r a t e , / i d l i s t , % I , % L   ( M i c r o s o f t   C o r p o r a t i o n )  
 F o l d e r   [ e x p l o r e ]   - -   % S y s t e m R o o t % \ E x p l o r e r . e x e   / s e p a r a t e , / e , / i d l i s t , % I , % L   ( M i c r o s o f t   C o r p o r a t i o n )  
 D r i v e   [ f i n d ]   - -   % S y s t e m R o o t % \ E x p l o r e r . e x e   ( M i c r o s o f t   C o r p o r a t i o n )  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   S e c u r i t y   C e n t e r   S e t t i n g s   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y   C e n t e r ]  
 " c v a l "   =   0  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y   C e n t e r \ M o n i t o r i n g ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y   C e n t e r \ S v c ]  
 " A n t i V i r u s O v e r r i d e "   =   0  
 " A n t i S p y w a r e O v e r r i d e "   =   0  
 " F i r e w a l l O v e r r i d e "   =   0  
 " V i s t a S p 1 "   =   R e g   E r r o r :   U n k n o w n   r e g i s t r y   d a t a   t y p e   - -   F i l e   n o t   f o u n d  
 " V i s t a S p 2 "   =   R e g   E r r o r :   U n k n o w n   r e g i s t r y   d a t a   t y p e   - -   F i l e   n o t   f o u n d  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   F i r e w a l l   S e t t i n g s   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ D o m a i n P r o f i l e ]  
 " D i s a b l e N o t i f i c a t i o n s "   =   0  
 " E n a b l e F i r e w a l l "   =   1  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ S t a n d a r d P r o f i l e ]  
 " D i s a b l e N o t i f i c a t i o n s "   =   0  
 " E n a b l e F i r e w a l l "   =   1  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ P u b l i c P r o f i l e ]  
 " D i s a b l e N o t i f i c a t i o n s "   =   0  
 " E n a b l e F i r e w a l l "   =   0  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   A u t h o r i z e d   A p p l i c a t i o n s   L i s t   = = = = = = = = = = [ / c o l o r ]  
    
