Home » Viren, Trojaner & Malware Forum » Internet Explorer öffnet sich selbständig » Themenansicht

Internet Explorer öffnet sich selbständig
#0
02.01.2011, 01:00
DerBerserker
Member

Beiträge: 23
#1 Hallo,

mein Problem besteht seit heute Abend. Avast meldete einen Trojaner. Seitdem öffnet sich der Internet Explorer selbständig und zeigt Werbung an. Zudem sind die Windows-Minianwendungen nicht mehr sichtbar.

Informationen von Avast:
Ursprünglicher Dateiname: Zvj.exe
Ursprünglicher Ordner: C:\Users\...\AppData\Local\Temp
Beschreibung: Win32:pirminay-E [Trj]

Systemscan mit OTL:

Code


OTL logfile created on: 01.01.2011 23:58:58 - Run 1
OTL by OldTimer - Version 3.2.20.0     Folder = C:\Users\Peter B\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 74,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 55,85 Gb Free Space | 57,25% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 137,04 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive E: | 7,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: W | User Name: PETERB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\PETERB\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Windows\Zwerya.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\PeterB\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 7F 1B DC 4C F1 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20110101172252\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.21 15:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.24 01:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010.12.24 01:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.21 15:04:02 | 000,000,000 | ---D | M]
 
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PeterB\AppData\Roaming\mozilla\Extensions
[2010.05.25 21:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PeterB\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PeterB\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.09.23 18:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PeterB\AppData\Roaming\mozilla\Firefox\Profiles\s1tpg0vg.default\extensions
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PeterB\AppData\Roaming\mozilla\Sunbird\Profiles\5xnqbjc1.default\extensions
[2010.11.20 21:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.12 21:50:18 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.11.20 21:53:49 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2010.11.20 21:53:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2010.12.21 15:03:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.12.11 15:38:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.11 15:38:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.11 15:38:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.11 15:38:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.11 15:38:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20110101172252\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [JP595IR86O] C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\Shell - "" = AutoRun
O33 - MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\Shell - "" = AutoRun
O33 - MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.01.01 23:57:49 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\PeterB\Desktop\OTL.exe
[2011.01.01 17:21:04 | 000,208,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Zwerya.exe
[2011.01.01 16:44:18 | 000,000,000 | ---D | C] -- C:\Users\PeterB\Desktop\Bewerbung
[2010.12.21 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.12.21 15:03:51 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.12.21 15:03:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.12.21 15:03:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.12.21 15:03:42 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010.12.21 15:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2010.12.21 15:03:41 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.12.21 15:03:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010.12.16 22:43:10 | 000,000,000 | ---D | C] -- C:\Users\Peter B\Desktop\Bewerbung
[2010.12.15 10:17:18 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 10:17:18 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 10:17:18 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 10:17:18 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 10:17:18 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 10:17:18 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 10:17:17 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 10:17:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 10:17:15 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 10:17:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 10:17:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 10:17:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 10:17:13 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 10:17:13 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 10:17:12 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 10:17:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 10:17:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 10:17:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 10:17:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 10:17:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 10:17:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 10:17:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 10:17:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 10:17:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 10:17:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 10:17:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 10:17:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 10:17:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 10:17:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.13 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\PeterB\AppData\Local\Real
[2010.12.11 11:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.11 11:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.11.06 16:49:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe69BD.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.01.01 23:57:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PeterB\Desktop\OTL.exe
[2011.01.01 23:52:30 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.01 23:51:18 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.01 23:30:02 | 000,000,266 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.01 22:56:06 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.01 22:56:06 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.01 22:48:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.01 22:48:06 | 427,163,647 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.01 17:20:59 | 000,208,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Zwerya.exe
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.12.24 01:05:56 | 000,002,459 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.12.24 01:05:56 | 000,002,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010.12.23 15:55:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.23 15:55:14 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.23 15:55:14 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.23 15:55:14 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.23 15:55:14 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.21 15:03:51 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.12.21 15:03:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.12.21 15:03:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.12.21 15:03:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010.12.21 15:03:41 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.12.21 15:03:41 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010.12.16 10:31:42 | 002,278,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.14 01:37:26 | 000,004,608 | ---- | M] () -- C:\Users\PeterB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 21:48:52 | 000,024,064 | ---- | M] () -- C:\Users\Peter B\Desktop\Das Geheimnis der Großen Schwerter 2 - Der Abschiedsstein.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.01.01 21:36:46 | 000,000,312 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.01 17:21:02 | 000,000,312 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.01 17:21:00 | 000,000,266 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.24 01:05:56 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.12.24 01:05:56 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010.12.04 21:48:52 | 000,024,064 | ---- | C] () -- C:\Users\PeterB\Desktop\Das Geheimnis der Großen Schwerter 2 - Der Abschiedsstein.doc
[2010.09.20 20:36:45 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.09.11 22:31:00 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.09.11 22:31:00 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.09.11 22:30:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.09.11 22:29:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.09.11 22:29:28 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.09.11 22:26:17 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.07.27 22:21:37 | 000,004,608 | ---- | C] () -- C:\Users\Peter B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.16 17:37:24 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.06.04 21:15:23 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.05.25 20:36:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.25 20:24:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.05.27 13:34:34 | 000,005,874 | ---- | C] () -- C:\Program Files (x86)\Liesmich.htm
[2008.05.27 10:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.12 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Academic Software Zurich
[2010.09.05 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Bioshock
[2010.06.16 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Canneverbe Limited
[2011.01.01 19:07:29 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\ICQ
[2010.06.03 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\IrfanView
[2010.11.15 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Mount&Blade
[2010.07.02 22:29:41 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\T-Online
[2010.06.03 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Thunderbird
[2010.11.27 20:32:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.01 23:52:30 | 000,000,312 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.01 23:30:02 | 000,000,266 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.01 23:51:18 | 000,000,312 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Code


