Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2013, 19:25   #1
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Hallo an die freundlichen Helfer hier! Wäre schön, wenn ihr mir - wie so vielen anderen hier - helfen könntet.

Ich habe mir diesen Erpressungstrojaner eingefangen. Drohung mit Bundespolizei und Zahlungsaufforderung über 100€.

Ich habe einen windows vista 32 bit Rechner. Mit der Kapersky Rettungs-CD habe ich mein Glück schon versucht. Allerdings vergeblich. Beim Scan wurden jede Menge Trojaner gefunden, die ich allerdings beim ersten Mal teiweise nicht gelöscht habe, weil bei "Überspringen" "empfohlen" stand. Beim nächsten Mal habe ich dann gelöscht, was ging. Allerdings kamen dann nicht mehr so viele "Löschangebote", obwohl er wieder viel gefunden hatte.
Jedenfalls hat sich nichts geändert. Der Rechner ist gesperrt und ich komme nicht hinein.

Was tun? Vielen Dank schon mal im Voraus!

Alt 12.06.2013, 19:32   #2
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



hi
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 12.06.2013, 19:41   #3
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Das ging ja superschnell! Ich kann über mein MacBook isos brennen. Die Texte muss ich dann wohl über Stick hin und her bewegen...
Melde mich!
__________________

Alt 12.06.2013, 19:42   #4
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



außer du hast über die cd internet.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 06:42   #5
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



OTL.TXT

Code:
ATTFilter
OTL logfile created on: 6/13/2013 1:48:23 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 106.38 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 97.38 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive I: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
Drive J: | 390.62 Gb Total Space | 353.26 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
Drive K: | 443.23 Gb Total Space | 158.00 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/01 10:13:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 10:34:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/23 05:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto] -- C:\Program Files\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2008/08/13 12:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 03:34:56 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/03/09 11:29:44 | 002,232,296 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2007/03/07 10:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/20 08:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (yeddef)
DRV - File not found [Kernel | System] --  -- (qjylnhrk)
DRV - File not found [Kernel | System] --  -- (opqcbnrt)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | System] --  -- (awrvtpte)
DRV - File not found [Kernel | System] --  -- (acwsgcfe)
DRV - File not found [Kernel | Auto] --  -- (ACEDRV07)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/15 04:33:23 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/04 17:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/21 05:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/02/16 20:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/10 06:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010/01/10 11:22:24 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/19 16:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 09:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 09:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/05/01 08:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/20 08:50:42 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CGY013.sys -- (CGY013)
DRV - [2007/03/05 04:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 07:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 14:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 14:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 01:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/11 14:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 14:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/06 19:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/10/26 10:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 10:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 10:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 10:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 10:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 10:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 10:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 10:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 11:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Bronson_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Bronson_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bronson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Streamer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Streamer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\Surfer_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Surfer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..network.proxy.http: "195.168.126.94"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/04 07:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/01 10:13:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/01 10:13:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/04 07:55:07 | 000,000,000 | ---D | M]
 
