| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows security Ihr computer wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.03.2012, 15:31
| #10 |
 |  Windows security Ihr computer wurde gesperrt So Hab jetzt gescannt  Das hat er ausgespuckt OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/2/2012 3:06:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 73.89 Mb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive E: | 565.07 Gb Total Space | 461.09 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive F: | 30.00 Gb Total Space | 9.57 Gb Free Space | 31.90% Space Free | Partition Type: NTFS
Drive G: | 3.70 Gb Total Space | 1.17 Gb Free Space | 31.64% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/12/25 15:17:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/08 13:31:24 | 001,527,104 | ---- | M] (TuneUp Software) [Auto] -- E:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 13:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- E:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/21 09:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- E:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/19 10:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Programme USER\Antivier\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 10:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Programme USER\Antivier\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/13 11:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/01 02:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 01:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 14:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 14:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/01/23 02:12:06 | 000,462,336 | ---- | M] () [Auto] -- E:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009/11/07 05:46:52 | 000,020,480 | ---- | M] (X10) [Auto] -- E:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009/10/22 19:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand] -- E:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (XDva392)
DRV - [2012/02/15 10:26:23 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 10:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 10:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/01 02:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 02:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 02:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 02:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/07 06:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- E:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/26 09:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 09:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/21 02:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 08:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 14:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 02:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 02:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/01 04:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/04 10:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/26 16:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/08/13 01:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/13 14:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 14:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://medion.msn.com
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mike_Kathi_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme USER\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme USER\Mozilla firefox\components [2012/02/18 02:41:55 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\Mike_Kathi_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Programme USER\Antivier\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] E:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] E:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] E:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] E:\Programme USER\Pdf converter\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVBg] E:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] E:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\Mike_Kathi_ON_E..\Run: [vasja] E:\Users\Mike_Kathi\AppData\Local\Temp\23894729347.exe (Paragon Software Group)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [Screensaver] E:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - E:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/25 14:42:57 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1804CAAD-09B1-E832-3D9B-D5CD77C26759} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {587F863B-BB9E-C45E-4354-B5D587F2B8E3} - Microsoft Windows Media Player 12.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6B8CFA90-FA98-E2B8-DABB-79AC10CF207A} - Internet Explorer
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6D726774-9251-31FB-9B4E-1E6E3B53F9D9} - Microsoft Windows Media Player 12.0
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - E:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/03/01 11:30:01 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\Desktop\Testmusik
[2012/03/01 08:25:56 | 000,029,504 | ---- | C] (TuneUp Software) -- E:\Windows\System32\uxtuneup.dll
[2012/03/01 08:25:56 | 000,021,312 | ---- | C] (TuneUp Software) -- E:\Windows\System32\authuitu.dll
[2012/03/01 08:23:51 | 000,031,552 | ---- | C] (TuneUp Software) -- E:\Windows\System32\TURegOpt.exe
[2012/03/01 08:23:50 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012/03/01 08:23:43 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\AppData\Roaming\TuneUp Software
[2012/03/01 08:20:55 | 000,000,000 | ---D | C] -- E:\Program Files\TuneUp Utilities 2011