OTL Extras logfile created on: 01.01.2011 23:58:59 - Run 1
OTL by OldTimer - Version 3.2.20.0     Folder = C:\Users\Peter B\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 74,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 55,85 Gb Free Space | 57,25% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 137,04 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive E: | 7,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WALHALLA | User Name: Peter B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1


Der Scan mit Gmer hat nichts ergeben (die Log-Datei ist leer), allerdings konnte ich keine Haken bei System, Sections, Devices, Modules, Processes, Threads und Libraries setzen.


Besten Dank im voraus
Berserker
Seitenanfang Seitenende
02.01.2011, 02:01
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht
mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung
=> Software komplett zu deinstallieren.

Code

Application Updater
pdfforge Toolbar
Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der
Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.

Schritt 2

Fixen mit OTL


• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
PRC - C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Windows\Zwerya.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
[2010.11.20 21:53:49 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKCU..\Run: [JP595IR86O] C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\Shell - "" = AutoRun
O33 - MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\Shell - "" = AutoRun
O33 - MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2011.01.01 23:52:30 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.01 23:51:18 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.01 23:30:02 | 000,000,266 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.01 17:21:04 | 000,208,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Zwerya.exe
[2011.01.01 17:20:59 | 000,208,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Zwerya.exe
:files
C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe
C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe
C:\Windows\Zwerya.exe
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
:reg
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter:

Malwarebytes


* Anwendbar auf Windows 2000, XP, Vista und Windows 7.
* Installiere das Programm in den vorgegebenen Pfad.
* Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
* Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
* Aktiviere "Komplett Scan durchführen" => Scan.
* Wähle alle verfügbaren Laufwerke aus und starte den Scan.
* Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
* Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
* Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
* Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
* Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
* Berichte, wie der Rechner nun läuft.
Seitenanfang Seitenende
02.01.2011, 13:23
DerBerserker
Member

Themenstarter

Beiträge: 23
#3 Hallo,

danke für deine Hilfestellung. Ich habe die Anweisungen befolgt. Die Minianwendungen sind wieder aufgetaucht und bisher öffnete sich der Internet Explorer nicht mehr selbständig. Hier sind die Logs:

OTL

Code


All processes killed
========== OTL ==========
No active process named Zvl.exe was found!
No active process named Zvk.exe was found!
No active process named Zwerya.exe was found!
No active process named Program Files was found!
No active process named Program Files was found!
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File  C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe  not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll not found.
Folder C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\ not found.
Prefs.js: pdfforge@mybrowserbar.com:4.1 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.1 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NtWqIVLZEWZU deleted successfully.
C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34fe3e43-8056-11df-9f69-00262d99e53d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34fe3e43-8056-11df-9f69-00262d99e53d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34fe3e43-8056-11df-9f69-00262d99e53d}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a35e4416-7962-11df-9fae-00262d99e53d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a35e4416-7962-11df-9fae-00262d99e53d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a35e4416-7962-11df-9fae-00262d99e53d}\ not found.
File F:\LaunchU3.exe not found.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
C:\Windows\Zwerya.exe moved successfully.
File C:\Windows\Zwerya.exe not found.
========== FILES ==========
File\Folder C:\Users\PETERB~1\AppData\Local\Temp\Zvl.exe not found.
File\Folder C:\Users\PETERB~1\AppData\Local\Temp\Zvk.exe not found.
File\Folder C:\Windows\Zwerya.exe not found.
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
File\Folder C:\Program Files (x86)\Application Updater not found.
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: B
->Temp folder emptied: 2428897 bytes
->Temporary Internet Files folder emptied: 45875931 bytes
->Java cache emptied: 10721817 bytes
->FireFox cache emptied: 71093062 bytes
->Flash cache emptied: 5958 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4256 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 124,00 mb
 
 
OTL by OldTimer - Version 3.2.20.0 log created on 01022011_115428

Files\Folders moved on Reboot...
C:\Users\B\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware

Code


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5442

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.01.2011 13:15:34
mbam-log-2011-01-02 (13-15-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 392252
Laufzeit: 1 Stunde(n), 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\_OTL\movedfiles\01022011_115428\C_Users\PETERB~1\AppData\Local\Temp\Zvk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01022011_115428\C_Users\PETERB~1\AppData\Local\Temp\Zvl.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01022011_115428\c_windows\Zwerya.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
02.01.2011, 16:29
Swisstreasure
Moderator

Beiträge: 5694
#4 Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Seitenanfang Seitenende
03.01.2011, 14:06
DerBerserker
Member

Themenstarter

Beiträge: 23
#5 Hallo,

das 2. Log hat OTL nicht angezeigt?!