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   H K E Y _ L O C A L _ M A C H I N E   U n i n s t a l l   L i s t   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l ]  
 " _ { C E 2 D A 1 1 A - 9 1 7 F - 4 C F 5 - A B 5 5 - 7 5 5 E C 1 1 5 D D 1 0 } "   =   C o r e l D R A W ( R )   G r a p h i c s   S u i t e   X 4   -   W i n d o w s   S h e l l   E x t e n s i o n  
 " { 0 0 2 D 9 D 5 E - 2 9 B A - 3 E 6 D - 9 B C 4 - 3 D 7 D 6 D B C 7 3 5 C } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 8   A T L   U p d a t e   k b 9 7 3 9 2 4   -   x 8 6   9 . 0 . 3 0 7 2 9 . 4 1 4 8  
 " { 0 2 8 E D 9 C 4 - 2 5 E E - 4 D E E - 9 C F 4 - 9 1 0 3 4 B C 8 9 B 1 8 } "   =   M i c r o s o f t   S Q L   S e r v e r   2 0 0 5   E x p r e s s   E d i t i o n   ( S Q L E X P R E S S )  
 " { 0 4 8 2 9 8 C 9 - A 4 D 3 - 4 9 0 B - 9 F F 9 - A B 0 2 3 A 9 2 3 8 F 3 } "   =   S t e a m ( T M )  
 " { 0 4 8 5 8 9 1 5 - 9 F 4 9 - 4 B 2 A - A E D 4 - D C 4 9 A 7 D E 6 A 7 B } "   =   B a t t l e f i e l d   2 ( T M )  
 " { 0 7 6 2 9 2 0 7 - F A A 0 - 4 F 1 A - 8 0 9 2 - B F 5 0 8 5 B E 5 1 1 F } "   =   U n t e r s t � t z u n g s d a t e i e n   f � r   d a s   M i c r o s o f t   S Q L   S e r v e r - S e t u p   ( E n g l i s c h )  
 " { 0 8 6 a 7 d 8 c - 0 a 3 8 - 4 c 7 f - 8 1 9 a - 6 2 0 2 7 5 5 5 0 d 5 c } "   =   N e r o   B u r n i n g   R O M   H e l p  
 " { 0 D E 8 5 2 7 A - F E 3 E - 4 F C A - A 0 2 3 - D 5 7 E F 0 B 7 9 6 C 9 } _ i s 1 "   =   P l a n t s   v s .   Z o m b i e s   1 . 0 . 4 . 7 9 2 4   ( b y   S c a r )  
 " { 1 1 1 1 7 0 6 F - 6 6 6 A - 4 0 3 7 - 7 7 7 7 - 2 1 1 3 2 8 7 6 4 D 1 0 } "   =   J a v a F X   2 . 1 . 1  
 " { 1 1 9 9 F A D 5 - 9 5 4 6 - 4 4 f 3 - 8 1 C F - F F D B 8 0 4 0 B 7 B F } _ C a n o n _ i P 4 6 0 0 _ s e r i e s "   =   C a n o n   i P 4 6 0 0   s e r i e s   P r i n t e r   D r i v e r  
 " { 1 1 9 9 F A D 5 - 9 5 4 6 - 4 4 f 3 - 8 1 C F - F F D B 8 0 4 0 B 7 B F } _ C a n o n _ M G 5 2 0 0 _ s e r i e s "   =   C a n o n   M G 5 2 0 0   s e r i e s   M P   D r i v e r s  
 " { 1 5 9 0 9 8 A F - 4 E B 8 - 4 C 1 0 - B 0 C 6 - 2 4 C D A 3 2 B 4 5 F 9 } "   =   M i c r o s o f t   S Q L   S e r v e r   C o m p a c t   3 . 5   D E U  
 " { 1 8 3 8 C 5 A 2 - A B 3 2 - 4 1 4 5 - 8 5 C 1 - B B 9 B 8 D F A 2 4 C D } "   =   Q u i c k T i m e  
 " { 1 8 E 1 F D 7 2 - 6 0 F A - 3 E 1 0 - A 6 6 B - 6 4 0 9 7 0 B 5 5 5 9 F } "   =   V i s u a l   S t u d i o   T o o l s   f o r   t h e   O f f i c e   s y s t e m   3 . 0   R u n t i m e   L a n g u a g e   P a c k   -   D E U  
 " { 1 C 3 A D B 5 F - 7 5 0 E - 4 4 5 3 - A C 9 8 - B 7 5 C 5 3 2 3 8 4 5 C } "   =   M i c r o s o f t   S Q L   S e r v e r   C o m p a c t   3 . 5   f o r   D e v i c e s   D E U  
 " { 2 1 2 7 4 8 B B - 0 D A 5 - 4 6 D E - 8 2 A 1 - 4 0 3 7 3 6 D C 9 F 2 7 } "   =   M S V C 8 0 _ x 8 6  
 " { 2 6 A 2 4 A E 4 - 0 3 9 D - 4 C A 4 - 8 7 B 4 - 2 F 8 3 2 1 7 0 0 7 F F } "   =   J a v a   7   U p d a t e   9  
 " { 3 8 8 E 4 B 0 9 - 3 E 7 1 - 4 6 4 9 - 8 9 2 1 - F 4 4 A 3 A 2 9 5 4 A 7 } "   =   M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   R u n t i m e  
 " { 3 9 2 4 C 3 E 7 - C 4 4 0 - 4 B 2 3 - 9 7 4 0 - 9 A 9 E C 0 5 4 5 F 2 1 } "   =   C r y s t a l   R e p o r t s   B a s i c   G e r m a n   L a n g u a g e   P a c k   f o r   V i s u a l   S t u d i o   2 0 0 8  
 " { 3 C 3 9 0 1 C 5 - 3 4 5 5 - 3 E 0 A - A 2 1 4 - 0 B 0 9 3 A 5 0 7 0 A 6 } "   =   M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e  
 " { 3 F C 7 C B B C 4 C 1 E 1 1 D C A 1 A 7 5 2 E A 5 5 D 8 9 5 9 3 } "   =   D i v X   V e r s i o n   C h e c k e r  
 " { 4 0 6 F B 8 A 4 - F 5 3 9 - 4 8 A 9 - 8 0 9 C - F 9 4 7 0 6 F 9 C 9 F 6 } _ i s 1 "   =   S . T . A . L . K . E . R .   -   C a l l   o f   P r i p y a t   [ v 1 . 6 . 0 2 ]  
 " { 4 1 4 A 3 7 3 B - 5 9 D F - 4 1 0 2 - 9 4 C A - 9 F E 9 A 7 4 C B D D A } "   =   G a r m i n   T r i p   a n d   W a y p o i n t   M a n a g e r   v 5  
 " { 4 4 5 1 7 4 E A - 3 D 3 A - 3 0 8 E - 8 4 A D - 4 4 6 1 2 7 E 7 1 4 4 1 } "   =   M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 8   P r o f e s s i o n a l   E d i t i o n   -   D E U  
 " { 4 4 D 4 A F 7 5 - 6 8 7 0 - 4 1 F 5 - 9 1 8 1 - 6 6 2 E A 0 5 5 0 7 E 1 } "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5  
 " { 4 A 0 3 7 0 6 F - 6 6 6 A - 4 0 3 7 - 7 7 7 7 - 5 F 2 7 4 8 7 6 4 D 1 0 } "   =   J a v a   A u t o   U p d a t e r  
 " { 4 A C D C 4 1 3 - A F 1 3 - 3 9 3 4 - 8 D 8 A - 1 F 8 C E F 7 0 D 1 A 5 } "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8   L a n g u a g e   P a c k   -   D E U  
 " { 4 B 6 E 1 E A 9 - 4 7 0 4 - 4 7 5 0 - 8 6 8 A - A E B 3 9 8 1 6 8 D A 6 } "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5   L a n g u a g e   P a c k   -   D E U  
 " { 4 C 9 1 1 A 6 1 - 3 9 E A - 4 1 C C - A B 3 C - F E 3 B F F D B 5 F 7 8 } "   =   N o k i a   S o f t w a r e   U p d a t e r  
 " { 4 E 3 A 8 1 7 A - 8 0 3 3 - 3 D 7 E - B C A 9 - 1 0 2 E F F 3 F D 9 C A } "   =   M i c r o s o f t   D e v i c e   E m u l a t o r   V e r s i o n   3 . 0   -   D E U  
 " { 5 5 4 5 E E E 1 - F A 3 6 - 4 F 7 6 - B 6 B E - 5 6 9 6 E 7 F 4 E 2 D 6 } "   =   V B A   ( 2 6 2 7 . 0 1 )  
 " { 5 5 4 5 E E E 4 - F A 3 6 - 4 F 7 6 - B 6 B E - 5 6 9 6 E 7 F 4 E 2 D 6 } "   =   V B A   ( 2 7 0 1 . 0 1 )  
 " { 5 6 C 0 4 9 B E - 7 9 E 9 - 4 5 0 2 - B E A 7 - 9 7 5 4 A 3 E 6 0 F 9 B } "   =   n e r o x m l  
 " { 5 7 8 3 F 2 D 7 - 7 0 0 4 - 0 4 0 7 - 0 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } "   =   A u t o C A D   A r c h i t e c t u r e   2 0 0 9   -   D e u t s c h  
 " { 5 7 8 3 F 2 D 7 - 8 0 0 4 - 0 4 0 7 - 0 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } "   =   A u t o C A D   A r c h i t e c t u r e   2 0 1 0   -   D e u t s c h  
 " { 5 7 8 3 F 2 D 7 - 8 0 0 4 - 0 4 0 7 - 1 0 0 2 - 0 0 6 0 B 0 C E 6 B B A } "   =   A u t o C A D   A r c h i t e c t u r e   2 0 1 0   L a n g u a g e   P a c k   -   D e u t s c h  
 " { 5 D A 8 F 6 C D - C 7 0 E - 3 9 D 8 - 8 4 3 0 - 3 D 9 8 0 8 D 6 B D 1 7 } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 8   R e d i s t r i b u t a b l e   -   x 8 6   9 . 0 . 3 0 4 1 1  
 " { 5 D B 1 6 1 C 0 - 7 C 9 C - 4 1 D 7 - 8 D A 1 - C B 1 1 2 F 6 0 9 4 6 B } "   =   M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   R u n t i m e   L a n g u a g e   P a c k  
 " { 5 E E 7 D 2 5 9 - D 1 3 7 - 4 4 3 8 - 9 A 5 F - 4 2 F 4 3 2 E C 0 4 2 1 } "   =   V C 8 0 C R T R e d i s t   -   8 . 0 . 5 0 7 2 7 . 4 0 5 3  
 " { 6 0 D E 4 0 3 3 - 9 5 0 3 - 4 8 D 1 - A 4 8 3 - 7 8 4 6 B D 2 1 7 C A 9 } "   =   I C Q 6  
 " { 6 3 B 9 B A B 5 - F 3 6 A - 4 A 3 B - 9 E 5 C - 6 8 A 7 F 2 1 2 B F B 9 } "   =   T e r r a T e c   H o m e   C i n e m a  
 " { 6 4 c 5 b 8 8 7 - b 5 e e - 4 2 b 8 - 8 5 9 6 - 7 8 9 0 5 a 6 b 5 f 1 f } "   =   M i c r o s o f t   W i n d o w s   S D K   f o r   V i s u a l   S t u d i o   2 0 0 8   S D K   R e f e r e n c e   A s s e m b l i e s   a n d   I n t e l l i S e n s e  
 " { 6 7 5 3 B 4 0 C - 0 F B D - 3 B E D - 8 A 9 D - 0 A C A C 2 D C D 8 5 D } "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8  
 " { 6 8 A 3 5 0 4 3 - C 5 5 A - 4 2 3 7 - 8 8 C 9 - 3 7 E E 1 C 6 3 E D 7 1 } "   =   M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   P a c k a g e  
 " { 6 9 F D F B B 6 - 3 5 1 D - 4 B 8 C - 8 9 D 8 - 8 6 7 D C 9 D 0 A 2 A 4 } "   =   W i n d o w s   M e d i a   P l a y e r   F i r e f o x   P l u g i n  
 " { 6 C 5 3 1 0 6 0 - 8 4 F B - 4 F 9 6 - 8 F 3 3 - 2 9 D F 0 2 0 6 3 2 E B } "   =   M i c r o s o f t   . N E T   C o m p a c t   F r a m e w o r k   1 . 0   S P 3   D e v e l o p e r  
 " { 6 D 3 2 4 5 B 1 - 8 D B 8 - 4 A 2 3 - 9 C D 2 - 2 C 9 0 F 4 0 A B A F 6 } "   =   M S V C 8 0 _ x 8 6 _ v 2  
 " { 6 E 0 3 5 2 E E - 6 F 0 D - 4 F B C - B 1 B 8 - 4 F F 0 3 2 C 7 8 B E 0 } "   =   P C   C o n n e c t i v i t y   S o l u t i o n  
 " { 7 2 1 B 5 C F 0 - D 2 2 0 - 4 9 5 5 - B B 6 F - E B C F B 1 0 9 6 D E 7 } "   =   W i n d o w s   M o b i l e   5 . 0   S D K   R 2   f o r   P o c k e t   P C  
 " { 7 2 9 9 0 5 2 b - 0 2 a 4 - 4 6 2 7 - 8 1 f 2 - 1 8 1 8 d a 5 d 5 5 0 d } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 5   R e d i s t r i b u t a b l e  
 " { 7 2 C C B E A 1 - 8 D 5 7 - 4 9 8 1 - A 3 3 7 - 8 1 0 1 9 F 2 8 C 5 B A } "   =   M i c r o s o f t   . N E T   C o m p a c t   F r a m e w o r k   3 . 5  
 " { 7 7 0 6 5 7 D 0 - A 1 2 3 - 3 C 0 7 - 8 E 4 4 - 1 C 8 3 E C 8 9 5 1 1 8 } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 5   A T L   U p d a t e   k b 9 7 3 9 2 3   -   x 8 6   8 . 0 . 5 0 7 2 7 . 4 0 5 3  
 " { 7 7 7 C 0 6 F 9 - 8 4 6 2 - 4 2 8 9 - 9 0 2 6 - 0 4 6 2 9 0 6 E 1 7 7 F } "   =   X P S   L i g h t F X   S D K  
 " { 7 B 6 3 B 2 9 2 2 B 1 7 4 1 3 5 A F C 0 E 1 3 7 7 D D 8 1 E C 2 } "   =    
 " { 7 F 0 C 4 4 5 7 - 8 E 6 4 - 4 9 1 B - 8 D 7 B - 9 9 1 5 0 4 3 6 5 D 1 E } "   =   Q u i c k S e t  
 " { 7 F B 1 2 6 7 0 - 0 F 9 3 - 4 E 1 E - B 2 F 5 - 4 F 3 3 9 1 9 9 A 0 3 A } "   =   M i c r o s o f t   S Q L   S e r v e r   N a t i v e   C l i e n t  