[2012/03/01 08:19:10 | 000,000,000 | ---D | C] -- E:\ProgramData\TuneUp Software
[2012/02/20 12:20:04 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\AppData\Roaming\Xfire
[2012/02/20 12:20:01 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012/02/20 12:20:00 | 000,000,000 | ---D | C] -- E:\ProgramData\Xfire
[2012/02/20 12:19:59 | 000,000,000 | ---D | C] -- E:\Program Files\Xfire
[2012/02/20 12:17:26 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
[2012/02/19 10:49:31 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\Documents\Cross Fire
[2012/02/19 10:49:30 | 000,000,000 | ---D | C] -- E:\CFLog
[2012/02/16 15:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2012/02/16 15:50:36 | 001,798,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/02/16 15:50:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/02/16 15:50:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2012/02/16 15:50:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/02/16 15:50:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/02/16 15:50:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/02/16 08:21:56 | 000,478,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\timedate.cpl
[2012/02/16 08:21:45 | 002,343,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2012/02/15 13:32:02 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\AppData\Local\PDF24
[2012/02/15 13:31:06 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012/02/08 13:40:54 | 000,000,000 | ---D | C] -- E:\Program Files\Teachmaster 4.3
[2012/02/08 13:39:27 | 000,000,000 | ---D | C] -- E:\Users\Mike_Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teachmaster 4.3
[2012/02/08 13:39:27 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teachmaster 4.3
[2012/02/08 06:56:43 | 000,000,000 | ---D | C] -- E:\Windows\Minidump
[2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Mike_Kathi\AppData\Roaming\*.tmp files -> E:\Users\Mike_Kathi\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/02 06:16:41 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/03/02 06:15:15 | 2558,595,072 | -HS- | M] () -- E:\hiberfil.sys
[2012/03/01 13:12:59 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 13:12:59 | 000,009,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 12:26:28 | 000,654,610 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/03/01 12:26:28 | 000,616,452 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/03/01 12:26:28 | 000,130,192 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/03/01 12:26:28 | 000,106,574 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/03/01 08:23:50 | 000,002,159 | ---- | M] () -- E:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/03/01 08:23:50 | 000,002,151 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012/03/01 08:23:50 | 000,002,139 | ---- | M] () -- E:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012/03/01 08:23:50 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012/02/26 14:01:34 | 023,007,310 | ---- | M] () -- E:\Users\Mike_Kathi\Desktop\Pedal-der-Cavaille-Coll-Orgel-Notre-Dame-Paris.WAV
[2012/02/22 02:30:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/20 12:20:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012/02/20 12:17:28 | 000,000,928 | ---- | M] () -- E:\Users\Mike_Kathi\Desktop\CrossFire.lnk
[2012/02/20 12:17:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
[2012/02/17 05:30:25 | 000,417,648 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/02/16 15:53:49 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/15 13:31:06 | 000,001,828 | ---- | M] () -- E:\Users\Public\Desktop\PDF24 Editor.lnk
[2012/02/15 13:31:06 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012/02/15 10:26:23 | 000,137,416 | ---- | M] (Avira GmbH) -- E:\Windows\System32\drivers\avipbb.sys
[2012/02/08 13:40:54 | 000,001,065 | ---- | M] () -- E:\Users\Mike_Kathi\Desktop\Teachmaster 4.3.lnk
[2012/02/08 13:39:27 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teachmaster 4.3
[2012/02/08 06:56:15 | 375,076,849 | ---- | M] () -- E:\Windows\MEMORY.DMP
[1 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Users\Mike_Kathi\AppData\Roaming\*.tmp files -> E:\Users\Mike_Kathi\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/01 08:23:50 | 000,002,159 | ---- | C] () -- E:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/03/01 08:23:50 | 000,002,151 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012/03/01 08:23:50 | 000,002,139 | ---- | C] () -- E:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012/02/26 14:01:09 | 023,007,310 | ---- | C] () -- E:\Users\Mike_Kathi\Desktop\Pedal-der-Cavaille-Coll-Orgel-Notre-Dame-Paris.WAV
[2012/02/20 12:17:28 | 000,000,928 | ---- | C] () -- E:\Users\Mike_Kathi\Desktop\CrossFire.lnk
[2012/02/15 13:31:06 | 000,001,828 | ---- | C] () -- E:\Users\Public\Desktop\PDF24 Editor.lnk
[2012/02/08 13:39:27 | 000,001,065 | ---- | C] () -- E:\Users\Mike_Kathi\Desktop\Teachmaster 4.3.lnk
[2012/02/08 06:56:15 | 375,076,849 | ---- | C] () -- E:\Windows\MEMORY.DMP
[2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- E:\Windows\System32\ig4icd32.dll
[2012/01/10 10:58:12 | 000,000,952 | -HS- | C] () -- E:\ProgramData\KGyGaAvL.sys
[2012/01/08 04:31:22 | 000,004,096 | -H-- | C] () -- E:\Users\Mike_Kathi\AppData\Local\keyfile3.drm
[2012/01/06 02:24:43 | 000,000,400 | ---- | C] () -- E:\Windows\ODBC.INI
[2011/12/01 10:26:25 | 000,000,036 | ---- | C] () -- E:\Users\Mike_Kathi\AppData\Roaming\blckdom.res
[2011/11/20 03:52:03 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/08/31 13:46:18 | 000,128,204 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/08/31 13:46:12 | 000,105,608 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/08/31 13:46:10 | 000,867,020 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/08/31 13:13:52 | 000,094,208 | ---- | C] () -- E:\Windows\System32\IccLibDll.dll