ESET:

Code

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=6d41bcca76d1aa4fb76647e3c23d47a0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-03 12:42:22
# local_time=2011-01-03 01:42:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=768 16777215 100 0 18481324 18481324 0 0
# compatibility_mode=5893 16776574 100 94 18486480 46459924 0 0
# compatibility_mode=8192 67108863 100 0 3862 3862 0 0
# scanned=256394
# found=0
# cleaned=0
# scan_time=4289
OTL:

Code

OTL logfile created on: 03.01.2011 13:48:26 - Run 2
OTL by OldTimer - Version 3.2.20.0     Folder = C:\Users\Peter B\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 55,40 Gb Free Space | 56,78% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 137,04 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive E: | 7,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WALHALLA | User Name: Peter B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Peter B\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Peter B\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 7F 1B DC 4C F1 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20110101172252\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.21 15:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.24 01:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010.12.24 01:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.21 15:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.21 15:04:02 | 000,000,000 | ---D | M]
 
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter B\AppData\Roaming\mozilla\Extensions
[2010.05.25 21:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter B\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter B\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.09.23 18:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter B\AppData\Roaming\mozilla\Firefox\Profiles\s1tpg0vg.default\extensions
[2010.06.03 19:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter B\AppData\Roaming\mozilla\Sunbird\Profiles\5xnqbjc1.default\extensions
[2011.01.02 11:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.12 21:50:18 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.12.21 15:03:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.12.11 15:38:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.11 15:38:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.11 15:38:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.11 15:38:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.11 15:38:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20110101172252\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
Drivers32:[b]64bit:[/b] aux - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midimapper - midimap.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.01.03 12:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.01.02 12:02:03 | 000,000,000 | ---D | C] -- C:\Users\Peter B\AppData\Roaming\Malwarebytes
[2011.01.02 12:01:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.02 12:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.02 12:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.02 12:01:46 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.02 12:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.02 11:54:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.02 11:48:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Peter B\Desktop\OTL.exe
[2011.01.02 10:39:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.12.21 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.12.21 15:03:42 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010.12.21 15:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2010.12.13 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\Peter B\AppData\Local\Real
[2010.12.11 11:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.11 11:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.11.06 16:49:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe69BD.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.01.03 11:31:13 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 11:31:13 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 11:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 11:23:46 | 427,163,647 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 19:57:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.02 19:57:19 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.02 19:57:19 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.02 19:57:19 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.02 19:57:19 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.02 17:09:35 | 000,020,992 | ---- | M] () -- C:\Users\Peter B\Desktop\Rogue Trader - Das Adelshaus Valerian.doc
[2011.01.02 12:01:50 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.02 11:48:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Peter B\Desktop\OTL.exe
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.12.24 01:05:56 | 000,002,459 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.12.24 01:05:56 | 000,002,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010.12.21 15:03:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.16 10:31:42 | 002,278,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.14 01:37:26 | 000,004,608 | ---- | M] () -- C:\Users\Peter B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.04 21:48:52 | 000,024,064 | ---- | M] () -- C:\Users\Peter B\Desktop\Das Geheimnis der Großen Schwerter 2 - Der Abschiedsstein.doc
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.01.02 12:01:50 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.27 19:48:12 | 000,020,992 | ---- | C] () -- C:\Users\Peter B\Desktop\Rogue Trader - Das Adelshaus Valerian.doc
[2010.12.24 01:05:56 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010.12.24 01:05:56 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010.12.04 21:48:52 | 000,024,064 | ---- | C] () -- C:\Users\Peter B\Desktop\Das Geheimnis der Großen Schwerter 2 - Der Abschiedsstein.doc
[2010.09.20 20:36:45 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.09.11 22:31:00 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.09.11 22:31:00 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.09.11 22:30:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.09.11 22:29:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.09.11 22:29:28 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.09.11 22:26:17 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.07.27 22:21:37 | 000,004,608 | ---- | C] () -- C:\Users\Peter B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.16 17:37:24 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.06.04 21:15:23 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.05.25 20:36:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.25 20:24:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.05.27 13:34:34 | 000,005,874 | ---- | C] () -- C:\Program Files (x86)\Liesmich.htm
[2008.05.27 10:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.12 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Academic Software Zurich
[2010.09.05 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Bioshock
[2010.06.16 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Canneverbe Limited
[2011.01.03 02:16:42 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\ICQ
[2010.06.03 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\IrfanView
[2010.11.15 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Mount&Blade
[2010.07.02 22:29:41 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\T-Online
[2010.06.03 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Peter B\AppData\Roaming\Thunderbird
[2010.11.27 20:32:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2011.01.03 11:23:46 | 427,163,647 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 11:23:48 | 2001,207,295 | -HS- | M] () -- C:\pagefile.sys
 
[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]
 
[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]
 
[color=#A23BEC]< %systemroot%\*.scr >[/color]
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
[color=#A23BEC]< %systemroot%\*._sy >[/color]
 
[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]
 
[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
[2010.05.25 20:25:23 | 000,001,686 | -HS- | M] () -- C:\Users\Peter B\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2008.05.27 13:34:34 | 000,005,874 | ---- | M] () -- C:\Program Files (x86)\Liesmich.htm
[2008.05.27 10:38:56 | 000,005,552 | R--- | M] () -- C:\Program Files (x86)\ReadMe.htm
 
[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >
Seitenanfang Seitenende
03.01.2011, 14:11
Swisstreasure
Moderator

Beiträge: 5694
#6 Und wie läufts zur Zeit?
Seitenanfang Seitenende
03.01.2011, 14:21
DerBerserker
Member

Themenstarter

Beiträge: 23
#7 Hallo Swiss,

ich habe keine Probleme mehr. Der IE öffnet sich nicht mehr selbständig. Meinst du, dass das System sauber ist?