[2010/09/12 11:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Extensions
[2013/06/02 04:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions
[2010/09/13 13:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/02 04:41:46 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\extensions\foxmarks@kei.com
[2010/10/05 14:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\Mozilla\Firefox\Profiles\wz1h5qi5.default\searchplugins\conduit.xml
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/01 10:13:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/01 10:13:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
() (No name found) -- C:\USERS\BRONSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ1H5QI5.DEFAULT\EXTENSIONS\ADMIN@PROXY-LISTEN.DE.XPI
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\Bronson_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\Bronson_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Surfer_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Germany GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech BT Wizard]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TrayServer]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Bronson_ON_C..\Run: []  File not found
O4 - HKU\Bronson_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Bronson_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Bronson_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Bronson_ON_C..\Run: [gStart]  File not found
O4 - HKU\Bronson_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Bronson_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Gast_ON_C..\Run: []  File not found
O4 - HKU\Gast_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Gast_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Gast_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Streamer_ON_C..\Run: []  File not found
O4 - HKU\Streamer_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Streamer_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Streamer_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Surfer_ON_C..\Run: []  File not found
O4 - HKU\Surfer_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Surfer_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\Surfer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Surfer_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Bronson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5954/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Bronson_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6fa78f0a-25e3-11e2-804b-001aa01521d9}\Shell - "" = AutoRun
O33 - MountPoints2\{6fa78f0a-25e3-11e2-804b-001aa01521d9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{c502bd93-0cf5-11df-9d8f-001aa01521d9}\Shell\AutoRun\command - "" = L:\Menu.exe
O33 - MountPoints2\{fa188649-d141-11de-88b6-0007617e2816}\Shell\AutoRun\command - "" = L:\videos\player\winopen.exe "\The DaVinci Code.exe"
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK32.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Bronson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe - ()
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 11:25:07 | 000,000,000 | ---D | C] -- C:\Users\Bronson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/06/01 10:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/17 06:37:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/17 06:19:35 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/17 06:19:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/17 06:19:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/17 06:19:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/17 06:19:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/17 06:19:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/17 06:19:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/17 06:19:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/17 06:19:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/16 08:39:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/16 08:39:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/15 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Roxio
[2013/05/15 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Nero
[2013/05/15 16:58:37 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Logitech
[2013/05/15 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\GTek
[2013/05/15 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/05/15 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\SupportSoft
[2013/05/15 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/15 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/15 16:58:07 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\LocalLow
[2013/05/15 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Identities
[2013/05/15 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\VirtualStore
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Verlauf
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Temporary Internet Files
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Videos
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Musik
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\Documents\Eigene Bilder
[2013/05/15 16:57:10 | 000,000,000 | -HSD | C] -- C:\Users\Streamer\AppData\Local\Anwendungsdaten
[2013/05/15 16:57:09 | 000,000,000 | --SD | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft
[2013/05/15 16:57:09 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/15 16:57:09 | 000,000,000 | R--D | C] -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Temp
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Microsoft Help
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local\Microsoft
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Media Center Programs
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Roaming\Macromedia
[2013/05/15 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Streamer\AppData\Local
[2007/07/11 16:24:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Surfer\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/12 17:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/12 17:10:55 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/12 17:09:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 17:09:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 12:02:53 | 000,163,052 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\2433f433
[2013/06/11 12:02:53 | 000,163,027 | ---- | M] () -- C:\Users\Bronson\AppData\Local\2433f433
[2013/06/11 12:02:53 | 000,163,009 | ---- | M] () -- C:\ProgramData\2433f433
[2013/06/11 11:38:26 | 000,002,655 | ---- | M] () -- C:\Users\Bronson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/06/11 11:34:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 19:37:11 | 000,018,432 | ---- | M] () -- C:\Users\Bronson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/02 08:39:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/02 08:39:33 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/02 08:39:33 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/02 08:39:33 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 06:54:46 | 000,378,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 16:57:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/05/15 10:34:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 10:34:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/14 11:50:34 | 000,002,455 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2013/06/11 12:02:53 | 000,163,052 | ---- | C] () -- C:\Users\Bronson\AppData\Roaming\2433f433
[2013/06/11 12:02:53 | 000,163,027 | ---- | C] () -- C:\Users\Bronson\AppData\Local\2433f433
[2013/06/11 12:02:53 | 000,163,009 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/15 16:58:08 | 000,000,951 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/15 16:58:06 | 000,000,946 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/05/15 16:57:55 | 000,000,917 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013/05/15 16:57:09 | 000,000,258 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/15 16:57:09 | 000,000,240 | ---- | C] () -- C:\Users\Streamer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/05 06:47:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/06 17:02:24 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll
[2011/07/06 17:02:24 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2010/12/04 09:02:38 | 000,078,214 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/11/04 07:34:03 | 000,214,603 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/08/14 09:02:18 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010/08/14 09:02:18 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/05/24 14:22:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/05/24 14:22:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/24 05:11:33 | 000,001,356 | ---- | C] () -- C:\Users\Bronson\AppData\Local\d3d9caps.dat
[2010/04/19 03:26:22 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/19 03:13:55 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/02/08 16:14:58 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/11 12:49:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 12:49:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/25 05:30:45 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2008/10/24 13:16:13 | 000,000,144 | ---- | C] () -- C:\Users\Bronson\AppData\default.pls
[2008/09/13 07:17:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/11/06 16:00:19 | 000,000,220 | ---- | C] () -- C:\Users\Bronson\AppData\Roaming\wklnhst.dat
[2007/10/31 06:49:44 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AV32UID.DAT
[2007/10/30 14:24:23 | 000,000,549 | ---- | C] () -- C:\Windows\Magix.ini
[2007/10/29 09:48:33 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/16 10:24:46 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/08/16 10:24:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/07/16 16:07:36 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/07/11 16:24:26 | 000,087,608 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\inst.exe
[2007/07/11 16:24:26 | 000,007,887 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.cat
[2007/07/11 16:24:26 | 000,001,144 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.inf
[2007/06/15 11:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/06/14 14:29:32 | 000,026,624 | ---- | C] () -- C:\Users\Surfer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 10:55:45 | 000,018,432 | ---- | C] () -- C:\Users\Bronson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 10:50:08 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/07 23:04:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/07 23:04:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 11:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,126,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,378,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,036 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 18:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 18:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
 