 " { 8 3 7 b 3 4 e 3 - 7 c 3 0 - 4 9 3 c - 8 f 6 a - 2 b 0 f 0 4 e 2 9 1 2 c } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 5   R e d i s t r i b u t a b l e  
 " { 8 4 2 F A F 7 C - 5 0 E F - 4 4 6 3 - 9 B 8 F - 6 2 2 2 E 1 3 8 4 D 7 D } "   =   M i c r o s o f t   W i n d o w s   S D K   f o r   V i s u a l   S t u d i o   2 0 0 8   H e a d e r s   a n d   L i b r a r i e s  
 " { 8 4 9 A 3 2 C 3 - E 7 5 A - 4 7 9 1 - 9 B 1 1 - E 5 6 8 B A 3 5 2 5 A 4 } "   =   M i c r o s o f t   S Q L   S e r v e r   V S S   W r i t e r  
 " { 8 7 1 D F 2 B E - 4 1 D 2 - 4 3 3 4 - A C 3 3 - 8 3 9 A F 1 6 F C 8 F E } "   =   C i s c o   S y s t e m s   V P N   C l i e n t   5 . 0 . 0 2 . 0 0 9 0  
 " { 8 7 9 5 C B E D - 5 5 E 2 - 4 6 9 3 - 9 F 1 4 - 8 4 E C 4 4 6 9 3 5 B E } "   =   S p e e c h R e d i s t  
 " { 8 A A B 4 1 7 6 - A 7 4 7 - 4 9 3 A - A 4 2 C - B 6 3 C F A D F D 8 E 3 } "   =   N V I D I A   P h y s X  
 " { 8 D 5 2 E 0 F 9 - 1 7 A 0 - 4 9 3 B - 8 6 9 2 - 9 3 7 3 8 1 D D B 6 2 B } "   =   S i m C i t y   2 0 0 0  
 " { 8 F B 5 3 8 5 0 - 2 4 6 A - 3 5 0 7 - 8 A D E - 0 0 6 0 0 9 3 F F E A 6 } "   =   V i s u a l   S t u d i o   T o o l s   f o r   t h e   O f f i c e   s y s t e m   3 . 0   R u n t i m e  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 5 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   A c c e s s   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 5 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 6 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   E x c e l   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 6 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 8 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P o w e r P o i n t   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 8 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 9 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P u b l i s h e r   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 9 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   O u t l o o k   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 B - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   W o r d   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 B - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P r o o f   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 9 2 8 D 7 B 9 9 - 2 B E A - 4 9 F 9 - 8 3 B 8 - 2 0 F A 5 7 8 6 0 6 4 3 } "   =   M i c r o s o f t   O f f i c e   P r o o f i n g   T o o l s   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 9 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P r o o f   ( E n g l i s h )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 9 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 1 F F 9 6 0 2 6 - A 0 4 A - 4 C 3 E - B 5 0 A - B B 7 0 2 2 6 5 4 D 0 F } "   =   M i c r o s o f t   O f f i c e   P r o o f i n g   T o o l s   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 C - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P r o o f   ( F r e n c h )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 0 C - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 7 1 F 0 5 5 E 8 - E 2 C 6 - 4 2 1 4 - B B 3 D - B F E 0 3 5 6 1 B 8 9 E } "   =   M i c r o s o f t   O f f i c e   P r o o f i n g   T o o l s   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 1 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P r o o f   ( I t a l i a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 1 F - 0 4 1 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { A 2 3 B F C 9 5 - 4 A 7 3 - 4 1 0 F - 9 2 4 8 - 4 C 2 B 4 8 E 3 8 C 4 9 } "   =   M i c r o s o f t   O f f i c e   P r o o f i n g   T o o l s   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   V i s u a l   W e b   D e v e l o p e r   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   V i s u a l   W e b   D e v e l o p e r   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 2 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ V i s u a l W e b D e v e l o p e r _ { 2 7 3 3 A A 8 7 - 2 6 F C - 4 1 B 0 - 9 D 2 F - 3 0 9 2 3 4 5 B C 3 7 0 } "   =   M i c r o s o f t   O f f i c e   S h a r e P o i n t   D e s i g n e r   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 2 C - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   P r o o f i n g   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 3 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   E n t e r p r i s e   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 3 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { 6 E 1 0 7 E B 7 - 8 B 5 5 - 4 8 B F - A C C B - 1 9 9 F 8 6 A 2 C D 9 3 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 4 4 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   I n f o P a t h   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 4 4 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   S h a r e d   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { A 6 3 5 3 E 8 F - 5 B 8 D - 4 7 C C - 8 7 3 7 - D F F 0 3 2 E D 3 9 7 3 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 6 E - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ V i s u a l W e b D e v e l o p e r _ { A 6 3 5 3 E 8 F - 5 B 8 D - 4 7 C C - 8 7 3 7 - D F F 0 3 2 E D 3 9 7 3 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 A 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   O n e N o t e   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 A 1 - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 0 1 2 0 0 0 0 - 0 0 B A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } "   =   M i c r o s o f t   O f f i c e   G r o o v e   M U I   ( G e r m a n )   2 0 0 7  
 " { 9 0 1 2 0 0 0 0 - 0 0 B A - 0 4 0 7 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } _ E N T E R P R I S E _ { D B 2 A C B D 1 - 6 5 B 1 - 4 F C 5 - 8 8 1 E - 4 E 7 5 C 6 6 8 E 7 E 2 } "   =   M i c r o s o f t   O f f i c e   2 0 0 7   S e r v i c e   P a c k   3   ( S P 3 )  
 " { 9 9 F 0 C 3 C C - 8 D F 0 - 3 6 1 1 - B 1 9 0 - C F 4 D 1 A F 0 E 0 5 3 } "   =   M i c r o s o f t   W i n d o w s   S D K   f o r   V i s u a l   S t u d i o   2 0 0 8   . N E T   F r a m e w o r k   T o o l s  
 " { 9 A 2 5 3 0 2 D - 3 0 C 0 - 3 9 D 9 - B D 6 F - 2 1 E 6 E C 1 6 0 4 7 5 } "   =   M i c r o s o f t   V i s u a l   C + +   2 0 0 8   R e d i s t r i b u t a b l e   -   x 8 6   9 . 0 . 3 0 7 2 9 . 1 7  
 " { 9 A 3 3 B 8 3 D - F F C 4 - 4 4 C F - B E E F - 6 3 2 D E C E F 2 F C D } "   =   M i c r o s o f t   S Q L   S e r v e r   D a t a b a s e   P u b l i s h i n g   W i z a r d   1 . 2  
 " { A 6 F 6 7 2 5 C - 1 2 C 3 - 4 2 B 5 - 9 6 4 7 - 8 6 6 8 E 1 B E E 2 D 2 } "   =   M i c r o s o f t   S Q L   S e r v e r   2 0 0 5   M o b i l e   [ D E U ]   D e v e l o p e r   T o o l s  
 " { A 8 F 2 0 8 9 B - 1 F 7 9 - 4 B F 6 - B 3 8 5 - A 2 C 2 B 0 B 9 A 7 4 D } "   =   I m a g X p r e s s  
 " { A A 4 6 7 9 5 9 - A 1 D 6 - 4 F 4 5 - 9 0 C D - 1 1 D C 5 7 7 3 3 F 3 2 } "   =   C r y s t a l   R e p o r t s   B a s i c   f o r   V i s u a l   S t u d i o   2 0 0 8  
 " { A A 5 9 D D E 4 - B 6 7 2 - 4 6 2 1 - A 0 1 6 - 4 C 2 4 8 2 0 4 9 5 7 A } "   =   S k y p e "!  5 . 5  
 " { A C 7 6 B A 8 6 - 7 A D 7 - 1 0 3 1 - 7 B 4 4 - A A 1 0 0 0 0 0 0 0 0 1 } "   =   A d o b e   R e a d e r   X   ( 1 0 . 1 . 4 )   -   D e u t s c h  
 " { B 1 0 6 0 3 4 6 - 9 3 8 8 - 4 C 5 B - A A 5 2 - 1 7 6 C 3 9 8 1 9 E 4 3 } "   =   M i c r o s o f t   . N E T   C o m p a c t   F r a m e w o r k   2 . 0   S P 2  
 " { B 1 3 A 7 C 4 1 5 8 1 B 4 1 1 2 9 0 F B C 0 3 9 5 6 9 4 E 2 A 9 } "   =   D i v X   C o n v e r t e r  
 " { B 2 6 8 E 9 A 1 - 0 4 A 9 - 4 0 D 0 - 9 8 6 6 - 8 4 6 B E 2 B 7 4 B A 7 } "   =   M i c r o s o f t   W i n d o w s   S D K   f o r   V i s u a l   S t u d i o   2 0 0 8   W i n 3 2   T o o l s  
 " { B 5 7 6 1 8 1 1 - 2 8 F 3 - 4 2 5 7 - B 5 3 7 - 8 1 5 C 5 E E F 4 7 2 C } "   =   V o d a f o n e   M o b i l e   C o n n e c t   L i t e  
 " { B 7 4 F 0 4 2 E - E 1 B 9 - 4 A 5 B - 8 D 4 6 - 3 8 7 B B 1 7 2 F 0 A 4 } "   =   A p p l e   S o f t w a r e   U p d a t e  
 " { B B A A A D 8 2 - 6 2 4 2 - 4 2 0 F - 8 6 D 4 - B D 7 2 B B 5 E 6 C 8 6 } "   =   T o o l s   f � r   M i c r o s o f t   S Q L   S e r v e r   2 0 0 5   E x p r e s s   E d i t i o n  
 " { B B E 4 5 D 3 7 - 2 D 2 E - 4 2 6 F - 8 E F 6 - 5 0 7 5 C E 4 D 3 8 2 B } "   =   M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   L a n g u a g e   P a c k   -   D E U  
 " { B E 0 6 1 1 4 F - 5 5 9 D - 1 1 E 0 - B 5 A 1 - 0 0 1 D 0 9 2 6 B 1 B F } "   =   G o o g l e   E a r t h  
 " { C 5 0 E F 3 6 5 - 2 8 9 8 - 4 8 9 A - B 6 C 7 - 3 0 D A A 4 6 6 E 9 A 2 } "   =   N o k i a   C o n n e c t i v i t y   C a b l e   D r i v e r  
 " { C A A 3 7 6 A F - 0 D E 8 - 4 F C A - 9 4 2 E - C 6 A C 5 7 9 B 9 4 B 3 } "   =   M i c r o s o f t   W i n d o w s   S D K   f o r   V i s u a l   S t u d i o   2 0 0 8   T o o l s  
 " { C E 2 C D D 6 2 - 0 1 2 4 - 3 6 C A - 8 4 D 3 - 9 F 4 D C F 5 C 5 B D 9 } "   =   M i c r o s o f t   . N E T   F r a m e w o r k   3 . 5   S P 1  
 " { C E 2 D A 1 1 A - 9 1 7 F - 4 C F 5 - A B 5 5 - 7 5 5 E C 1 1 5 D D 1 0 } "   =   C o r e l D R A W ( R )   G r a p h i c s   S u i t e   X 4   -   W i n d o w s   S h e l l   E x t e n s i o n  