Gruß
Berserker
Seitenanfang Seitenende
03.01.2011, 14:25
Swisstreasure
Moderator

Beiträge: 5694
#8 Och sehe nichts mehr. Aber mach noch folgendes:


F-Secure Onlinescanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.Deinstallation
Firefox:
Addon über Extras => F-Secure deinstallieren.
Internet Explorer:
mit HJT folgenden Eintrag fixen:
O16 - DPF: {BDBDE413-7B1C-4V68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3)
Seitenanfang Seitenende
03.01.2011, 16:16
DerBerserker
Member

Themenstarter

Beiträge: 23
#9

Zitat

• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
Ich habe Windows 7. Gibt es eine Alternative?

Gruß
Berserker
Seitenanfang Seitenende
04.01.2011, 17:12
Swisstreasure
Moderator

Beiträge: 5694
#10 geht auch mit Win7. Sorry, alte Anleitung.
Seitenanfang Seitenende
04.01.2011, 18:14
DerBerserker
Member

Themenstarter

Beiträge: 23
#11 Hallo,

hier ist das Log. Wie meinst du den Punkt "Deinstallation" bei deinen Anweisungen?

Code

Scanbericht


    Dienstag, Januar 4, 2011 17:26:34 - 18:10:03

Name des Computers: W
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ D:\

------------------------------------------------------------------------


    1 Malware gefunden

TrackingCookie.Doubleclick
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.Doubleclick&orig='disk'>
(Spyware)

    * System (Desinfiziert) 

------------------------------------------------------------------------


    Statistik

Gescannt:

    * Dateien: 104172
    * System: 5904
    * Nicht gescannt: 382 

Aktionen:

    * Desinfiziert: 1
    * Umbenannt: 0
    * Gelöscht: 0
    * Nicht bereinigt: 0
    * Übermittelt: 0 

Nicht gescannte Dateien:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

    * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

    * C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\C0E2273D1C74EF76B0C4EB93CB39565E52967BA4.HOMEGROUPCLASSIFIER\B74AC167A5D2465CAA249FDA39DAB8E7\GROUPING\DB.MDB

    * C:\USERS\PETER B\APPDATA\LOCAL\TEMP\HSPERFDATA_PETER
      B\1112
    * C:\USERS\PETER B\APPDATA\LOCAL\TEMP\HSPERFDATA_PETER
      B\4668
    * C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
    * C:\SYSTEM VOLUME
      INFORMATION\{2E7DB391-1810-11E0-9DEE-00262D99E53D}{3808876B-C176-4E48-B7AE-04046E6CC752}

    * C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    * C:\SYSTEM VOLUME
      INFORMATION\{39200FB8-16BC-11E0-A707-00262D99E53D}{3808876B-C176-4E48-B7AE-04046E6CC752}