========== LOP Check ==========
 
[2010/01/10 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\AquaSoft
[2011/12/12 14:07:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Audacity
[2011/03/10 08:08:35 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Awkux
[2013/06/06 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Axar
[2010/02/08 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\BDREBUILDER
[2011/04/05 05:33:42 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/03/01 05:26:23 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DAEMON Tools
[2010/08/14 09:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\dcunningham.net
[2007/12/01 08:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DeepBurner
[2007/12/26 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Doblon
[2009/12/29 07:00:10 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDforger
[2010/10/05 11:00:26 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/07 06:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\elsterformular
[2013/05/07 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Epetys
[2007/10/03 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\FRITZ!
[2009/08/15 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GARMIN
[2011/12/12 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GetRightToGo
[2013/06/01 09:10:18 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Heakx
[2011/01/08 08:38:01 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Koepis
[2008/04/01 11:24:58 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MAGIX
[2011/07/03 13:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\mkvtoolnix
[2012/09/06 04:49:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MPEG Streamclip
[2010/04/19 04:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Opera
[2011/07/17 06:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\SourceTec
[2007/11/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Template
[2011/03/10 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\uTorrent
[2013/02/14 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Vso
[2010/01/19 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Yamb
[2007/06/14 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\EPSON
[2009/08/15 07:41:11 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\GARMIN
[2011/03/10 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\uTorrent
[2007/07/11 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Vso
[2011/12/15 04:59:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2007/06/19 09:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Documents
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/08/17 12:11:06 | 000,000,000 | ---D | M] -- C:\ProgramData\ElsterFormular
[2010/01/26 12:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/08/15 07:41:11 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2012/02/04 18:42:28 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2007/10/29 08:32:40 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/02/04 18:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PDVD
[2011/10/27 16:16:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PMS
[2012/02/05 06:47:30 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008/01/24 07:41:58 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2012/03/09 13:39:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2007/07/19 12:10:06 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2008/10/20 17:40:39 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/06/20 11:17:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2013/06/12 17:10:55 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2013/05/15 16:58:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/12/14 15:51:16 | 000,000,000 | ---D | M] -- C:\Acronis.Disk.Director.Suite.10.0.0.2117
[2008/08/08 08:28:46 | 000,000,000 | ---D | M] -- C:\ATI
[2009/09/18 12:55:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2008/05/05 14:08:24 | 000,000,000 | ---D | M] -- C:\DELL
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\doctemp
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\Drivers
[2010/06/25 16:05:36 | 000,000,000 | ---D | M] -- C:\fd326dd00d379aee8698796d79ef
[2010/04/18 09:18:11 | 000,000,000 | ---D | M] -- C:\Garmin
[2009/01/31 16:11:12 | 000,000,000 | ---D | M] -- C:\MAGIX
[2008/01/24 10:02:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/11/21 14:22:03 | 000,000,000 | ---D | M] -- C:\NotenBox 7
[2008/09/12 16:36:59 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/06/02 04:40:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/06/11 19:41:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007/06/14 10:44:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2013/06/10 14:31:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008/04/01 11:25:11 | 000,000,000 | ---D | M] -- C:\temp
[2013/05/15 16:57:09 | 000,000,000 | R--D | M] -- C:\Users
[2011/03/22 15:18:31 | 000,000,000 | ---D | M] -- C:\vuescan
[2013/05/16 09:24:08 | 000,000,000 | ---D | M] -- C:\Windows
[2010/07/13 10:03:20 | 000,000,000 | ---D | M] -- C:\WinSV
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/06/07 23:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\drivers\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/06/07 23:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/06/07 23:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/14 08:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 07:12:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 07:12:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007/04/19 07:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\DELL\drivers\R157988\IDE\WinVista\sata_ide\nvstor32.sys
[2007/04/19 07:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys
[2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 12:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys
[2007/04/25 11:18:56 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\DELL\drivers\R155142\IDE\WinVista\sataraid\nvstor32.sys
[2007/05/01 08:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Drivers\storage\R155144\nvstor32.sys
[2007/05/01 08:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007/06/15 10:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/06/15 10:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 03:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 05:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006/11/02 04:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\Mein Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\SyncToyData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\StreamTransport:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Mein Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\FixFoto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\EncodeHD Log Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\CDBurnerXP Projects:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Bronson\Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A5B56640
< End of report >
         
Hallo,
bin gerade irritiert. Du sprichst von *beiden Logs*.Ich finde aber nur eines, OTL, das am Ende des Scans aufgegangen ist...


Alt 13.06.2013, 13:07   #6
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



hast du selbst was gelöscht? sehe keinen aktiven starteintrag
__________________
--> Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.

Alt 13.06.2013, 13:49   #7
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Nein. So wie das Logfile ausgegeben wurde, habe ich es gepostet. Anfang und Ende sind ja da. Also kann auch beim Kopieren nichts schiefgegangen sein, oder? Wie gesagt ich habe es vorher schon mit Kaspersky versucht... Der Computer ist auch immer noch gesperrt.
Soll ich es noch mal machen?

Alt 13.06.2013, 14:03   #8
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



was heißt gesperrt genau, kommt immer noch das bild der Bundespolizei oder nur ein leerer desktop?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 15:16   #9
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Immer noch das Polizeibild und es geht nichts. Ich muss dann über den Taskmanager raus.