 " { D 0 A 0 5 7 9 4 - 4 8 C 2 - 4 4 2 4 - A 1 5 A - 9 F 2 0 F C F D D 3 7 4 } "   =   C a l l   o f   D u t y ( R )   2  
 " { D 4 5 E C 2 5 9 - 4 A 1 9 - 4 6 5 6 - B 5 8 8 - C 2 C 3 6 0 D D 1 8 E A } "   =   H a l f - L i f e ( R )   2  
 " { D 7 8 6 5 3 C 3 - A 8 F F - 4 1 5 F - 9 2 E 6 - D 7 7 4 E 6 3 4 F F 2 D } "   =   D e l l   R e s o u r c e C D  
 " { D A 7 F 4 8 E F - 5 F 5 6 - 4 5 F E - 9 1 6 9 - 3 B 8 1 5 9 A 7 A 3 2 3 } "   =   W i n d o w s   M o b i l e   5 . 0   S D K   R 2   f o r   S m a r t p h o n e  
 " { D F 5 A 0 3 C C - D 5 A A - 4 3 D 8 - B 9 4 8 - D 9 9 0 3 F 2 A F 9 4 A } "   =   C o u n t e r - S t r i k e ( T M )  
 " { E 3 2 2 6 0 E 7 - 0 B 1 0 - 4 3 C 7 - 9 B 7 7 - A B 9 F 4 1 8 4 6 7 6 D } "   =   M i c r o s o f t   S Q L   S e r v e r   C o m p a c t   3 . 5   D e s i g n   T o o l s   D E U  
 " { f 4 0 4 1 d c e - 3 f e 1 - 4 e 1 8 - 8 a 9 e - 9 d e 6 5 2 3 1 e e 3 6 } "   =   N e r o   C o n t r o l C e n t e r  
 " { F 7 5 0 C 9 8 6 - 5 3 1 0 - 3 A 5 A - 9 5 F 8 - 4 E C 7 1 C 8 A C 0 1 C } "   =   M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e   D E U   L a n g u a g e   P a c k  
 " { F F 2 9 5 2 7 A - 4 4 C D - 3 4 2 2 - 9 4 5 E - 9 8 1 A 1 3 5 8 4 0 0 0 } "   =   V C   R u n t i m e s   M S I  
 " 5 0 4 2 4 4 7 3 3 D 1 8 C 8 F 6 3 F F 5 8 4 A E B 2 9 0 E 3 9 0 4 E 7 9 1 6 9 3 "   =   W i n d o w s - T r e i b e r p a k e t   -   N o k i a   p c c s m c f d     ( 0 8 / 2 2 / 2 0 0 8   7 . 0 . 0 . 0 )  
 " 7 - Z i p "   =   7 - Z i p   4 . 6 4  
 " A d o b e   F l a s h   P l a y e r   P l u g i n "   =   A d o b e   F l a s h   P l a y e r   1 1   P l u g i n  
 " A g e   o f   E m p i r e s   2 . 0 "   =   M i c r o s o f t   A g e   o f   E m p i r e s   I I  
 " A g e   o f   E m p i r e s   I I :   T h e   C o n q u e r o r s   E x p a n s i o n   1 . 0 "   =   M i c r o s o f t   A g e   o f   E m p i r e s   I I :   T h e   C o n q u e r o r s   E x p a n s i o n  
 " A k a m a i "   =   A k a m a i   N e t S e s s i o n   I n t e r f a c e   S e r v i c e  
 " A N N O 1 6 0 2 "   =   A n n o   1 6 0 2  
 " A u t o C A D   A r c h i t e c t u r e   2 0 0 9   -   D e u t s c h "   =   A u t o C A D   A r c h i t e c t u r e   2 0 0 9   -   D e u t s c h  
 " A v i r a   A n t i V i r   D e s k t o p "   =   A v i r a   A n t i V i r   P e r s o n a l   -   F r e e   A n t i v i r u s  
 " C a n o n   M G 5 2 0 0   s e r i e s   B e n u t z e r r e g i s t r i e r u n g "   =   C a n o n   M G 5 2 0 0   s e r i e s   B e n u t z e r r e g i s t r i e r u n g  
 " C a n o n _ I J _ N e t w o r k _ S c a n _ U T I L I T Y "   =   C a n o n   I J   N e t w o r k   S c a n   U t i l i t y  
 " C a n o n _ I J _ N e t w o r k _ U T I L I T Y "   =   C a n o n   I J   N e t w o r k   T o o l  
 " C a n o n M y P r i n t e r "   =   C a n o n   M y   P r i n t e r  
 " C C l e a n e r "   =   C C l e a n e r  
 " C o s s a c k s   I I "   =   C o s s a c k s   I I  
 " C o u n t e r - S t r i k e :   S o u r c e "   =   C o u n t e r - S t r i k e :   S o u r c e  
 " D A E M O N   T o o l s   T o o l b a r "   =   D A E M O N   T o o l s   T o o l b a r  
 " D i v X   S e t u p . d i v x . c o m "   =   D i v X - S e t u p  
 " D u k e   N u k e m   3 D   H R P "   =   D u k e   N u k e m   3 D   H R P   V   4 . 0   ( 3 2 1 )  
 " E a r t h w o r m   J i m _ i s 1 "   =   E a r t h w o r m   J i m  
 " E N T E R P R I S E "   =   M i c r o s o f t   O f f i c e   E n t e r p r i s e   2 0 0 7  
 " G T A 2 "   =   G T A 2  
 " I C Q L i t e "   =   I C Q   5 . 1  
 " I C Q - T o o l s _ i s 1 "   =   m e h r   I C Q   S t a t u s s y m b o l e  
 " I c y   T o w e r _ i s 1 "   =   I c y   T o w e r   v 1 . 3  
 " I n s t a l l S h i e l d _ { 8 A 1 5 B 7 D 9 - 9 0 8 A - 4 E F 9 - B A 8 4 - 5 A E D E 6 1 7 4 3 E E } "   =   C a l l   o f   D u t y ( R )   4   -   M o d e r n   W a r f a r e ( T M )   1 . 6   P a t c h  
 " I n s t a l l S h i e l d _ { 9 3 1 C 3 7 F C - 5 9 4 D - 4 3 A 9 - B 1 0 F - A 2 F 2 B 1 F 0 3 4 9 8 } "   =   C a l l   o f   D u t y ( R )   4   -   M o d e r n   W a r f a r e ( T M )   1 . 7   P a t c h  
 " I n s t a l l S h i e l d _ { D 0 A 0 5 7 9 4 - 4 8 C 2 - 4 4 2 4 - A 1 5 A - 9 F 2 0 F C F D D 3 7 4 } "   =   C a l l   o f   D u t y ( R )   2  
 " K L i t e C o d e c P a c k _ i s 1 "   =   K - L i t e   C o d e c   P a c k   4 . 7 . 0   ( F u l l )  
 " L i t t l e   F i g h t e r   2 "   =   L i t t l e   F i g h t e r   2   v e r s i o n   2 . 0 a  
 " M C - L o a d   P r e i n s t a l l e r "   =   M C - L o a d   P r e i n s t a l l e r  
 " M e d i a N a v i g a t i o n . C D L a b e l P r i n t "   =   C D - L a b e l P r i n t  
 " M i c r o s o f t   . N E T   F r a m e w o r k   3 . 5   S P 1 "   =   M i c r o s o f t   . N E T   F r a m e w o r k   3 . 5   S P 1  
 " M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e "   =   M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e  
 " M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e   D E U   L a n g u a g e   P a c k "   =   M i c r o s o f t   . N E T   F r a m e w o r k   4   C l i e n t   P r o f i l e   D E U   L a n g u a g e   P a c k  
 " M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5 "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5  
 " M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5   L a n g u a g e   P a c k   -   D E U "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 5   L a n g u a g e   P a c k   -   D E U  
 " M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8 "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8  
 " M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8   L a n g u a g e   P a c k   -   D E U "   =   M i c r o s o f t   D o c u m e n t   E x p l o r e r   2 0 0 8   L a n g u a g e   P a c k   -   D E U  
 " M i c r o s o f t   S Q L   S e r v e r   2 0 0 5 "   =   M i c r o s o f t   S Q L   S e r v e r   2 0 0 5  
 " M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   L a n g u a g e   P a c k   -   D E U "   =   M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   L a n g u a g e   P a c k   -   D E U  
 " M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   P a c k a g e "   =   M i c r o s o f t   V i s u a l   J #   2 . 0   R e d i s t r i b u t a b l e   P a c k a g e  
 " M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   R u n t i m e "   =   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   S e c o n d   E d i t i o n   R u n t i m e  
 " M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   R u n t i m e   L a n g u a g e   P a c k "   =   M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 5   T o o l s   f o r   O f f i c e   R u n t i m e   L a n g u a g e   P a c k  
 " M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 8   P r o f e s s i o n a l   E d i t i o n   -   D E U "   =   M i c r o s o f t   V i s u a l   S t u d i o   2 0 0 8   P r o f e s s i o n a l   E d i t i o n   -   D E U  
 " M o z i l l a   F i r e f o x   1 7 . 0   ( x 8 6   d e ) "   =   M o z i l l a   F i r e f o x   1 7 . 0   ( x 8 6   d e )  
 " M o z i l l a M a i n t e n a n c e S e r v i c e "   =   M o z i l l a   M a i n t e n a n c e   S e r v i c e  
 " M P   N a v i g a t o r   E X   4 . 0 "   =   C a n o n   M P   N a v i g a t o r   E X   4 . 0  
 " N V I D I A   D r i v e r s "   =   N V I D I A   D r i v e r s  
 " R e a l P l a y e r   6 . 0 "   =   R e a l P l a y e r  
 " S h o c k w a v e "   =   S h o c k w a v e  
 " S t a r c r a f t "   =   S t a r c r a f t  
 " S t e a m   A p p   3 0 0 "   =   D a y   o f   D e f e a t :   S o u r c e  
 " S t e a m   A p p   4 4 0 "   =   T e a m   F o r t r e s s   2  
 " S t e a m   A p p   6 3 0 "   =   A l i e n   S w a r m  
 " S u r f e r   7 "   =   S u r f e r   7  
 " T e a m s p e a k   2   R C 2 _ i s 1 "   =   T e a m S p e a k   2   R C 2  
 " T e a m S p e a k   3   C l i e n t "   =   T e a m S p e a k   3   C l i e n t  
 " T e a m V i e w e r   8 "   =   T e a m V i e w e r   8  
 " V i r t u a l C l o n e D r i v e "   =   V i r t u a l C l o n e D r i v e  
 " V i s u a l   S t u d i o   T o o l s   f o r   t h e   O f f i c e   s y s t e m   3 . 0   R u n t i m e "   =   V i s u a l   S t u d i o   T o o l s   f o r   t h e   O f f i c e   s y s t e m   3 . 0   R u n t i m e  
 " V i s u a l   S t u d i o   T o o l s   f o r   t h e   O f f i c e   s y s t e m   3 . 0   R u n t i m e   L a n g u a g e   P a c k   -   D E U "   =   V i s u a l   S t u d i o - T o o l s   f � r   O f f i c e   S y s t e m   3 . 0   R u n t i m e   L a n g u a g e   P a c k   -   D E U  
 " V i s u a l W e b D e v e l o p e r "   =   M i c r o s o f t   V i s u a l   S t u d i o   W e b   A u t h o r i n g   C o m p o n e n t  
 " v S h a r e . t v   p l u g i n "   =   v S h a r e . t v   p l u g i n   1 . 3  
 " W i n R A R   a r c h i v e r "   =   W i n R A R   A r c h i v i e r e r  
 " X T T B 0 0 0 0 1 . X T T B 0 0 0 0 1 T o o l b a r "   =   I C Q   T o o l b a r  
 " Y T d e t e c t "   =   Y a h o o !   D e t e c t  
    