    * C:\SYSTEM VOLUME
      INFORMATION\{88DECE44-1723-11E0-8DAE-00262D99E53D}{3808876B-C176-4E48-B7AE-04046E6CC752}

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\008DA5C5FB7191CCD2A09B18A3832CF3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00A187CBD5443186D249C2AD82F650D0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00C9F74C6F61925D2E10D7D99014EC0C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\013CB9A145F26011136C4866B7601944_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01B7FE65A3D967A6C6786926C5409720_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03A9E92C767C89FF77121D31B3F28CD1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0440031C242ACE5B60B207FB92C539B0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0523653E65B889C3EE76AC0F7FCE20DA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05E4CA086089BBAEB6C1311BA365F8D3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06C63243C6B5CB0AF3A3DC95C106235C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0707B3EB886CC692FC9DB4B20D1E785A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\080FC31548025F2B2FA2F1CD61496038_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\087436F1AD09FF621CEADD411701DB71_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08B05F0F82A717086564C423FB6C21A0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08F0353F113EB3D899AB640FAF4D5712_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\091A2D9DA2BBCCFF6D728BCE001A44CE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\092C627019B0EF8A55F409E348B00F7F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A890BF6B9AFEF8F5FD7E79063328251_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DB25E6F0AC89DBA639787FC229BB408_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E45D2A4632D932BDB65FC017A0F6545_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EB4E661B89EC492B166BE9B9D93E962_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ECEB84A81ABD2594AEC2C7646D01201_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F934CB8E5BB3AECD487FD17E9EC2E2F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1031A45373A63CC662F7833E1C91E978_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\110533EE393BB2D69FC1AE9ADC972DE5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1109D900A2E1F09D691565217801CA3C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1299222990FD62D4AC36C188B3247344_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12AF2D0F823DF5C88A0F42FD1BFFF1D3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1310EADD4512744AB0B2DAAA3D43942C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1437D8E01C796E5AF82DAF53A52E9AF4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\134DE7C1BF7E1649CA75B6E5FEA62B09_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1517F2E4DD0A93B0DB9709FC50D128D8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1675648D7160533846E0CE6585E1B4EA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\151AF688E54334F551EE7FDBFA504E9A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1833C5D1ACFA3B8B377A0EAB4C62B2E6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\190874347B8572F899A695DFF5EB8AD0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1920C63C3C4508D54675515BC5158585_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CAD7ACFEB12BBE2DE9153B933E26ACE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CF18B35B33198AB3B7B00F345EF2887_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D13B38218182EEE2A2893C47152E45F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D39D99F1B0E3EAF3F06F290A02A8F48_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DB5F8EEB80A4B0642A3023A36E3CE1C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DDC2E9A2BF478D26AC65FC48DBDBE13_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C8901A4F81939A1A3A5D64FAA48D380_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E854277DD8442CDEAEB42C8EE233A1E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EA05BD1C3B68CB495857618DB68150C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DF6B2CAD445D0422C553C37A17BF565_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20A923061756FBC45C6778E00F272D54_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2134BF3D049C52F7F57CC7CF522CB43E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23F7580A2BBC9E98000F62C0CA268E9C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\244AB23B2BE9BFBE1A8010A5D4D43AA6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24E9A9D28FDD128ACF75250F11560A14_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\253432CB756EED78CAA4BA0635120224_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25CEEC262A8140D51B1DF6E1CD08D517_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25D0986EE8613A6DFBA1F73C6864CA67_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25EBB032634A29F4BF2D30FCCE46EEDB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2529949DCEAE81EC7BC9514A205EC5C3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2698EC87F9BE71D75BF3406EE4AA78F1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26D46B50C86414A5B901181578B53111_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\277AF5988FF0BF99E98C4BDF7FCD36E8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2999CF384BBA47FD925948710A9B5F41_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CD52E23F79DFCF540AC86F3DB8A03D8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D208A2C6A516CEEB650D346ADE4E9A7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D921DC5BCA648B6E174793A7255F9E1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E4A6DC8312B3AF37475CC818E4C3A08_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\264543654BE173C6377A1F12145D4F12_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F11AC26C9B8AF6FEB2E5B88FFD4286F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30D6E144A8BAA423C0FA7EA73D08B1A0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FD477DC030F7B3C109993EFA2E67F22_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31D9C7C7AC658B6EA6B62BA8F26FAF48_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31DE9B4E80B5D47F0D268387486C3EB8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\321E04DF613EC91D7199BB515F04EC0E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3274319CC662CF97E67083799A9AF2B5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32A68B79117A2111F4217216557F4CD9_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32D5520A36165E775C7F2A09BEC140BB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32CD41BF7928031B750AA59E2C67C13F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35FC52D32E997BFE4568CF4120BFC791_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36C75D8E766C8B07A2614193ABD53D65_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\370E7E8D47601B9F356373CA49B3DCC8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36045141F731BB50FF6C1952B3E9D2EC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37434F3C77AE3AC05CE35B1C5558D7FD_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3826C0F1CEB7A013DB25467C30D397EB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\383032B63C58B9AAAE1022096D7C4A82_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38AC282C38BEF5F66A031AA040B02718_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3930CF6C342C1CFE93C211B18E7FF0AE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39A43BA36DDEC86F3309DE27B8833752_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A753A40E470D9A0C074988DB9B24A29_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B5A0B7EE26E8284E742257862EBE5F8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B6AD30F1018991EE1EDAAC658575454_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C95F08B112E8495433830332DAC3D80_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D1B70B6B39BAE86AD01134B05668F19_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DF1E3367331294AB49C682EE6EBDA18_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E2E976D51C810635781B0C9B54B296C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E6427DAB186639BBE0542DA57B0352E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E86DA460706715C4C77A92BC85695F9_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FE2136B6C25A19C44D5EF24313C47D6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\404AE21162812BD7A27F541D44C95BD4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\410161B233BB8A7B28AB1244F3D1564F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41D53AB6A163509154ADDB822B880189_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42E4EBBA7B995F0E30E583ACD84653AB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\433118038D2BD3FBBB071F9A5F65E435_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4348D4189EF73DA471CAD139A5E34A98_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43852239915E90EE89F6BFA12BF09319_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\384C7376E15C735CEA5CA0B033E96A69_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442FAE590EC11C3E06A063F8043D0A00_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43B5B447F615BC4F99461F24DFCC11F7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44BA3115D6906EB9FCACB1DF824DEA0C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44FFFDF7FA73F0AB26DC3FB2B74CB578_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45E3BDA63D22BA5D51DBC45F9110E342_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4641B4B37B38FE176E3388A2C84E1520_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47EA191149B098C716856DF7A04EA83E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\486B90EB3F327CCA7E4428C49C379239_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48D7F85C33A49DA4CACBE26A74DD8E77_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\497CE6B6332EE4A6B35312B46DDA4977_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BFB6EB05449D9E39D4F1D7EB47B5659_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CAD4979BB42B01B823CD62A1D553B61_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E97FF96BD39FB62957DB79E31A20ADE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EA048E095954CDE06981C3EDE79210C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