Hätte ich vielleicht vorher schon mal testen sollen: Ich arbeite über ein Benutzerkonto ohne Administratorrechte - und DAS ist gesperrt (Bundespolizeibild). Gerade habe ich gemerkt, dass ich problemlos über mein Administratorkonto reinkomme.
Hätte ich vielleicht den Haken bei "Automatically Load all remaining Users" doch lassen sollen?

Alt 13.06.2013, 19:56   #10
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



ja, diesmal diesen haken lassen und noch mal scannen.
sorry für die Umstände :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 20:13   #11
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Kann ich jetzt nicht auch mit der exe-Datei vom Administrator-Konto aus scannen?

Alt 13.06.2013, 20:24   #12
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



scanne mal wie folgt im admin konto, all users auswählen
versuchs erst mal mit script, wenns nicht geht ohne

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    bnun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2013, 00:43   #13
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Here we go:

OTL.Txt
Code:
ATTFilter
OTL logfile created on: 13.06.2013 22:55:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Surfer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,55% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 104,07 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 353,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,35 Gb Free Space | 63,50% Space Free | Partition Type: NTFS
Drive V: | 443,23 Gb Total Space | 158,00 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive W: | 97,66 Gb Total Space | 97,38 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: Surfer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.13 22:52:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MpCmdRun.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2009.05.21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Programme\dcmsvc\dcmsvc.exe
PRC - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.12 09:34:56 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2007.09.20 10:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.05.29 18:06:38 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.2\program\soffice.exe
PRC - [2007.05.29 15:36:02 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.2\program\soffice.bin
PRC - [2007.03.15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe
PRC - [2007.02.20 14:58:44 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\LBTWiz.exe
PRC - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\SetPoint.exe
PRC - [2007.02.08 07:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006.11.05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 14:58:45 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 22:33:02 | 005,457,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1beca67411be68bc4032f757b5ea6ebb\System.Xml.ni.dll
MOD - [2013.01.10 17:47:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Programme\dcmsvc\dcmsvc.exe
MOD - [2007.06.13 15:18:54 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.05.10 20:07:06 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.2\program\libxml2.dll
MOD - [2006.11.05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006.11.05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006.10.26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.13 17:34:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.01 16:13:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2008.08.13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.12 09:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2007.03.07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\yeddef.sys -- (yeddef)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qjylnhrk.sys -- (qjylnhrk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\opqcbnrt.sys -- (opqcbnrt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\awrvtpte.sys -- (awrvtpte)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (akpyuahy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\acwsgcfe.sys -- (acwsgcfe)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2013.06.13 22:47:53 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9054534-1553-4074-AAEA-56261A724C83}\MpKsleb8b63a6.sys -- (MpKsleb8b63a6)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.12.15 10:33:23 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.12.04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.09.21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011.02.17 02:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.06.10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2010.01.10 17:22:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.09.19 22:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 15:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.06.13 15:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.05.01 14:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.03.20 14:50:42 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY013.sys -- (CGY013)
DRV - [2007.03.05 10:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.02.25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007.02.08 07:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006.11.07 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.10.26 16:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006.10.26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.10.26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006.10.26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.10.26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.10.26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.10.26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.10.26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070608
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.11.04 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.01 16:13:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.01 16:13:04 | 000,000,000 | ---D | M]
 