 [ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = =   H K E Y _ U S E R S   U n i n s t a l l   L i s t   = = = = = = = = = = [ / c o l o r ]  
    
 [ H K E Y _ U S E R S \ D e l l _ O N _ C \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l ]  
 " A k a m a i "   =   A k a m a i   N e t S e s s i o n   I n t e r f a c e  
 " f 0 1 8 c f 2 1 c 0 4 5 2 c 6 4 "   =   A V M   F R I T Z ! B o x   U S B - F e r n a n s c h l u s s  
    
 <   E n d   o f   r e p o r t   >
         

Alt 22.12.2012, 22:07   #2
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Gut gemacht bisher, nur hilft uns ein verstümmeltes Logfile leider nichts, du wirst eine Möglichkeit finden muss, das korrekt dargestellt hier einzufügen, dann helfe ich dir sehr gerne.
__________________

__________________

Alt 22.12.2012, 22:30   #3
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Super, ryder, ich freu mich, dass du mir helfen willst.

Ich hab es jetzt nochmal versuch und ich denke, es hat geklappt.

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 12/22/2012 2:27:10 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.22 Gb Total Space | 36.47 Gb Free Space | 19.80% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009 - Deutsch
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777C06F9-8462-4289-9026-0462906E177F}" = XPS LightFX SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8D52E0F9-17A0-493B-8692-937381DDB62B}" = SimCity 2000
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ANNO1602" = Anno 1602
"AutoCAD Architecture 2009 - Deutsch" = AutoCAD Architecture 2009 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Cossacks II" = Cossacks II
"Counter-Strike: Source" = Counter-Strike: Source
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"Earthworm Jim_is1" = Earthworm Jim
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GTA2" = GTA2
"ICQLite" = ICQ 5.1
"ICQ-Tools_is1" = mehr ICQ Statussymbole
"Icy Tower_is1" = Icy Tower v1.3
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Little Fighter 2" = Little Fighter 2 version 2.0a
"MC-Load Preinstaller" = MC-Load Preinstaller
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Starcraft" = Starcraft
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Surfer 7" = Surfer 7
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinRAR archiver" = WinRAR Archivierer
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Dell_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
< End of report >
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 12/22/2012 2:27:10 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.22 Gb Total Space | 36.47 Gb Free Space | 19.80% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/12/21 11:04:23 | 000,212,480 | ---- | M] () [On_Demand] -- C:\Users\Dell\wgsdgsdgdsgsd.dll -- (Winmgmt)
SRV - [2012/11/29 08:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/25 10:01:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/12 13:09:00 | 004,539,712 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/08 12:04:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 00:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 07:41:40 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/31 12:33:22 | 000,085,096 | ---- | M] (Autodesk) [Disabled] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/30 10:24:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/27 03:26:36 | 000,657,408 | ---- | M] (Nokia) [Disabled] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 18:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Hilfsproggs\MS Visual Studio 2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/10/26 07:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/27 02:32:06 | 000,386,592 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (vpnva)
DRV - File not found [Kernel | On_Demand] --  -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/07/02 14:54:50 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/07/02 14:54:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/07/08 12:04:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/10/27 16:12:24 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/06 05:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 05:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 05:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 05:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/06/20 08:40:22 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/01/30 02:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/28 22:32:42 | 000,032,288 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2008/10/28 22:32:36 | 000,070,048 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/05 05:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/10/26 07:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/26 01:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/31 06:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 11:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/05 05:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/20 00:57:00 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)
DRV - [2001/08/22 02:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Dell_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Dell_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKU\Dell_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Hilfsproggs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Hilfsproggs\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions [2011/05/24 15:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007 [2012/12/21 04:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\FireFox\components [2012/11/25 10:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\FireFox\plugins [2012/11/25 10:01:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007 [2012/12/21 04:58:57 | 000,000,000 | ---D | M]
 