F56A0ED45A86057254D631A53368B8A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FB3CC08921E7A4AFB5A7BDD4664031D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FCBFCACEC26D4AFABEB9596019020AA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5231EE0E0CE67F259FBD5CD37A275E5E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\525ABBEFDB7A8D2B25010564602B0049_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5237B38A1A0B2C71869FDC5C853A7C40_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55C5F1A6A0B48FDB877059DA004C5EA1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54AEE5C2D24DD2498AFE8E4805744FE5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56A9CBEAA2FA53688CE841021FD07163_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46372EA2ADD973365DDF637DCC00F79F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59FEEE65678B797D85495098FAA94B15_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A3F30E6F8B1A3F565E3FE3EFF899DD3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573AF8F66F1F9237C9B656D568BDFDEC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AAFDB3A4186584DFC0CAB9197D2D09A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\563548290E5A7B36B98F4E524AA3E12E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C433F2389E68E70D59DFF2010D4FF76_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BCA5F85C9ADD65DB8E665E0E52B70D3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DB551923935851A477FEB949D17CA17_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60208535DD5E0361C562AF989D963ECA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\607D3C00DC9AA2B33E9067C8D21D8BA1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6119F7AC9036BCD56C23BB3F4F946991_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D53653FC978D0344A7A77B6749F2952_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6230042DFFA9F0E173EDCFD295528692_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62F22658C0B6AB17402EFDA53E908E49_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\636AB2BC64E702FFF06344CF47C01D2F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64134946E10DC1B0353DAAD773909F9A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64A6ACC02A502B92F1F6815725B63206_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64CF7F99ACAFA90271CD432BEFEB14FF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64D7F4BADDB40DB0A8373599B10E8541_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65E00E2F4433321E022EFD562C9CD734_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AFF9D7F8834C28DBBA467220E99425B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\672576CD797F00729C1A80153D4EDC3F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6738DA17114FF0CBC5399288DE428664_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6773AA8A629D43700B4F6F1EB759E983_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6814BD83CB8EEF37C14C807308DFBD35_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68D8EE9920F92F2C783D1890C34D9BEC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69035CB15D8CD4E7F5B7FECF27F5B26F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\697E25391F661C2B11DD28840E9CCF1E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69DB3627F9DC22F6C89BC99462C326B5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A533E88A49040017DA3DF57075AE583_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A7B8CFC578806B6B2C04D6910E9C277_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AC009408B43859B5F10D42E7FE1FC8D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B4EE0117B8C384D5B070F6A97BFE2EE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B8565729F7D7920CF70C4ABAAD74DFB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D108E8578E5F19FD0B37E5BAAE7DA6B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E44B7495371E0E239D682439AE9D6F4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E85623163A682EB277FE8FDEFA75D91_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F444483DA4DC4271FC2603BAEB0C163_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F71256F789B35047799A6EA6400F093_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FE7ECA6D7FF7EE4EC1BCDF76D274E10_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\708521C7666C3739722933F4D157D3A1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70A2C060E4D36E0FA621D0143433B258_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7500273211EC75D263C92B6A823BA02E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\765EEDC4B7CB9ED1CE169C19974CB62C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7539CE560AA85ACF51079FB4C04BCB61_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76E0E6BD6780B6BCD96745C2CA353D0E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\777EF575A0740A77374615E650C7E1A5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77F5BE1A5B3DEE64A4154DDAAD9D14D4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7989202B4EE54614A092816B9346ED7B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\798C5692AD77981FD9B1869983FDE621_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A4ED7318C4A13BC51070157AF170094_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BBA2F29D62F025141ACD2F6BADC0A03_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C628224AAEB6F8296660CD3F4F01D5E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C77B5E63E1F208CCD55AB6700FD1D5C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7DAF2A1B626EBD2B1CC046384DBD4831_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FD1CA909F861105CBC66ECFCF716DFB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FD2ED5E106AF8AC788CF25A6BFBE6FE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\810FBDE730BC434BEC566DBA2222CBD7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8169833912972094DAB6EB01A2B68B0B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\837B43A309BE014DDE940D025F199ACD_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\847388614746AA20D4E149FD200A9556_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\848E6E9B05C890B8975C6142F6CE4BB6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\853F031193C4AD3D0A5084F076AA7498_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8576E133D89CD4CFAB6735A2ADE07D17_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89253B3225914F934262F5C9AFB15991_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87D3C006F02C0CB20272836D06516FC6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89AF86B233303167876EE4260D164533_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89DE8B8AA804828D038F207EEF395078_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A37C97754F75A1888A84169C5CA03CA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A8E83C522F8EEEB3A8371C955C9D52D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B477E024ADCCF4F4DAF6302A13AACDC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BE4BD83647C2EABA4E8CE3837C644D0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C9B8C600F921DE25062AB3D774CD07A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CEF471E9B0CAC06F9FBC08CBF224C1D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4A03DF5AE3CA4026CE2BEFC1D14542_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F5F2F600B89A0C18F3408465CC0C914_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\905AD062A48532F706C641B043B23129_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9283879ADFAA6A56BEA46E7E618CF285_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\912D6157C170843D92C6AFB31F50EBBE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93C3B83ADEA44A609330099679220288_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95EFCE87AF4F49CB92D27C15EC25A5B1_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\968A496C5D8975535D8379DE133D4189_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\970C97E1205150422C5E1E557CDCA822_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9744A826ADCD568AADB82A1C80F64733_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97BB68CE06B58A95751E1B1F4F420158_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97F8BDA738FDDD32F4C0C3DB303854EB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\980022B4E415C0F7396464EB9F72A9FC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98213AE010042D566054FB9ACA5AFDD6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9900DD15D0D58F1A5472EBC595EB183E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98C6FBC7DCFBBE7D0655C73A72897BEC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\991760D7F897AACE6CF1CD40C3CC35D0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B025733B4ED91564FDE2D903638B4C6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9BBCD21B5D981512FC0B6DECD6A3FE0A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C91196EAA9BB8B69A3C2CF770A61933_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CA38D0866C2196AB532BF42842B4E21_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D4F70BA43CE9228873F244F93E7E3DD_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EBE8BED853F864EA3927B85FB176B7F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F2CD3C36733B515FDBA59673A6DF447_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FCE19FC5189D1C0D3AAD79EC5168B17_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0AB344E8DA8B6F304C7F5741DF5BF2D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A15D39102BB9D5920B0135E8CAEBB075_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A17D2DF6A74B2F8AB87BBB40F397610F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A29DCF233FB7B45081F566A421D37125_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4631671198466D241B790032843FEF3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4CB870866B65FF49A3DC91516361E3B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4FED5F7248212F5442D377AC3B741AB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A54FE031A3AFD6FF68B709F6DCDEB2A8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5C65B4F60915EAE4A0E8BD2B28096C5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A6629E7FE4D61E6A190B7CD559A57F4C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A74B7515C6C533A7063949875FE453D3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7DDD192F1EBA