[2009.02.09 21:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\Extensions
[2013.06.13 18:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\Firefox\Profiles\iwxvsxla.default\extensions
[2013.06.13 18:53:08 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Surfer\AppData\Roaming\mozilla\firefox\profiles\iwxvsxla.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.06.01 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.01 16:13:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.06.01 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.01 16:13:52 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Bronson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5954/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887CE4E6-BA6A-45F8-B1AD-D6FA1D05E390}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B42096DF-58CE-4304-8E81-75AB29F28A74}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK32.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Bronson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\Programme\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe - ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 22:52:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe
[2013.06.13 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.06.13 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Surfer\AppData\Local\Macromedia
[2013.06.13 16:43:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.01 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2007.07.11 22:24:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Surfer\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 22:52:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Surfer\Desktop\OTL.exe
[2013.06.13 22:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 22:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 22:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 20:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 19:00:36 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.11 18:02:53 | 000,163,009 | ---- | M] () -- C:\ProgramData\2433f433
[2013.06.02 14:39:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.02 14:39:33 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.02 14:39:33 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.02 14:39:33 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 12:54:46 | 000,378,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.11 18:02:53 | 000,163,009 | ---- | C] () -- C:\ProgramData\2433f433
[2012.02.05 12:47:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.06 23:02:24 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll
[2011.07.06 23:02:24 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2010.08.14 15:02:18 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.08.14 15:02:18 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2007.11.25 12:53:20 | 000,000,231 | ---- | C] () -- C:\Users\Surfer\Goya.ini
[2007.07.16 22:07:36 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.11 22:24:26 | 000,087,608 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\inst.exe
[2007.07.11 22:24:26 | 000,007,887 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.cat
[2007.07.11 22:24:26 | 000,001,144 | ---- | C] () -- C:\Users\Surfer\AppData\Roaming\pcouffin.inf
[2007.06.14 20:29:32 | 000,026,624 | ---- | C] () -- C:\Users\Surfer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.01.10 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\AquaSoft
[2011.12.12 20:07:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Audacity
[2011.03.10 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Awkux
[2013.06.06 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Axar
[2010.02.08 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\BDREBUILDER
[2011.04.05 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008.03.01 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DAEMON Tools
[2010.08.14 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\dcunningham.net
[2007.12.01 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DeepBurner
[2007.12.27 02:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Doblon
[2009.12.29 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDforger
[2010.10.05 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.07 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\elsterformular
[2013.05.08 01:37:39 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Epetys
[2007.10.03 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\FRITZ!
[2009.08.15 15:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GARMIN
[2011.12.12 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\GetRightToGo
[2013.06.01 15:10:18 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Heakx
[2011.01.08 14:38:01 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Koepis
[2008.04.01 17:24:58 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MAGIX
[2011.07.03 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\mkvtoolnix
[2012.09.06 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\MPEG Streamclip
[2010.04.19 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Opera
[2011.07.17 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\SourceTec
[2007.11.06 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Template
[2011.03.10 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\uTorrent
[2013.02.14 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Vso
[2010.01.19 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bronson\AppData\Roaming\Yamb
[2007.06.14 21:25:32 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\EPSON
[2009.08.15 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\GARMIN
[2011.03.10 14:22:00 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\uTorrent
[2007.07.11 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Surfer\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.15 22:58:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.14 21:51:16 | 000,000,000 | ---D | M] -- C:\Acronis.Disk.Director.Suite.10.0.0.2117
[2008.08.08 14:28:46 | 000,000,000 | ---D | M] -- C:\ATI
[2009.09.18 18:55:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.06.13 22:46:36 | 000,000,000 | ---D | M] -- C:\DELL
[2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\doctemp
[2007.06.14 16:44:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\Drivers
[2010.06.25 22:05:36 | 000,000,000 | ---D | M] -- C:\fd326dd00d379aee8698796d79ef
[2010.04.18 15:18:11 | 000,000,000 | ---D | M] -- C:\Garmin
[2009.01.31 22:11:12 | 000,000,000 | ---D | M] -- C:\MAGIX
[2008.01.24 16:02:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.11.21 20:22:03 | 000,000,000 | ---D | M] -- C:\NotenBox 7
[2008.09.12 22:36:59 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.02 10:40:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.12 01:41:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.14 16:44:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.13 16:43:31 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013.06.13 22:58:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.01 17:25:11 | 000,000,000 | ---D | M] -- C:\temp
[2013.05.15 22:57:09 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.22 21:18:31 | 000,000,000 | ---D | M] -- C:\vuescan
[2013.05.16 15:24:08 | 000,000,000 | ---D | M] -- C:\Windows
[2010.07.13 16:03:20 | 000,000,000 | ---D | M] -- C:\WinSV
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,604 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.15 14:41:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.06.08 05:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\drivers\atapi.sys
[2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007.06.08 05:02:51 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.06.08 05:02:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 14:29:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 13:12:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 13:12:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.04.19 13:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\DELL\drivers\R157988\IDE\WinVista\sata_ide\nvstor32.sys
[2007.04.19 13:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys
[2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys
[2007.04.25 17:18:56 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\DELL\drivers\R155142\IDE\WinVista\sataraid\nvstor32.sys
[2007.05.01 14:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Drivers\storage\R155144\nvstor32.sys
[2007.05.01 14:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.06.15 16:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.06.15 16:27:22 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.01.10 17:22:24 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
 
< %USERPROFILE%\*.* >
[2007.11.25 12:53:20 | 000,000,231 | ---- | M] () -- C:\Users\Surfer\Goya.ini
[2013.06.13 23:14:16 | 001,310,720 | -HS- | M] () -- C:\Users\Surfer\ntuser.dat
[2013.06.13 13:53:02 | 000,001,024 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG
[2013.06.13 23:14:16 | 000,262,144 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG1
[2007.06.14 20:25:59 | 000,000,000 | -H-- | M] () -- C:\Users\Surfer\ntuser.dat.LOG2
[2013.06.13 18:58:46 | 000,065,536 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.06.13 18:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.06.14 21:33:17 | 000,524,288 | -HS- | M] () -- C:\Users\Surfer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.06.14 20:26:00 | 000,000,020 | -HS- | M] () -- C:\Users\Surfer\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\Mein Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Surfer\Documents\ConvertXtoDVD:Roxio EMC Stream
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A5B56640