[2008/08/26 05:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions
[2012/11/19 13:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\extensions
File not found (No name found) -- 
 
O1 HOSTS File: ([2011/11/25 14:17:57 | 000,000,766 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 localhost 
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Hilfsproggs\TerraTec TV\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\Dell_ON_C\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avgnt] C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [wilenl]  File not found
O4 - HKU\Dell_ON_C..\Run: [AVMUSBFernanschluss] C:\Users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ICQ Lite] C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O4 - Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Dell\AppData\Roaming\appConf32.exe) - C:\Users\Dell\AppData\Roaming\appConf32.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\1\Command - "" = H:\.\recycled\info.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\.\recycled\info.exe
O33 - MountPoints2\{601e4e02-b402-11dc-8966-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{601e4e02-b402-11dc-8966-001c23067766}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{63914466-1cff-11de-842d-bad6eb6c8833}\Shell - "" = AutoRun
O33 - MountPoints2\{63914466-1cff-11de-842d-bad6eb6c8833}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{69812b1c-e60b-11dd-b95b-f0152afa1a9a}\Shell - "" = AutoRun
O33 - MountPoints2\{69812b1c-e60b-11dd-b95b-f0152afa1a9a}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{af2459ca-b4df-11dd-bb0a-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{af2459ca-b4df-11dd-bb0a-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{af2459cb-b4df-11dd-bb0a-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{af2459cb-b4df-11dd-bb0a-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{b4898c04-1cc1-11e1-a09a-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{b4898c04-1cc1-11e1-a09a-001c23067766}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{bfa132e4-908e-11dc-bd6f-001c23067766}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{bff1b0e4-d8b4-11dc-aee8-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{bff1b0e4-d8b4-11dc-aee8-001c23067766}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{bff1b0ea-d8b4-11dc-aee8-001c23067766}\Shell - "" = AutoRun
O33 - MountPoints2\{bff1b0ea-d8b4-11dc-aee8-001c23067766}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{d99f8a2b-55a9-11dd-a9de-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{d99f8a2b-55a9-11dd-a9de-001c26f41b48}\Shell\AutoRun\command - "" = E:\AutoStarter.exe
O33 - MountPoints2\{ee3fed1c-faf8-11dc-92f5-c1375d3927c5}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3fed1c-faf8-11dc-92f5-c1375d3927c5}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{ee3fed1e-faf8-11dc-92f5-c1375d3927c5}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3fed1e-faf8-11dc-92f5-c1375d3927c5}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f9278540-b476-11dd-8c8f-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{f9278540-b476-11dd-8c8f-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f9278544-b476-11dd-8c8f-001c26f41b48}\Shell - "" = AutoRun
O33 - MountPoints2\{f9278544-b476-11dd-8c8f-001c26f41b48}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f993e4f5-8aed-11dd-9ebb-0013e88022f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f993e4f5-8aed-11dd-9ebb-0013e88022f3}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f993e4f6-8aed-11dd-9ebb-0013e88022f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f993e4f6-8aed-11dd-9ebb-0013e88022f3}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/22 14:26:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/21 11:10:58 | 000,055,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Dell\AppData\Roaming\loaupdt.jpg
[2012/12/21 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\17001.007
[2012/12/19 11:04:43 | 000,000,000 | ---D | C] -- C:\kock
[2012/12/19 10:44:25 | 000,000,000 | ---D | C] -- C:\xmldm
[2012/12/19 09:44:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Ing-Geo
[2012/12/17 17:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/11 20:02:08 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 20:02:08 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/10 09:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\kock
[2012/12/09 05:17:39 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Mein Garmin
[2012/12/09 05:17:36 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\GARMIN
[2012/12/09 05:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/12/09 05:12:35 | 000,018,432 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmngen.sys
[2012/12/09 05:12:35 | 000,000,000 | ---D | C] -- C:\Garmin
[2012/12/08 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\UAs
[2012/12/03 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\TeamViewer
[2012/12/01 11:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/12/01 11:36:00 | 005,835,512 | ---- | C] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012/11/25 10:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\FireFox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dell\AppData\Roaming\*.tmp files -> C:\Users\Dell\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/21 14:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 14:26:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/21 11:42:06 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 11:42:06 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 11:42:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/21 11:32:53 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012/12/21 11:11:42 | 000,055,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Dell\AppData\Roaming\loaupdt.jpg
[2012/12/21 11:11:18 | 000,000,016 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012/12/21 11:04:46 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 07:33:59 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/12/21 07:33:59 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/21 07:33:59 | 000,149,906 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/12/21 07:33:59 | 000,121,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/21 04:59:05 | 000,219,232 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\AcroIEHelpe248.dll
[2012/12/21 04:59:05 | 000,007,104 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
[2012/12/19 09:43:46 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/17 14:45:27 | 000,007,104 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
[2012/12/16 06:53:43 | 000,000,140 | ---- | M] () -- C:\Windows\LODERUNN.INI
[2012/12/12 17:26:29 | 000,034,568 | ---- | M] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-12-12-2012.gdb
[2012/12/11 20:02:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 20:02:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/11 13:27:31 | 001,013,380 | ---- | M] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012/12/09 05:53:44 | 000,006,944 | ---- | M] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-08-12-2012.gdb
[2012/12/09 05:17:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/12/04 14:52:11 | 000,364,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/03 14:31:26 | 000,173,568 | ---- | M] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/03 12:17:33 | 005,835,512 | ---- | M] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012/12/03 12:16:54 | 000,000,977 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/02 09:10:45 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dell\AppData\Roaming\*.tmp files -> C:\Users\Dell\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/21 11:04:46 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 11:04:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/21 04:59:05 | 000,219,232 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\AcroIEHelpe248.dll
[2012/12/21 04:59:05 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
[2012/12/17 14:45:27 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
[2012/12/12 17:26:29 | 000,034,568 | ---- | C] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-12-12-2012.gdb
[2012/12/11 13:27:30 | 001,013,380 | ---- | C] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012/12/09 05:53:44 | 000,006,944 | ---- | C] () -- C:\Users\Dell\Desktop\Koordinaten-IngGeo-08-12-2012.gdb
[2012/12/03 12:16:54 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/11/20 07:48:41 | 000,007,104 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe235.dll
[2012/11/12 09:36:38 | 000,007,720 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\BAcroIEHelpe228.dll
[2012/11/10 10:21:40 | 000,000,016 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012/09/05 16:36:38 | 000,000,140 | ---- | C] () -- C:\Windows\LODERUNN.INI
[2011/11/16 14:00:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/05/11 03:20:44 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/11 03:20:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\26485ED7FA.sys
[2010/07/16 08:48:39 | 000,001,447 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/16 08:30:08 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010/01/02 07:07:33 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/23 13:36:39 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/23 13:36:31 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/23 13:36:20 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/07/05 14:00:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/07/05 14:00:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/05/27 14:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 14:27:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 14:26:24 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/04/21 05:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/21 05:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/05 12:38:47 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/05 12:38:39 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/09 10:23:13 | 000,053,712 | RHS- | C] () -- C:\Users\Dell\AppData\Roaming\appConf32.exe
[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/01 20:00:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/19 11:35:35 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/07/19 10:34:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/07/11 15:24:03 | 000,001,185 | ---- | C] () -- C:\Windows\mozver.dat
[2008/06/18 09:59:06 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/04/27 05:01:11 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/03/25 11:35:05 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/03/23 04:34:35 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/14 11:41:16 | 000,034,382 | ---- | C] () -- C:\Windows\scunin.dat
[2007/12/28 19:50:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/26 20:05:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/26 19:30:53 | 000,001,651 | ---- | C] () -- C:\Windows\eReg.dat
[2007/12/26 18:06:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/24 16:50:36 | 000,173,568 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/11 15:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.dat
[2007/11/11 15:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.001
[2007/11/11 14:59:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/11/11 14:49:46 | 000,001,356 | ---- | C] () -- C:\Users\Dell\AppData\Local\d3d9caps.dat
[2007/10/26 07:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 10:48:52 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:48:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:48:52 | 000,149,906 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:48:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,364,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/14 05:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/05/24 15:55:01 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/11/03 11:29:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011/10/26 14:10:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2011/05/13 00:37:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/10/26 14:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2009/06/20 08:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/05/24 15:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\HBLiteSA
[2010/01/31 16:57:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2012/10/09 04:25:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2010/01/31 16:49:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2009/10/21 12:46:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008/03/12 14:42:31 | 000,000,000 | ---D | M] -- C:\ProgramData\pixelStorm
[2011/04/07 07:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/01/04 09:24:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/09/19 06:57:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/11/18 15:14:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2007/11/11 14:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/12/01 06:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/11/25 14:37:02 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/12/21 11:42:03 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:C6D3DE2E1595B96E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
< End of report >
         
__________________

Alt 22.12.2012, 22:44   #4
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Da hat sich ganz schön was angesammelt.