92BFA101C9088A2CEC5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7FD614E226714032678A5344229B09E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A85CA0433253B97BBCB7281F008B52DF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A918DC5755305162EF31F74B854993FF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9336E23FE71C6587BDA25876FA85E23_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3000BAA4F43BF628E96EFAAC48C7C0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA6CA601A314912AF2A73D3704B860FE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB356F5BB4B132E86543DF5CDC25040A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABE660B91DAE9DCE042DA42B3A12C17B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABB17B27BE1FB22630B21F884C9AE280_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC7B1CC5FA3474052B07F7B40A896DA9_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD079746C9C5036BE0C83AD23E7DDD22_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADB7EB98BF87782319B96463F044CA5D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEB3108B6A7FA140A2127782477C6BA2_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF56E1FA00812C1AD2F35505AD3088F2_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFA669A8E74F7FB18FADCE1D7DDBC92F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0689623329F27A0C3F33CFFCEC99CBD_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B09864CB470D27B43C648F9A6D981733_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B19A1BE71B21B9A3F1A50FEE72B5FE14_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2A7C0DF84876B57C9CB137748F93344_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B36730BACD55C85CEAC3CB85915EF69E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4425B3B06FD52E476591EA1BEA13E34_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4404D264D6A849B14EC2B251C92D46B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B46B5E7A291E2647025780CAACD493FB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4BFC394A34DBA4A56A35050F2F37813_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4D646CFCF046560CEAEB208142B1364_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F8B8381E84560D4979FA344EC926DE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5A937B65319466FE0FFC7E67A857D22_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6EC2928D2E2174D2435D58F79ED9E7A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B85E30690923D1ECD41A42517876C7A5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8831594C3BA35F8BA1E8C5E1F126FFF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8AB536BFC150DE63835F737F63C41D3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA69F7BB616BBAC3F6F125F609F41CA3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAACCA203A39426D8DA1701EA4F7A15A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC89C9B7D96B059CDB08322FE355557A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCBB1C964DD9B86DDB07D9E5E5829A46_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD714EA1A9DC64959378AE2795280603_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE62384A7749BBBEF811861E155768C8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C01162AC02CD40B976E4F1F793882F32_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C113C2B7E6D094CD3E66C57199F6267E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C14DF04880922E21172A5904C254BDEB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1EFD43B5D421FD9A9E5AC960D5EA0FC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2BCF9586B32C35175119635CA268A1D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C374939FF6154CAF9CCF7260C6CF7BD3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4E29B064D65AA12AA78A86AED2EDF79_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5D01F58E66B969D6BE3CB5AD2C39CFC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C66D36E4C8D3C682ABC365F74A39C7F4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8757D5D6CCE059E1EC3614F8383ECFF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8CB89C9BDFFADBCB075A439242B619B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9BE110AB2BD0BDDF7AE015BE50C9F26_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC4F87367715D2B10D849BF0BAF0C227_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC20DB3220C7CC2783FE42B346F55977_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC74DF63F9C7F4E1FD96805C1AE2B327_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CCC9DDA4E372F71C7A96AFB3969FB265_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CCED58E5C1F654AAE576E59DD71409D9_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF6DD99814FD07977BE0D76409602D61_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF96B36AD4215A3FB9A55D9B29860501_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE13CCB2384461F733C6F4F51975B34F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFE66B3878908B252EA3C01343A377AC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0C6AB6769ED5E7F155887F93847CFFA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFCBC9C4CBD862D10381C9C32E929DF7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2AC162B14D0485AF46C4410A6CC62F5_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2CB760C44A52F57D53F05676912267C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D321E38F6A2CAB514C690D010FF4F65E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3A1007AE5B68FF744740BDDE45030D7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D481A8AE9B8CB57F7EF9022C0C778408_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3F19C7797DB110D4870D50E3729FB34_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6419BB7254803547123205C8858E5E0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D70C21BEF517A896BA1DD0469B88D2DF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D780FA70360349207344279AA7277705_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D817D8A97E73DFFC759CDE6AC084C285_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA762A0203913C6E19F284652CF75C4E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB00A16B2E913345BABA298784CB8AE6_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA0F49C269C237480E35CA40B33D2447_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB9D213ABA15D4A187F8C75098A845D8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBCC46D1955FDA61D69B08C8F94A8000_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC7E0259F39FF3FC93BE1C861B2B62D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC8D34C4C9BDAA81F251AE9C7EADFECB_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE85928B0630BF4E950DD1A5F1087B6B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCD3A2BD2FB06044DA59E5177B091541_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF126FF581A82EFD3757021961D68E72_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF5C9F3EAB6B15787CDB1CDC0B19BD85_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFE03BFEED0BD7DB255680AF023773A2_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E121D8F4A99080276BE10B7D390410C9_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1F61B122738C37AA680A80C379A7CCC_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E24EC49514C0DB174E7F115544DA16F2_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2D4118A5186D700B580368C3A6CBCB8_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E357579150249311C1E2019587EC0FB7_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E361FC959D94BFB1D2F04B3B8DF92D0F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3C147DD712B09B9EEF73CE00C9890CF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E423ACE71C7C986CEB098D09DFDC4E6C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4A2620D3F8A535790234A58F1DF7A7E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E52A625C52FC353560DB3C2E0F29539F_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5E88E9AD49C6430E5DC2F479486BE6D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E628AEAE548DAAA70F5658A948D47B00_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E67DDECD51D5BE6EEC13CEDDEA7579EA_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E81BF4FD9FC557998D20999324345193_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8E7E2D5609B2449809E371A7F8C5559_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAEF5540EC6BF113E7CD6522EF3E5AE3_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9A7317AFF857AD1A877BB8FFB46760D_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB71040C6F99FD89432BF2579EE92686_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBB1D7C0B1D3B14849AAB66FC18CB07B_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBD906264CD165E48ABCC2B97EEB0E1A_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBF40AB0A0A19C0987CC14BF0401853C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE82C267694FD807EF3D43D783C0382E_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0B2E5F88592DC91C9E5168F8FEC29C4_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0E604710F9077729861078B6C7BEE97_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC58E265ABE6952A7CC3F46D846FDEA0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0FCC8DBC1BBA3796F5C6FCDDA9BD8BF_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F110FA608AC4739E471E7246966CC319_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F249829689454B8A6C57640320A62C99_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F28F0F8ABEE6B85A2A0444A83BA6939C_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F370860A23EF477F3A4BFEA2747C3E34_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F542534C593F42C7AF0C005A8D573C72_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F61AAA30DBBECB9661941913CCB01302_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9E3831A06059D2C2EC6198BF0E80017_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA28C7AA5DF08C7EAF6959ED401D4EC0_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA53815AB11E1982EBBAA43F40461627_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA692AEA665E6D0C06A82678FE8C73EE_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDC201F0909C471B3CB4F2EF48FCEC24_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE1BB537B44642CD086F09A437150304_A904D3AF-0408-48E4-9EC6-8F63D142EA96