< End of report >
         
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 13.06.2013 22:55:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Surfer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,55% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 104,07 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 353,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,35 Gb Free Space | 63,50% Space Free | Partition Type: NTFS
Drive V: | 443,23 Gb Total Space | 158,00 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive W: | 97,66 Gb Total Space | 97,38 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: Surfer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028B900C-C36F-430F-B169-85DBA56EDE43}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{03F50809-DA43-4CBC-A20A-AA6A2033F24E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E298EB7-E098-458A-9755-8F39967FD1FC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{2F24DB94-1843-4898-B7B2-8F2E6C6B80A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{30ADB73F-D74C-4B36-805C-6B16864581EC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4859D2C9-3564-4DA7-A3E3-A5B49289E137}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{6116DAC2-3FD7-43B2-B265-3D597E69C6B8}" = lport=19376 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{6A289C59-C127-47B3-B630-6F8FE829E0EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6B1DDFBF-3CCA-4249-AD92-A8F08A319A32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7400C14E-116B-4BD1-A071-66479F2F70B0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{A9006DA4-3F9F-4572-9C02-F5388B4E4959}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{ABD2C371-D9D8-4E0B-94EA-100FE733FF91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B6504A18-222F-48A7-99BD-16C7BA734D82}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BE581EEC-DBC8-4B0B-AA04-6DC656A328C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{CBCD9127-6224-40FF-9A98-9CA45E0E320C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DBFD2407-2823-4401-9919-515DFD75AC45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{DFC6B5B1-1F46-444D-B198-23D1B7C148E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{F27CA33D-7B22-4CC7-9823-BDDC2D11A3B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F322D7BF-592C-4383-9843-E5282FF45A8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F4007769-7878-4137-9BB3-53E85ABDD43B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F62E8070-A32D-473E-A339-722F1477E826}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008B3223-18E4-407C-B346-C2AEF9157F5A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{02D49743-E068-4FD2-8712-4A0745419841}" = dir=in | app=f:\setup\hpznui01.exe | 
"{0D48027F-7E33-43AF-B5F9-41C28FA549F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{168579CC-356F-4E8A-86BF-EF06BFD8E702}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{17392DEA-ACAC-43B4-9216-824B7D3840A3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{1C967666-2D7E-41D4-ABF0-4B3E936E7281}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{1CAC0A75-8C80-4803-8558-91FE804790F1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{1DDDC8B5-E0C6-49C1-A35B-C16E40AD03BE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{1E6D0FA7-E2D3-4852-AC0E-4BF37ECB5078}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{25C8456C-080E-4BF9-A69E-86577A9EC0CC}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{265A53D2-8BF9-4401-BDC1-C05145A29D03}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{2943BF62-CB7E-424F-806C-9E35D49EAEAE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2B66A715-C3CB-42EF-A27B-293BB0D56F70}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{3AB9984B-7741-4E77-B28A-B81191AA465A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3C90B9D4-0546-47C5-9F6C-6F13F2E47F8E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{4046FD5C-850F-477A-B246-CCB9F4EFF221}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{437790E8-89B8-4359-B8A5-FB79C54E3C22}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{4FD14736-3BC5-41A6-A8D5-010A513213D0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{54C94183-A635-4A8E-A50D-341A30F4BC2E}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{590FFB55-7850-4072-9314-B9704D18AC8D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{5A2324AF-0C65-4C76-B394-2DF4269BFD90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{5AA7A9FF-F896-45E6-87B5-3A93FB988867}" = protocol=6 | dir=out | app=system | 
"{5AEF9540-FD22-438D-8542-F692EC4A99CE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{5D0A9031-3E74-4F56-9DFC-56970708E663}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{61DCF139-C9E4-424F-9FFF-C833FDCA4230}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{67074754-771B-4401-B5BD-7C969157EF44}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{75264807-E53D-476B-9CEC-477014D549C2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{75738018-D318-4BAD-AAFF-6C73910EECCF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{76715CAD-2F57-4B29-B903-419F7A8E65CB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{7DC8D83C-1541-4462-B1CF-CE471E0B4A3A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{8108F398-F395-4626-9392-B57CE2290A64}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{84FEB347-82AD-44A3-8C33-C34B0CF77447}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{904503E4-169B-4374-8268-5979AA5E7758}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{992635D8-39C2-4CE1-9645-C65CDCA4C64C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{9C6BFD56-C172-4917-AE31-6E4B589CA720}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{A51EDBD5-C64A-426A-8D1E-B6FE4D0932D5}" = protocol=6 | dir=out | app=system | 
"{BB3B47B7-2DC3-4C9E-9B53-3EC5637075E7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{BDFCD91D-B0A0-42DF-ADF3-C1300B416D64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{C63AC76F-EB15-49DE-B54C-CB1A23E3B3D9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{DD16587F-9991-4A80-A6BF-46A58D49C5AC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{DDFA94E5-D2BE-4370-BADA-ABFEEB4CCE78}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{E9BCF793-4FA3-4A4D-A1E4-DA526BC9F666}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{EB30A4BC-6191-4D58-937E-A3BB50A2B013}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{F335E70D-B78B-4C21-B1B0-B9DED4BF23AC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{FC45ADE9-1196-44FB-B3F8-CDB7F89F2AF7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{FEFC9BE7-3EAB-42EC-AED1-2084A6853803}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{0047DBA1-8DE7-48D4-B230-0C58DFBD574A}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"TCP Query User{199151DE-A5C0-4836-BDD0-ADD7AA1B347C}C:\program files\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\media player classic\mplayerc.exe | 
"TCP Query User{28967162-AB10-4540-B552-1EFB4DE716B2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{342FC930-7D38-4207-8ADB-D8EA955E8F9A}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | 