Schritt 1:
Fix mit OTLpe
Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
  • Starte den infizierten Rechner mit der OTLpe-CD und starte OTLpe.
  • Falls du keine Internetverbindung hast:
    1. Drücke Windows-Taste + R > notepad (reinschreiben) > OK
    2. Kopiere das Fixskript in den Editor und speichere die Datei als Fix.txt
    3. Kopiere dir die Fix.txt auf einen USB-Stick.
    4. Schliesse den Stick an den infizierten Rechner an und kopiere dir die Datei auf den Desktop.
  • Füge das Skript in das Feld Custom Scans / Fixes ein:
Code:
ATTFilter
:OTL
SRV - [2012/12/21 11:04:23 | 000,212,480 | ---- | M] () [On_Demand] -- C:\Users\Dell\wgsdgsdgdsgsd.dll -- (Winmgmt)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O33 - MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\1\Command - "" = H:\.\recycled\info.exe
O33 - MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\Shell\AutoRun\command - "" =  Shell32.DLL,ShellExec_RunDLL H:\.\recycled\info.exe
[2012/12/21 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\17001.007
[2012/12/19 11:04:43 | 000,000,000 | ---D | C] -- C:\kock
[2012/12/19 10:44:25 | 000,000,000 | ---D | C] -- C:\xmldm
[2012/12/10 09:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\kock
[2012/12/21 14:26:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/21 11:04:46 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 11:04:46 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/21 11:04:46 | 000,000,892 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012/12/21 11:04:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
@Alternate Data Stream - 24 bytes -> C:\Windows:C6D3DE2E1595B96E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
         
  • Schliesse bitte nun alle anderen Programme.
  • Klicke nun bitte auf den Fix Button.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. (Auch zu finden unter C:\OTLpe\MovedFiles\<datum_nummer.log>)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.
Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTLpe scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!
Fragen:
  • Kannst du jetzt wieder in den normalen Modus booten?

Schritt 2:
Normal Booten


Schritt 3:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 4:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.
Schritt 5:
Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.12.2012, 23:00   #5
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Ja, mein PC ist extrem vollgemuellt. Er hat schon einige Jahre auf dem Ruecken und waeren nicht etliche Programme drauf, die ich jetzt nicht mehr bekommen wuerde, waere er schon laengst formatiert worden. Ist eigentlich die einzige Moeglichkeit den wieder halbwegs fit zu bekommen.


Danke, sah soweit schon mal gut aus. Aber das solltest lieber du als Profi ueberpruefen.

Das erzeugte Log
Code:
ATTFilter
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt deleted successfully.
C:\Users\Dell\wgsdgsdgdsgsd.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a076544-5da0-11de-8845-d24c841c8fe2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a076544-5da0-11de-8845-d24c841c8fe2}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
File H:\.\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{558804a6-8e39-11dd-8c94-ccf6b0cf256d}\ not found.
C:\Windows\System32\shell32.dll moved successfully.
C:\Users\Dell\AppData\Roaming\17001.007\components folder moved successfully.
C:\Users\Dell\AppData\Roaming\17001.007 folder moved successfully.
C:\kock folder moved successfully.
C:\xmldm folder moved successfully.
C:\Users\Dell\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.js not found.
File C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
ADS C:\Windows:C6D3DE2E1595B96E deleted successfully.
ADS C:\ProgramData\TEMP:B606BA34 deleted successfully.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 12222012_225316
         
Versuche mich nun an Schritt 2 mit dem normalen Booten.


Alt 22.12.2012, 23:04   #6
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Ja gut soweit, nur hat mein Fix leider auch ne Datei verschoben, die nicht hätte verschoben werden sollte ... hm das müssen wir noch reparieren, wenn du normal booten kannst.
__________________
--> WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt

Alt 22.12.2012, 23:09   #7
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Da ist das Problem, er bootet nicht normal. :/

Beim Hochfahren zeigt er mir mehrere Fehlermeldungen.
Unter anderm startet der explorer nicht, das Aufgabenplanungsmodul,...

Haben wir noch eine Chance?

P.S.: Der Bildschirm bleibt zum Ende hin schwarz und es kommen immer wieder die Fehlermeldungen vom Aufgabenplanungsmodul und das er es nicht starten konnte.

Alt 22.12.2012, 23:11   #8
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Ja, da ist mir leider was zwischen rein gerutscht was nicht sollte.

Boote noch mal von deiner CD.

Finde auf der Festplatte den Ordner c:\OTL_ und suche in den moved files die Datei

C:\Windows\System32\shell32.dll

und kopiere sie wieder an die korrekte Stelle. Schaffst du das?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.12.2012, 23:16   #9
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Ich versuche mich dran. Gib mir ein paar Minuten.

Alt 22.12.2012, 23:17   #10
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Dann bleib ich solange noch wach
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 22.12.2012, 23:30   #11
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Astrein! Hat funktioniert.

System bootet normal und ich bin wieder in meinem "geliebten Windows Vista". ^^

Ich hoffe, die Folgepunkte, die du mir oben gelistet hast, schaffe ich alleine. Oder kommt noch was "komplexeres"?

Ich danke dir recht herzlich, ryder, und wünsch dir eine gute Nacht.

Alt 22.12.2012, 23:31   #12
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Nö das solltest du hinkriegen.

Ich schau mir dann morgen dein Combofix-log an und dann killen wir den Rest der Bösewichter. Viel Spass
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 23.12.2012, 00:28   #13
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Hier noch die beiden Logs meines überladenen PCs:

AdwCleaner[S1]
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 22/12/2012 um 23:35:20 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Benutzer : Dell - DELL-XPS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Dell\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\HBLite
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Ordner Gelöscht : C:\ProgramData\HBLiteSA
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\hblitesa
Schlüssel Gelöscht : HKCU\Software\MediaHoldings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16450

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://google.icq.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Page] = hxxp://google.icq.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\prefs.js

Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");

Profilname : OhneShit 
Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\xlblvqdc.OhneShit\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7016 octets] - [22/12/2012 23:35:20]

########## EOF - C:\AdwCleaner[S1].txt - [7076 octets] ##########
         

ComboFix
Code:
ATTFilter
ComboFix 12-12-22.02 - Dell 22.12.2012  23:56:16.1.2 - x86
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\26485ED7FA.sys
c:\users\Dell\AppData\Roaming\AcroIEHelpe.txt
c:\users\Dell\AppData\Roaming\AcroIEHelpe248.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe228.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe235.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe246.dll
c:\users\Dell\AppData\Roaming\BAcroIEHelpe248.dll
c:\users\Dell\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-22 bis 2012-12-22  ))))))))))))))))))))))))))))))
.
.
2012-12-23 03:53 . 2012-12-23 03:53	--------	d-----w-	C:\_OTL
2012-12-22 22:27 . 2012-12-22 22:27	--------	d-----w-	c:\users\Dell\AppData\Roaming\kock
2012-12-17 22:17 . 2012-12-17 22:17	--------	d-----w-	c:\program files\CCleaner
2012-12-12 01:02 . 2012-12-12 01:02	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:02 . 2012-12-12 01:02	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-09 10:17 . 2012-12-09 10:48	--------	d-----w-	c:\users\Dell\AppData\Roaming\GARMIN
2012-12-09 10:12 . 2012-12-09 10:16	--------	d-----w-	C:\Garmin
2012-12-09 10:12 . 2007-03-08 22:18	8320	----a-w-	c:\windows\system32\drivers\grmnusb.sys
2012-12-09 10:12 . 2007-03-08 22:18	18432	----a-w-	c:\windows\system32\drivers\grmngen.sys
2012-12-08 16:42 . 2012-12-12 00:52	--------	d-----w-	c:\users\Dell\AppData\Roaming\UAs
2012-12-03 17:17 . 2012-12-03 17:54	--------	d-----w-	c:\users\Dell\AppData\Roaming\TeamViewer
2012-12-01 16:38 . 2012-12-03 17:16	--------	d-----w-	c:\program files\TeamViewer
2012-11-25 15:00 . 2012-11-30 21:53	--------	d-----w-	c:\program files\FireFox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 18:00 . 2012-12-20 18:41	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E2F381F-B7AD-4034-939F-7BBD198D7286}\mpengine.dll
2012-09-24 22:16 . 2012-11-10 16:36	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVMUSBFernanschluss"="c:\users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-02-17 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\hilfsp~1\ICQ\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2012-7-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-17 05:58	3303000	----a-w-	c:\users\Dell\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15	3144800	----a-w-	c:\hilfsproggs\ICQ\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-03-02 17:52	140640	----a-w-	c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01	319488	----a-w-	c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-01-30 07:12	96800	----a-w-	c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-01-30 07:12	735776	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 21:42	1354736	----a-w-	c:\spiele\Valve\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 16:34	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21	94208	----a-w-	c:\hilfsproggs\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-wilenl - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CloneCDTray - c:\hilfsproggs\FrostWire\CloneCD\CloneCDTray.exe
MSConfigStartUp-DAEMON Tools - c:\hilfsproggs\DAEMON Tools\daemon.exe
MSConfigStartUp-HBLiteSA - c:\program files\HBLite\bin\11.0.363.0\HBLiteSA.exe
MSConfigStartUp-iTunesHelper - c:\hilfsproggs\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-PCMService - c:\program files\Dell\MediaDirect\PCMService.exe
AddRemove-GTA2 - c:\windows\IsUn0407.exe
AddRemove-Surfer 7 - c:\hilfsproggs\Uniprogramme\Serfer7\Uninst.isu
AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-23 00:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,4c,44,d0,69,fc,9a,f5,c8,40,f1,db,a0,b5,5d,04,a6,9c,62,0d,93,df,c6,
   fe,73,7c,9c,e4,43,21,98,fe,a3,d8,80,1c,4f,e5,83,f9,23,30,b4,f1,f8,b6,54,56,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,5f,d1,d3,b3,6e,a5,11,07,72,79,84,da,83,fb,36,46,43,cf,3e,13,
   17,2a,3e,64,7a,21,cb,ad,62,e1,1c,af,1c,48,c1,b3,59,dd,6c,d3,b9,ad,00,31,e3,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23  00:11:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-22 23:10
.
Vor Suchlauf: 17 Verzeichnis(se), 44.754.051.072 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 44.571.623.424 Bytes frei
.
- - End Of File - - 2223E0226C233C2AC7B665CC2C491EF5
         