    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF518B40AA7019D43EA24D7039588443_A904D3AF-0408-48E4-9EC6-8F63D142EA96


------------------------------------------------------------------------


    Optionen

Scan-Engines:

Scanoptionen:

    * Festgelegte Dateien scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM
      HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO
      PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI
      TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE
      WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB
      LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Erweiterte Heuristik verwenden
Seitenanfang Seitenende
04.01.2011, 18:16
Swisstreasure
Moderator

Beiträge: 5694
#12 Sorry war wirklich die falsche Anleitung. Schau einmal unter Softwar dort solltest Du den Scanner wieder deinstallieren können.

Schritt 1

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.• Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
• Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Klicke auf den Button "Bereinigung"
• OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Schritt 2

Programme updaten

Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor.
Seitenanfang Seitenende
05.01.2011, 15:15
DerBerserker
Member

Themenstarter

Beiträge: 23
#13 Hallo,

ich danke dir sehr für deine Hilfe! ;)

Besten Dank und Gruß
Berserker
Seitenanfang Seitenende
05.01.2011, 18:50
Swisstreasure
Moderator

Beiträge: 5694
#14 Nachsorge


Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Erstelle einen neuen Systemwiederherstellungspunkt

Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
• Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung
• Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
• Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen.
• Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen
• Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK.
Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen.

Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt.

Massnahmen:

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
Port-Scan-Test.
WLAN absichern.
Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.


Freiwillige Spende
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 1