[2010/08/13 17:50:46 | 000,127,184 | ---- | C] () -- E:\Windows\Unwise.exe
[2010/08/13 17:50:45 | 000,149,504 | ---- | C] () -- E:\Windows\unwise32_setup.exe
[2010/08/09 08:26:45 | 000,451,072 | ---- | C] () -- E:\Windows\System32\ISSRemoveSP.exe
[2010/08/08 23:37:38 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2010/07/27 01:56:50 | 000,408,168 | ---- | C] () -- E:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 01:56:50 | 000,352,325 | ---- | C] () -- E:\Windows\System32\nvcoproc.bin
[2010/05/12 08:13:56 | 000,654,610 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2010/05/12 08:13:56 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2010/05/12 08:13:56 | 000,130,192 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2010/05/12 08:13:56 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2010/03/26 14:04:54 | 000,041,872 | ---- | C] () -- E:\Windows\System32\xfcodec.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,417,648 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,616,452 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,574 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- E:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/12/28 02:41:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Autodesk
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/01/28 09:42:00 | 000,000,000 | ---D | M] -- E:\ProgramData\iRinger
[2012/03/01 11:13:28 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/08/14 13:03:19 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/03/01 08:25:39 | 000,000,000 | ---D | M] -- E:\ProgramData\TuneUp Software
[2011/11/23 13:26:58 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications
[2010/08/13 17:51:56 | 000,000,000 | ---D | M] -- E:\ProgramData\X10 Settings
[2011/11/21 12:13:14 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/05 04:08:08 | 000,032,550 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/11/21 12:23:34 | 000,000,000 | -HSD | M] -- E:\$RECYCLE.BIN
[2011/12/31 08:40:23 | 000,000,000 | ---D | M] -- E:\Amazon downloder
[2011/12/25 14:42:57 | 000,000,000 | ---D | M] -- E:\Autodesk
[2012/02/19 10:49:30 | 000,000,000 | ---D | M] -- E:\CFLog
[2011/11/19 02:55:18 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2010/08/08 23:44:54 | 000,000,000 | ---D | M] -- E:\Intel
[2012/02/29 10:39:19 | 000,000,000 | ---D | M] -- E:\Inventor
[2011/11/20 09:38:53 | 000,000,000 | ---D | M] -- E:\Kontoauszüge
[2011/12/25 15:13:27 | 000,000,000 | ---D | M] -- E:\MITSI 2011 Temporary Files
[2011/11/21 11:22:28 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/03/01 08:20:55 | 000,000,000 | R--D | M] -- E:\Program Files
[2012/03/01 08:19:10 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2012/02/26 13:46:24 | 000,000,000 | ---D | M] -- E:\Programme USER
[2011/11/19 02:55:19 | 000,000,000 | -HSD | M] -- E:\Recovery
[2012/03/01 08:25:47 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2011/11/19 03:05:16 | 000,000,000 | R--D | M] -- E:\Users
[2012/03/01 12:44:37 | 000,000,000 | ---D | M] -- E:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/06/06 16:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- E:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/10/07 06:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- E:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2010/10/07 06:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- E:\Windows\Resources\Themes\Explorer\x64\SMALL\Explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/10/07 06:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- E:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2010/10/07 06:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- E:\Windows\Resources\Themes\Explorer\x86\BIG\Explorer.exe
[2010/10/07 06:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- E:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2010/10/07 06:34:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- E:\Windows\Resources\Themes\Explorer\x64\BIG\Explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/10/07 06:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- E:\ProgramData\TuneUp Software\TuneUp Utilities 2011\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2010/10/07 06:34:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- E:\Windows\Resources\Themes\Explorer\x86\SMALL\Explorer.exe
< MD5 for: IASTOR.SYS >
[2010/03/03 21:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/03 21:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 07:18:26 | 000,080,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\davclnt.dll
[2009/07/13 20:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\drprov.dll
[2009/07/13 20:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\EhStorShell.dll
[2010/11/20 07:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2010/11/20 07:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\ntlanman.dll
[2012/01/04 03:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\ntshrui.dll
[2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
[1 E:\Windows\system32\*.tmp files -> E:\Windows\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Hab keine Ahnung ob das passt. War auch der einzige ordner den ich scannen konnte (er hieß windows) MFG Mike |
| Themen zu Windows security Ihr computer wurde gesperrt |
| abgesicherte, abgesicherten, achtung, anderem, compu, computer, daten, einfach, eingebe, festgestellt, gesperrt, ihr computer wurde gesperrt, installier, installiert, länger, microsoft, passwort, problem, projekt, security, software, stunde, stunden, verbietet, wichtige, wichtige daten, windows |
Baum-Darstellung