Wie geht's weiter?

Die verseuchten, verschobenen Dateien löschen?

Alt 23.12.2012, 11:06   #14
ryder
/// TB-Ausbilder
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Einen Rest haben wir noch:

Combofix-Skript
Zitat:
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\users\Dell\AppData\Roaming\kock
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags) ein.

Zitat:
Hinweis:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 23.12.2012, 11:43   #15
Mufus
 
WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Standard

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt



Er hat mir beim selbstsändigen Neustart einen "Fehler" mit dem Registrierungsschlüssel von USB-Fernanschluss (eine Fritzbox-Sache) angezeigt. Abgesehen davon, dass das eh nichts wichtiges mehr für mich ist, habe ich schon gelesen, dass das Problem nach einem erneuten Neustart nicht mehr auftreten sollte.

Hier ist der (das? ^^) Log:
Code:
ATTFilter
ComboFix 12-12-22.02 - Dell 23.12.2012  11:23:39.1.2 - x86
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dell\Desktop\CFScript.txt
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FireFox\plugin-container.exe
c:\program files\FireFox\uninstall\helper.exe
c:\program files\FireFox\updater.exe
c:\users\Dell\AppData\Roaming\appconf32.exe
c:\users\Dell\AppData\Roaming\kock
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!user32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 10:33 . 2012-12-23 10:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 03:53 . 2012-12-23 03:53	--------	d-----w-	C:\_OTL
2012-12-23 00:29 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF113B60-8951-4495-8F15-275F3920D8B7}\mpengine.dll
2012-12-23 00:16 . 2012-12-23 00:16	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-23 00:00 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
2012-12-22 23:58 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 23:58 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 23:57 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-22 23:56 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-12-22 23:56 . 2012-11-13 01:36	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-12-22 23:56 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-22 23:56 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-12-22 23:56 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-22 23:53 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-12-17 22:17 . 2012-12-17 22:17	--------	d-----w-	c:\program files\CCleaner
2012-12-12 01:02 . 2012-12-12 01:02	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:02 . 2012-12-12 01:02	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-09 10:17 . 2012-12-09 10:48	--------	d-----w-	c:\users\Dell\AppData\Roaming\GARMIN
2012-12-09 10:12 . 2012-12-09 10:16	--------	d-----w-	C:\Garmin
2012-12-09 10:12 . 2007-03-08 22:18	8320	----a-w-	c:\windows\system32\drivers\grmnusb.sys
2012-12-09 10:12 . 2007-03-08 22:18	18432	----a-w-	c:\windows\system32\drivers\grmngen.sys
2012-12-08 16:42 . 2012-12-12 00:52	--------	d-----w-	c:\users\Dell\AppData\Roaming\UAs
2012-12-03 17:17 . 2012-12-03 17:54	--------	d-----w-	c:\users\Dell\AppData\Roaming\TeamViewer
2012-12-01 16:38 . 2012-12-03 17:16	--------	d-----w-	c:\program files\TeamViewer
2012-11-25 15:00 . 2012-12-23 10:32	--------	d-----w-	c:\program files\FireFox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 22:16 . 2012-11-10 16:36	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVMUSBFernanschluss"="c:\users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-02-17 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\hilfsp~1\ICQ\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2012-7-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-17 05:58	3303000	----a-w-	c:\users\Dell\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15	3144800	----a-w-	c:\hilfsproggs\ICQ\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-03-02 17:52	140640	----a-w-	c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01	319488	----a-w-	c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-01-30 07:12	96800	----a-w-	c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-01-30 07:12	735776	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 21:42	1354736	----a-w-	c:\spiele\Valve\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 16:34	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21	94208	----a-w-	c:\hilfsproggs\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Mozilla Firefox 17.0 (x86 de) - c:\program files\FireFox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-23 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,4c,44,d0,69,fc,9a,f5,c8,40,f1,db,a0,b5,5d,04,a6,9c,62,0d,93,df,c6,
   fe,73,7c,9c,e4,43,21,98,fe,a3,d8,80,1c,4f,e5,83,f9,23,30,b4,f1,f8,b6,54,56,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,5f,d1,d3,b3,6e,a5,11,07,72,79,84,da,83,fb,36,46,43,cf,3e,13,
   17,2a,3e,64,7a,21,cb,ad,62,e1,1c,af,1c,48,c1,b3,59,dd,6c,d3,b9,ad,00,31,e3,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23  11:39:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-23 10:39
ComboFix2.txt  2012-12-22 23:11
.
Vor Suchlauf: 20 Verzeichnis(se), 42.978.107.392 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 42.712.551.424 Bytes frei
.
- - End Of File - - 6C62CEC46295927B0BB90D92FEE62F79
         

Antwort

Themen zu WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt
abgesicherten, abgesicherter, abgesicherter modus möglich, auslesen, bildschirm, dateien, desktop, erkannt, erstell, erstellt, falsch, gesuch, gesucht, interne, internet, kein abgesicherter modus möglich, leerzeichen, logfiles, modus, nicht erkannt, nichts, schwarzer bildschirm, verschickt, version, vista, warum, überall



Ähnliche Themen: WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt


  1. GUV-Trojaner eingefangen, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 12.04.2015 (13)
  2. GVU Trojaner kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (3)
  3. GVU/BKA Trojaner auf XP-Rechner, kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (10)
  4. Windows Xp *BKA*-Trojaner kein Abgesicherter Modus möglich
    Log-Analyse und Auswertung - 15.09.2013 (5)
  5. GVU Trojaner Windows XP - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  6. Bundespolizei Trojaner - anscheinend neueste Version - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (7)
  7. GVU Trojaner, Win7, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 29.06.2013 (9)
  8. GVU Trojaner, OTL Logfiles bereits erstellt
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (1)
  9. GVU Trojaner auf Windows XP, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 17.03.2013 (4)
  10. GVU Trojaner zugezogen kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (23)
  11. GVU Trojaner - Windows XP SP3 - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (14)
  12. GVU Trojaner (Win 7 Laptop) und kein abgesicherter Modus möglich.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (27)
  13. GVU Trojaner auf Windows XP, kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (18)
  14. IPA Trojaner, abgesicherter Modus nicht möglich - Logfiles
    Log-Analyse und Auswertung - 21.10.2012 (9)
  15. Bundespolizei Virus auf Win7, Abgesicherter Modus funktioniert nicht, otl logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (9)
  16. Bundespolizei-Trojaner und kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 26.03.2012 (27)
  17. Gema Trojaner mit XP - Kein Abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (55)

Zum Thema WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt - Hallo Trojaner-Board-Experten. Ich hoffe, ihr könnt mir weiterhelfen. Ich habe mir den bekannten GVU-Trojaner eingefangen. Dieser ließ mich selbst im abgesicherten Modus nichts mehr amchen (schwarzer Bildschirm). Habe vorhin gerade - WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt...
Archiv
Du betrachtest: WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.