"TCP Query User{3D089629-FDCD-4906-BAC3-795299E76ACB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{56CB539F-E896-46ED-ABD1-D332812D4220}C:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"TCP Query User{601DDA69-0F3A-45BE-813C-426920D2D3E7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{63808629-C8D4-4D58-B268-8DE6221A4268}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{64293E84-0795-446B-9EF4-D01FDB39E24D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{814DD0EC-F766-4AFF-9207-D5D3EB2DB27C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{86EF3E1B-894F-4C5B-BF80-551E697B966F}C:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{93D91A41-8DB8-4A4A-A563-9322DB9AEA30}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{B3222697-B8C7-42DD-ABF7-215A66869A1E}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{B7AC91E7-0BDB-4DEA-A426-EB2A74026485}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{BBFB7AC2-3491-450F-8A2C-626A39C6DEA3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DA38AB85-3BCC-400C-A898-D09E429B0F02}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DA9F8C95-7C2E-4520-A2B1-7091B0791A1D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E897DAF6-846A-4925-86C1-F32AC046C5C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0D84ECFB-7246-4DE4-BEE6-EE3CC73BB742}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"UDP Query User{1460E5EE-1738-4CDE-B19A-D02EF898D881}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{1FA5D712-2FAD-40D8-B8BB-789B7367C23D}C:\program files\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\media player classic\mplayerc.exe | 
"UDP Query User{38DC34CA-4561-49DA-8B96-29F287C3744C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{3C5C223B-C733-40FB-889C-B7D6EE38B9A0}C:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\bronson\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{3FB29413-8FC8-478C-A1B9-C498254935FE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5C2901CA-64D5-4CAD-B2A4-F08ED67748E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{607788EA-CD41-4DC0-A915-F4D567977064}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{6959C338-C75B-40B5-ABB4-BE608D67229E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7673EC5C-F9CF-45DC-AD3C-80B3ED917625}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{7BE8591A-5C79-4F45-999E-E654DCBEFA30}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{9D2A509B-A230-4AEF-9BE7-2472C7F91537}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{B78C7574-91CD-4AED-A400-CC6BEE762D91}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B79EB157-650E-4BE4-A0B7-510C8CBD435C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CD9F492F-9EDB-4097-B496-93865BD1A244}C:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\bronson\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | 
"UDP Query User{EADA1059-1C92-4177-A341-7035CC32126C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{ECF02F69-9D93-4603-B39A-EC3584B3EEEE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F03EFB37-9C3E-4915-A6AD-5C44F015BC90}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{030A939C-9D2B-4095-A4FD-6B12FCB3C978}" = DISC TITLE PRINTER
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{0F693D04-8FD8-0D7A-109B-C9BE06EEE6B7}" = ccc-core-static
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3000D7AB-27E6-319E-7B9A-686F1880C64C}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3168528D-D485-2178-0993-348B450F83D2}" = Catalyst Control Center Graphics Full New
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{458825D3-272D-1BE0-A066-A270A65A4C41}" = Catalyst Control Center Core Implementation
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B4C42B-A110-4236-95C8-AA4B137C16AC}" = EPSON CopyFactory
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FFD817C-5D4F-E4CF-8B50-0CCAD44989DF}" = CCC Help German
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67637C64-743D-4C45-A1E1-D5FB4E1C0250}" = AVCHDCoder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{704DC225-2E14-EF16-2EF6-2B642B119A22}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9624BF70-FDBE-0767-58BF-A151BDF9D396}" = Catalyst Control Center Graphics Light
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B92288B-5DC5-74A2-5E76-C4DE4864B76E}" = Warner Bros. Digital Copy Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8 Demo
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D4948A0D-402F-4966-AE08-76574503E9A4}" = UltraEdit 14.20
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB6BAC4C-0592-8773-5EC6-77B59CDDB260}" = Catalyst Control Center Graphics Previews Vista
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{E7C6F560-316B-AC49-EF05-95ED32C0B6D9}" = Skins
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F41857B5-0762-D5D9-2118-0DC14EED2773}" = Catalyst Control Center Graphics Full Existing
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Privacy Cleaner_is1" = Advanced Privacy Cleaner 1.1
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"AVMFBox" = FRITZ!Box
"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dcmsvc_is1" = dcmsvc 1.0
"dlancockpit" = devolo dLAN Cockpit
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"FixFoto_is1" = FixFoto 2.91
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4.10
"Free YouTube Download_is1" = Free YouTube Download 2.10
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.60
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MIDI to MP3 Converter" = MIDI to MP3 Converter 2.4 build 775
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NotenBox7_is1" = AWIN NotenBox 7
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.15.1748" = Opera 12.15
"Photo To Sketch_is1" = Photo To Sketch 3.51
"PhotoFiltre" = PhotoFiltre
"PS3 Media Server" = PS3 Media Server
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealAlt_is1" = Real Alternative 2.0.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinZD_is1" = WinZD 2012-08
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZTestHL_is1" = ZTestHL 7.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-435549553-3016772667-2742125131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 08:33:09 | Computer Name = Arbeitszimmer | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.05.2013 08:33:09 | Computer Name = Arbeitszimmer | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.05.2013 17:19:09 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.05.2013 22:11:09 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.06.2013 19:05:41 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.06.2013 20:21:11 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.06.2013 12:46:43 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.06.2013 10:25:48 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.06.2013 17:40:06 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.06.2013 12:58:43 | Computer Name = Arbeitszimmer | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 11.02.2010 17:08:00 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 153
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 20.09.2011 13:19:23 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3738
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error - 20.09.2011 13:19:39 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.01.2012 19:31:11 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.06.2013 13:59:13 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 11.06.2013 11:25:23 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 11.06.2013 12:13:52 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 11.06.2013 12:21:35 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 11.06.2013 12:35:04 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 11.06.2013 17:48:12 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 12.06.2013 09:49:33 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 12.06.2013 17:10:19 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 13.06.2013 11:19:53 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 13.06.2013 16:48:32 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Alt 14.06.2013, 13:56   #14
markusg
/// Malware-holic
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\VIDEO_~1\TrayServer.exe File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-435549553-3016772667-2742125131-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.06.2013, 10:05   #15
kinosergio
 
Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Standard

Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.



Erst Mal: Vielen Dank, die Sperrung ist weg!!! Grandios!

Kurz vor dem Fix hat sich windows-update gemeldet. Ich habe es auf später verschoben, aber es sich dann bei dem Neustart reingemischt. Vielleicht liegt es daran, dass das Textdokument nicht erstellt wurde. Ein mit Datum und Uhrzeit benannter Ordner ist am entsprechenden Ort, aber der ist leer.
Bei den Programmen ist mir bisher nichts Ungewöhnliches aufgefallen. Ich habe aber auch noch nicht so viel gemacht.

Antwort

Themen zu Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.
32 bit, andere, anderen, bundespolizei, compu, computer, computer gesperrt, drohung, empfohlen, gefunde, gelöscht, gesperrt, helfer, kapersky, menge, nicht mehr, nichts, scan, schön, trojaner gefunden, versuch, vista, vista 32, windows, windows vista, zahlungsaufforderung



Ähnliche Themen: Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt.


  1. Key holder eingefangen und nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (6)
  2. Trojaner eingefangen - nichts geht mehr! GVU, Interpol Paysafecard!
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (5)
  3. GVU Trojaner - nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (20)
  4. HILFE!!! Vor zwei Tagen einen GFU Trojaner auf Windows 8 sony vaio eingefangen. nichts geht mehr!!!
    Log-Analyse und Auswertung - 03.08.2013 (9)
  5. Gvu-trojaner / nichts Geht mehr.
    Log-Analyse und Auswertung - 28.07.2013 (8)
  6. GVU Trojaner Win 7, nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (13)
  7. BKA Trojaner - NICHTS geht mehr
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (25)
  8. Ihr Computer wurde gesperrt ... Trojaner Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (7)
  9. GVU-Trojaner mit Webcam ..... Nichts geht mehr ;-)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (17)
  10. Trojaner eingefangen und nichts geht mehr
    Log-Analyse und Auswertung - 30.05.2012 (1)
  11. AKM Trojaner, nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (2)
  12. (2x) AKM Trojaner, nichts geht mehr
    Mülltonne - 03.03.2012 (2)
  13. Gema Trojaner und nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (8)
  14. Computer aus Lizenzgründen gesperrt, nichts geht mehr
    Log-Analyse und Auswertung - 05.02.2012 (1)
  15. BKA Trojaner - nichts geht mehr...
    Log-Analyse und Auswertung - 12.09.2011 (72)
  16. BKA TROJANER - Vista 32 - NICHTS GEHT MEHR
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (27)
  17. Clean This Trojaner, NICHTS geht mehr !
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (4)

Zum Thema Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. - Hallo an die freundlichen Helfer hier! Wäre schön, wenn ihr mir - wie so vielen anderen hier - helfen könntet. Ich habe mir diesen Erpressungstrojaner eingefangen. Drohung mit Bundespolizei und - Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt....
Archiv
Du betrachtest: Ransom-Trojaner eingefangen. Nichts geht mehr. Computer gesperrt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.